Lbolt99
July 10th, 2002, 21:49
Hello,
This is kind of a different twist on "normal" cracking. Have a 3com Officeconnect firewall, hardware based. There is VPN functionality in the firmware, but it can only be enabled if you enter a reg number into the unit.
I got the firmware from 3com's site, the same version which is in the firewall. The CPU is a motorola 68360, 33mhz. Looking at the image (a .BIN file), seems to be executable code and then a list of filenames, mainly .html and .gif, concatenated onto the end of the bootstrap (I assume the executable code is boot-up code).
Need to get a 68xxx disasm to see the boot code, that's a whole another issue. The unit has a web interface, you enter the IP, comes to login screen utilizing cgi-bin.
When entering the reg number, it submits a form to a cgi-bin script. What I need to do is somehow "capture" this cgi-bin file from the unit, and was wondering if anyone has knowledge of how to do this. It won't just "download", says file not found when that's attempted, so it may be dynamically generated or something.
Another option would be to rip the cgi-bin out of the firmware image, but I cannot locate this in the image (no readable text), etc.. despite the face I successfully "ripped" one of the gif's by copying and pasting the hex bytes into a new file....
Any opinions?
This is kind of a different twist on "normal" cracking. Have a 3com Officeconnect firewall, hardware based. There is VPN functionality in the firmware, but it can only be enabled if you enter a reg number into the unit.
I got the firmware from 3com's site, the same version which is in the firewall. The CPU is a motorola 68360, 33mhz. Looking at the image (a .BIN file), seems to be executable code and then a list of filenames, mainly .html and .gif, concatenated onto the end of the bootstrap (I assume the executable code is boot-up code).
Need to get a 68xxx disasm to see the boot code, that's a whole another issue. The unit has a web interface, you enter the IP, comes to login screen utilizing cgi-bin.
When entering the reg number, it submits a form to a cgi-bin script. What I need to do is somehow "capture" this cgi-bin file from the unit, and was wondering if anyone has knowledge of how to do this. It won't just "download", says file not found when that's attempted, so it may be dynamically generated or something.
Another option would be to rip the cgi-bin out of the firmware image, but I cannot locate this in the image (no readable text), etc.. despite the face I successfully "ripped" one of the gif's by copying and pasting the hex bytes into a new file....
Any opinions?
