what you don't know can hurt you

RaspberryPi Image Occidentalis 0.1 Default Credentials

RaspberryPi Image Occidentalis 0.1 Default Credentials
Posted Aug 4, 2012
Authored by Larry W. Cashdollar

The RaspberryPi Occidentalis version 0.1 image spawns sshd by default without prompting users to change their credentials, leaving their systems accessible via root/root default credentials.

tags | exploit, root, info disclosure
MD5 | c4b94e34acd6789f98d52cc7d67b7141

RaspberryPi Image Occidentalis 0.1 Default Credentials

Change Mirror Download
Vapid Labs
Larry W. Cashdollar
8/2/2012


Since a some RaspberryPi users maybe unaware of the security implications of sshd I thought I should just make a note of some issues.

RaspberryPi image Occidentalis v0.1

"Adafruit <3 Raspberry Pi - especially how easy it is to hack circuits using the electronics breakout pins! But sadly, the latest official distro "July 15 Raspbian Wheezy" did not have many of the delicious hackables built in. That's why we decided to roll our own distribution.

Our distro is based on "Wheezy" but comes with hardware SPI, I2C, one wire, and WiFi support for our wifi adapters. It also has some things to make overall hacking easier such sshd on startup (with key generation on first boot) and Bonjour (so you can simply ssh raspberrypi.local from any computer on the local network)"

Enables ssh by default but doesn't prompt user to change root & pi account passwords.

http://learn.adafruit.com/adafruit-raspberry-pi-educational-linux-distro/occidentalis-v0-dot-1

Arch Linux ARM

"Arch Linux ARM is based on Arch Linux, which aims for simplicity and full control to the end user. Note that this distribution may not be suitable for beginners."

Default login of root/root with sshd enabled, doesn't prompt to change password.

http://downloads.raspberrypi.org/images/archlinuxarm/archlinuxarm-13-06-2012/archlinuxarm-13-06-2012.zip

If your going to enabled sshd by default please prompt the user to change the default password upon first boot.

If your going to connect these PIs to a network besure to use secure passwords.


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close