Thread: fiona root password wordlist
View Single Post
Old 12-10-2011, 10:11 AM   #1
geekmaster
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
fiona root password wordlist
Quote:
Originally Posted by seaniko7
Hi,

I've seen on irc that you have wordlist for cracking fiona**** password in Kindle.

Would you mind sharing it ?

Cheers
Sure. You can download the list below in either tar.gz or zip file format.

This list contains all possible fiona*** and fiona**** passwords. For some reason, most posts on mobileread say that they need four hex digits after fiona, but on all five of my kindles, I only need three hex digits, so I included both types in this wordlist.

Why:
Spoiler:
Although you can get the fiona password by cutting three or four hex digits from the md5sum of your kindle serial number, I created this list so I could use John the Ripper to quickly verify the md5sum password with what was encrypted in the /etc/shadow file. I copied my kindle /etc/passwd and /etc/shadow to my linux PC, used the John "shadow" command to combine them, and then used my wordlist to crack the root password. John said it found my root password in 0.00 seconds. That is "infinitely" faster than using a brute-force crack (for math-heads: division by numbers approaching zero yields a quotient approaching infinity.) .

How:
Spoiler:
You can create your own fiona wordlist with a simplistic (but tedious) linux command. I know that there are better ways to do this, but my bash skills are rusty and this way got the job done without needing to RTFM.
I used copy/paste to minimize typing. Here is my one-line (3 hex digit) fiona wordlist generator:
for i in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do for j in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do for k in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do echo fiona$i$j$k >> fiona_wordlist; done; done; done
and then I did that again after inserting another copy of the loop before the echo using a new loop var and adding that var onto the fiona password.

Using this wordlist, John the Ripper reported that my root password had three hex digits after fiona.

Also, as reported in the IRC channel, some kindles use mario for a root password (in diagnostic mode).

Please use this wordlist for honorable purposes. Thanks.

UPDATE: All default root passwords 8 characters or less, such as fionaXXX (3 hex digits). The are DES-hashed so they are truncated to 8 characters. Any new password created with "passwd" is MD5-hashed and uses all characters.
Attached Files
File Type: gz fiona_wordlist.tar.gz (143.9 KB, 641 views)
File Type: zip fiona_wordlist.zip (80.9 KB, 1008 views)
Last edited by geekmaster; 02-13-2012 at 04:05 PM.
geekmaster is offline   Reply With Quote