Search

Got an app to secure?

Helping developers and enterprises secure their code is what we do. Got a project, an RFP, or just some questions? Let us know!

info(at)matasano.com
1-888-677-0666 x0

Sign up for Playbook

Playbook is our product. It does firewall sync. To learn more about Playbook, check out the site, or get in touch with us via the web, e-mail, or phone.

playbook(at)matasano.com
1-888-677-0666 x7529 (PLAY)

« NYSec Tomorrow (5/20) | Main | Retsaot is Toaster, Reversed: Quick 'n Dirty Firmware Reversing »
Thursday
May012008

BlackBag 0.9.1 - New link and minor fixes

DateMay 1, 2008 at 2:20PM AuthorEric Monti
It seems our old link to Black Bag on here went bad some time ago. We've been getting lots of requests for a new link.

P.S. Thanks to Marcin, for pointing us at sockpuppet. Nobody at Matasano could seem to remember where we'd seen it last!

You may notice the minor version number bumped. In the process of digging up a working tarball, I took the opportunity to make two very trivial tweaks:

  • Fixed a small bug in tsec.c that was causing "make" to fail.

  • Added offsets to deeze's output (culled from the silly little patch I mentioned in my last post)

Comment18 Comments | in

Reader Comments (18)

I see that the README file talks about a util called sextract for reading and concatting TCP payloads which would be really cool, from the description, but is not included in blackbag. Any chance of including it?

Thanks,

Martin

May 24, 2008 | Unregistered CommenterMartin

Since blackbag is resurfacing I thought I'd repost a small example of the deezee part in action:
[code]
remote un-passworded root access in IBM's totalstorage ds400 storage thingie, like this:
# download blackbag from http://www.matasano.com/download/blackbag-0.9.1.tgz
# download firmware for totalstorage ds400
lort# wget -q http://parker.vslib.cz/MIRRORS/ftp.adaptec.com/tmp0001/oem/ibm/IBM_TotalStorage_DS_Series_FW_v4.15.zip
lort# unzip -q IBM_TotalStorage_DS_Series_FW_v4.15.zip
lort# rm IBM_TotalStorage_DS_Series_FW_v4.15.zip
lort# ls
Copy of IBM_TotalStorage_DS_Series_FW_v4.15.upgrade
README_Single_IBM_TotalStorage_DS_Series_FW_v4.15.txt.TXT
lort# mv Copy\ of\ IBM_TotalStorage_DS_Series_FW_v4.15.upgrade ds400.4.15.fw
lort# bkb deezee ds400.4.15.fw
Scanning file ds400.4.15.fw for compressed components
Compressed size: 21898976 bytes
Compressed segment found. Expanded to 2181580 bytes
Compressed segment found. Expanded to 16777216 bytes
Compressed segment found. Expanded to 67108864 bytes
lort# mkdir /mnt/1 /mnt/2
lort# mdconfig -a -t vnode -f ./ds400.4.15.fw.1 -u 1
lort# mdconfig -a -t vnode -f ./ds400.4.15.fw.2 -u 2
lort# mount_ext2fs /dev/md1 /mnt/1
lort# mount_ext2fs /dev/md2 /mnt/2

# part where you look for vulnerabilities intentionally skipped

lort# cat /mnt/2/etc/shadow
root::11430:0:10000::::
bin:*:8902:0:10000::::
daemon:*:8902:0:10000::::
ftp:*:8902:0:10000::::
named:*:8902:0:10000::::
nobody:*:0:0:10000::::
user::11430:0:10000::::
manager::11430:0:10000::::
administrator::11430:0:10000::::
operator::11430:0:10000::::
lort# cat /mnt/2/etc/inetd.conf
# See "man 8 inetd" for more information.
#
# If you make changes to this file, either reboot your machine or send the
# inetd a HUP signal:
# Do a "ps x" as root and look up the pid of inetd. Then do a
# "kill -HUP ".
# The inetd will re-read this file whenever it gets that signal.
#
#
#
# If you want telnetd not to "keep-alives" (e.g. if it runs over a ISDN
# uplink), add "-n". See 'man telnetd' for more deatails.
#
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
cli stream tcp nowait root /usr/sbin/tcpd
in.telnetd -L /etc/eurologic/bin/cli
login stream tcp nowait root /usr/sbin/tcpd in.rlogind
shell stream tcp nowait.500 root /usr/sbin/tcpd in.rshd -Lh
#
# End.
lort# grep ^telnet /mnt/2/etc/services
telnet 6000/tcp

# sit back and laugh at the passwordless accounts and the undocumented telnet daemon. [/code]

June 9, 2008 | Unregistered Commenterkokanin

And the link to blackbag is dead again.

February 10, 2009 | Unregistered CommenterApneet Jolly

and... sorry, it's back alive now!

March 5, 2009 | Unregistered CommenterEric Monti

Mmmm... the link is dead again :-(

September 23, 2009 | Unregistered CommenterBlacku

People usually say :"Seeing is believing." GHD Each attempt has a corresponding gain, in part or obvious, or vague. At least we have the kind of satisfaction After I bought this watch ,in a sense,it means a great deal to me. net a porter thank you!it is very useful tools to protect our time.If you never pay attention to yourself ,please grasp this chance.a few days ago,I bought a Rolex watches.IT's very good to use.So i want to write an article about watches to share with everyone on So as to more and more people to konw it. UGG brand is relatively common, in addition to the Rolex ping g15even see watch on the movement and you don't know.
Rolex watches

June 25, 2010 | Unregistered Commenterrolex watches

Black is always the designer’s favorite color, which represents elegance and mystery. More importantly, it is possibly the only color could match any occasion and outfit perfectly. louis vuitton handbags is one of the best choices from Louis vuitton bags catalogue. Just like many other louis vuitton products, lv is made of Monogram canvas, but the color of black makes the diaper bag look more cool and stylish.

July 1, 2010 | Unregistered Commenterlouis vuitton

ED clothing
can be bought in many department stores and specialty shops located nationwide. Good thing there is ED Hardy Shoes
. You will simply head on over to our website and check out the selection of ED Hardy Shoes
. hardy shirt
is one of the labels that never become outdated.


Many online pharmacies sell fake or generic lida
. If the doctor approves your form, it means the usage of lida daidaihua
is safe for your use. daidaihua
is based on ancient Chinese formula. The lida slimming
stick to the basic theme. slimming capsule
is purely natural as it is made from plants no acids. The intake of slimming capsules
proves to be a safe obesity treatment option.

July 4, 2010 | Unregistered Commenteredhardy

Good customer service skills are just 220-702 as important as IT knowledge for service technicians. Enrolling your employees in customer service training MCITP will increase your employees’ effectiveness and your 70-291 customer satisfaction and loyalty. 70-620

July 8, 2010 | Unregistered Commenterliuhan

jordans vibram five fingers vibram boots shoes air jordan five fingers vibram ugg boots jordan air five fingers vibram vibram five fingers discount uggs jordan shoes vibram five five fingers ugg australia boots vibram five fingers discount uggs sheepskin footwear ugg boats vibram buy cheap ugg boots ugg australia online celtic sheepskin company five fingers knitted ugg boots australia classic tall sheepskin footwear vibram five ugg boats australia women's classic cardy ugg australia online vibram five fingers classic cheap ugg boats genuine uggboots australia classic tall five fingers vibram buy ugg site ugg 5815 women's classic cardy vibram shoes buy discount ugg boots ugg 5825 genuine uggboots vibram shoe Ladies UGG Boots ugg 5803 ugg 5815 vibram five fingers flow UGG boots sale ugg 5819 ugg 5825 vibram fivefinger ugg boats ugg 5833

August 7, 2010 | Unregistered Commenterugg boots

I have always liked Outdoor movies, a child standing at the window, looked out from home

to the following. Will be able to see the staff busy figure, a huge white cloth has a

child hang up and soon will be able to see the movie.
breitling replica watches

August 30, 2010 | Unregistered Commenterreplica handbags

In general, the company has a multi-dimensional category expansion, growth engine for strong growth through the spectrum of fashion sportlifestyle performance. Puma shoes on sale, this is a full German medieval style, a small village of Wind River and the seat of the river adidas and Puma Speed Cat SD

September 17, 2010 | Unregistered CommenterPuma snerkers
Editor Permission Required
You must have editing permission for this entry in order to post comments.