Root @th3j35t3r with Google Chrome

Today we're going to have a lesson on password strength and software vulnerabilities.

Disclaimer: Th3J35t3r's site has served targeted malware in the past designed to capture data... especially from members of Anonymous. Perform these steps at your own risk!

There's something interesting afoot on The Jester's website...


In the upper right corner there's a little "Pi" symbol.  If you've ever watched the movie "The Net" you know that interesting secrets are beneath the Pi symbol.






After clicking on the Pi icon you are presented with a UNIX style login prompt.





The login prompt allows you to login with the username "guest" and no password.  However any attempts to login with "root" are met with a password prompt.



If you peek under the hood of the javascript running this terminal you'll find the following:

var conf_rootpassskey='5f7588bd54449';
However this is an encrypted or hashed password as any attempts to login using this as a password fail. Instead of attacking the password let's attack the underlying software itself.

Note: To perform these steps you MUST use Google Chrome.

Open the JavaScript console using Ctrl+Shift+J.

Then enter the following command:


conf_rootpassskey='';


Now you should be able to gain root access to Jester's system with no problem.  Use the username "root" and simply hit enter at the password prompt to enter a null password.





Congratulations.  You just rooted @th3j35t3r.

The lesson to take away from this is that no matter how secure or complex your password is...do not have a false sense of security about your systems.  Software vulnerabilities can give users backdoors to your private information without a password! ...sometimes it only requires a little thinking outside the box.

BONUS:

Can you crack Th3J35t3r's root password?  Here's a link to get you started...

http://www.sf2600.com/weblog/2011/apr/06/challenge/