Jump to content
ExamFerret

Palo Alto software images, any platform, any release

Recommended Posts

Hi, May I know the default username and password of Panorama-ESX-8.1.0.ova? Tried admin/admin... doesn't work

Thanks

 

admin / admin worked ok for me.

 

It should be noted, you may get access denied when trying to enter this if the services have not started up. Maybe give it 5-10 minutes to ensure the services are running and try again.

Edited by juniper2010

Share this post


Link to post
Share on other sites

Nice work, thanks! You should be bored more often

Hidden Content

    Give reaction to this post to see the hidden content.
/uploads/emoticons/default_smile.png">

There was an interesting vulnerability found a few years ago, which allowed you to get root access:

Brilliantly simple, IIRC the bug was fixed in v7.x.x though, works on earlier releases.

 

Interesting files to look at are:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Much of the hardware information is gathered and pushed into the database on the first boot after a factory reset or when a license check is initiated from the GUI.

 

Root access is achieved in the field using the tac-login debug command, which uses a challenge/response method.

 

I have plenty of Palo hardware in the lab to play with, the 3000 series use some dedicated hardware with an off the shelf COMExpress format Intel SBC (single board computer). I added a VGA port to mine, there is also a hidden Ethernet interface and other ports direct to the SBC which i keep meaning to look into. I dumped the BIOS ROM, however from memory i think the BIOS is slightly customised for Palo by Portwell. I have limited Linux knowledge though, perhaps it's worth looking into the boot process with reference to your GRUB hack, i'll have to read up on how GRUB works! On the real tin the BIOS boots into onboard flash from which you set some environment variables from which to boot (partition etc) I have some notes somewhere.

 

200 uses a Cavium SoC with 2.5" SATA SSD, hidden PCI-E connector is worth a mention.

220 uses a SoC with no external disk, just one chip that does the lot. Very slow boxes to commit, slower than an old PA-500.

500 & 2000 use Cavium Octeon processors, 2000 is dreadfully slow but 500 is still quite good for the lab and runs 8.1.x

3000 is the best to play with as it has a standard CPU, anything else is too expensive!

Edited by MrSquirrel
  • Like 34
  • Thanks 14
  • Haha 1

Share this post


Link to post
Share on other sites

Hey guys, I got bored and developed a crack for Palo Alto Networks virtual firewall. Just like my crack for

Hidden Content

    Give reaction to this post to see the hidden content.
, you do it all yourself so there is no question about wether or not malware has been installed. This assumes you have enough experience with the Linux command line to be able to edit text files, and understand the basics of using a hex editor. And although these instructions are for vSphere they should be easily adaptable for other hypervisors. I dont have a physical device to play with so i'm not sure if you can crack hardware appliances with these instructions.

 

 

Hidden Content

    Give reaction to this post to see the hidden content.

Please explain in simple way to crack , as I opened file in to hexa editor, I cant see upsets as you mentioned 0xB961019, 0xB962019, 0xB96301A, 0xB964019, 0x7A8EA014,

  • Like 20
  • Thanks 8
  • Haha 1

Share this post


Link to post
Share on other sites

Gents can someone explain the procedure above in a simple language ?

 

too much effort if u wanted it like details tutorials.

As long as u understand bit of linux command to edit and navigate like (vi and cd) and also how to hexeditor HxD(windows), hexedit (Unix) to change value as explained by muhfugen

Share this post


Link to post
Share on other sites

My Problem with with hex editor output interpretation....i am able to find the offsets but as to the expected output, i cant understand anything from there.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...