Jump to content
Hak5 Forums

Legomaniac

Active Members
  • Content Count

    20
  • Joined

  • Last visited

About Legomaniac

  • Rank
    Hak5 Fan

Recent Profile Visitors

655 profile views
  1. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    Sorry Hemmy15, I've been not on here much for a while again... Accessing t4c remotely and accessing the robot touchscreen remotely are different systems, but I can help you do both. You will need to get a machine that runs Linux (or a linux instance in a VM like virtualbox on the T4CPC), and also has access to the LAN that the robots are on. The amount of linux required is pretty minimal, but the more 'remoteness' you need, the more complex it gets. I can do it from anywhere in the world I have internet, using my phone, but I don't because it's pretty tedious. If you're trying to just reset the buckets from an office I bet I can get you up and running in an hour. Send me a private message and I'll be in touch. In the meantime, this video is step 1. Do this on the T4C server in the barn, and if you don't have TeamViewer, get that too
  2. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    Not yet. @LivingDodo asked me for my software version and serial #. I'm waiting for him to get back to me.
  3. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    so, What I'm getting looks like this: If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter "n". If you do not trust this host, press Return to abandon the connection. Store key in cache? (y/n) yes login as: lely lely@10.4.1.101's password: (I entered lely) Access denied lely@10.4.1.101's password: Update: I tried it on robot 2 and got the same results. PS C:\Program Files\PuTTY> .\plink.exe 10.4.1.102 The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold. Continue with connection? (y/n) y The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is. The server's rsa2 key fingerprint is: ssh-rsa 1040 be:44:a8:36:71:ec:1e:b9:df:28:23:d3:c9:eb:b6:8a If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter "n". If you do not trust this host, press Return to abandon the connection. Store key in cache? (y/n) y login as: Lely Lely@10.4.1.102's password: Access denied Lely@10.4.1.102's password: Access denied Lely@10.4.1.102's password: Access denied Lely@10.4.1.102's password: Access denied Lely@10.4.1.102's password: Access denied Lely@10.4.1.102's password: Access denied Lely@10.4.1.102's password: So it appears that your robot has a different default ssh password than mine, or perhaps mine has password login disabled :( Question for those in the know, If you disable password login, will it still give you a 'fake' password prompt?
  4. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    Did you copy & paste that or type it out? Also, what version of robot is it, and what software version is i running?
  5. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    I'm not home but I tried to ssh in as username lely password lely no sauce yet
  6. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    I'm actually not sure I tried that! Mostly I tried to log into root or 'admin' I'll try lely lely it likely is vulnerable to privilege escalation attacks somewhere
  7. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    Hi Everyone, update time. I plugged in a keyboard and it did do interesting things, sort of. Ctrl + Alt + FX (X != 2 ) directs you to a console login. I tried all the obvious-ish default passwords. Lely, Password, 123456, etc. It is quite slow on the password denied response, so perhaps I need to buy a rubber ducky and let it go all night long or something. The good news is it does keep milking cows while messing with it, you just have to remember to CtrlAltF2 before you unplug the keyboard. Video: I haven't done a hard reboot, I think that's the next step, remove power and see what shows up during boot.
  8. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    Hey guys! Sorry for the delay I didn't realize there was this much demand. I do have a semi-useful (functional but cludgey) remote access to the robot. Now that Help4Tec has said to just plug in a keyboard I am going to try that and I will post a video showing what happens. Thanks everyone!
  9. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    I am wondering whether you mean telling the CRS+ that you changed the filter, or whether it is on your robot screen? So far I only have access to the touchpad on the robot itself, not the CRS. I'm working on it, though.
  10. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    I have no terminal access on robot. There is no built in command line interface on the robot. I have no ssh credentials for it either. I am connecting via a Kali linux laptop on the same LAN. Since my last update I have made a bit of progress. (still no terminal though) I have discovered that I can use xdotool (on my linux laptop, after I have done export DISPLAY= 10.4.1.101:0) to move the mouse pointer and click stuff. It is pretty rudimentary but it does allow remote access. Since the buttons are always in the same place on the screen I can write scripts to reliably click on them. Using this I have taken the robot in and out of operation (which isn't normally doable remotely) and I even gave a cow some extra feed :)
  11. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    I have no terminal access on the robot.
  12. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    Update: I have managed to accomplish the exact OPPOSITE of what I want. if I open a terminal and type export DISPLAY=<IP here> then: xterm, an xterm appears on the robot screen. So for those who are unsure about what I want, Its the opposite of this. I want the robot screen on my laptop
  13. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    Oh sorry, I should've explained the architecture more. There's a windows 7 PC that runs Microsoft IIS7, and the SQL server and such. <That's the machine I have SSH and VNC access to. That's the system that runs the web interface so we can see how much milk our cows are making, and stuff like that. After every time it milks a cow, the robot sends an update over the LAN with the information it got, and then the server updates the web interface. I have about an hour worth of packets captured with wireshark but I can't really make sense of it. If anyone shows up that has experience with packet capturing I'll post that too. The robots themselves do have an open ssh port, but I have no information on how to connect. I'm running hydra against it but so far no dice. The generic passwords file isn't really good enough. The company probably programs them all with the same password, because each robot runs the same firmware, but even the service techs don't know what it is. Thanks for your interest. Keeping it bumped is appreciated :)
  14. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    Hey Just_a_User! Thanks for the reply. I do have that information already indeed. The "server" that is running T4C is physically accessible to us/me and I have snooped around it some. It is running IIS7 and whatever SQL server microsoft uses. I would really really really like to have raw SQL access too, so if you have any pointers on how to get those that would actually be pretty sweet too. Here's a port scan of the server Not shown: 984 closed ports PORT STATE SERVICE 80/tcp open http 135/tcp open msrpc 443/tcp open https 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1027/tcp open IIS 1028/tcp open unknown 1047/tcp open neod1 1050/tcp open java-or-OTGfileshare 2222/tcp open EtherNetIP-1 2869/tcp open icslap 4242/tcp open vrml-multi-use 5800/tcp open vnc-http 5900/tcp open vnc 6969/tcp open acmsoda Its running a VNC server so I can access it over the LAN, T4C runs on port 80 and 443. 2222 is an ssh server(that I'm logged in over) Port 6969 is used by softEther VPN client (I have this machine connected to a VPN server I run on AWS, running NGINX as a reverse proxy ) so that I can access T4C on the public internet Note: I'm a bad person and mostly use security by obscurity so I won't tell you the IP
  15. Legomaniac

    Cow Milking Robot Hacks/Mods X11

    So I'm a dairy farmer, and a couple years ago we bought a pair of Lely A4 Astronaut milking robots. They work great and they milk cows pretty well but there are a few things that they don't let you do out of the box. Now for the cool part. They run Linux! I'm not exactly sure what's going on behind the scenes but according to their service techs the robot has a built in tablet running like Android 2 or something awful and ancient. Here's a screenshot. http://imgur.com/a/6CmiQ The robots are connected to a LAN. I fired up a port scanner and found an open VNC port, but unfortunately it is view only:. All is not lost however, Port 6000 is open! (and also unsecured) That's how I got this screenshot, Using xwd -root -screen -silent -display 10.4.1.102:0 > screenshot.xwd What I am asking you guys for help on, is taking over that X session remotely, so I can click those buttons on the screen from, well, not in front of the screen. I've spent about 5 hours reading but X11 terminology is really starting to wear by brain out, and it seems that 99.9% of examples deal with either SSH tunnelling (not an option) or using Xnest and XDMCP to start a new login session remotely, which is also not what I want to do. I think it seems like Xnest is along the lines of what I want, but the critical piece here is to connect to an existing "Client -Server session" ? Is that correct terminology? TL;DR: Port 6000 is open, I can grab frames from it but my goals are 1) stream it live to my PC. 2) use mouse&keyboard for input - Ideally get terminal access. There is what I suspect is a dropbear terminal running but Hydra hasn't produced any results yet on that front. Perhaps I need a dutch wordlist -_- Any input you guys have would be greatly appreciated. Will provide robot or cow pics on request Andrew
×