Jump to content

muhfugen

Members
  • Content Count

    0
  • Joined

  • Last visited

Everything posted by muhfugen

  1. Could an admin here give me rights to respond to private messages? I developed a couple cracks and posted them here, for Cisco Firepower Threat Defense and Palo Alto Network's firewall that other people keep on PMing me about but I cant respond because I dont have rights.
  2. Hey guys, I got bored and developed a crack for Palo Alto Networks virtual firewall. Just like my crack for Cisco Firepower Threat Defense, you do it all yourself so there is no question about wether or not malware has been installed. This assumes you have enough experience with the Linux command line to be able to edit text files, and understand the basics of using a hex editor. And although these instructions are for vSphere they should be easily adaptable for other hypervisors. I dont have a physical device to play with so i'm not sure if you can crack hardware appliances with these instructions. [Hidden Content]
  3. The steps are literally in the instructions you quoted, and which you werent supposed to quote.
  4. You run the commands I specified in the command prompt of the 2nd picture you posted
  5. Any chance someone could share AIR-CTVM-K9-8-5-140-0.aes
  6. No idea, I dont have a physical ASA and have no intention of purchasing one. If someone wants to send me Bitcoin to buy one so I can play with it I could give it a shot. But take note that I cracked this when I was out of work, and since have a new job and significantly less free time. Also it would probably cost the same amount for you to just buy a old server and run the virtual appliance on there.
  7. You should be presented with the option to do so when you add the FTD to the FMC. If you clicked past it already, go to Devices->Device Management and click the pencil icon for your FTD device (or HA pair), then click the Summary tab, and the pencil next to where it says Licenses. This of course assumes you've followed my instructions on applying the crack
  8. Yeah i've encountered this problem before, the way I fixed it was to delete all the vNICs from the FTD in vCenter, then re-add them using VMXNET3 vNICs, then rebooting the FTD. After this happens it should show your static address assigned to eth0 rather than br0 if you run ifconfig. 've also encountered issues that after reboots the pairing between vNICs and interfaces in the FTD will get mixed up forcing you compare MAC addresses inside the FTD to vNICs in vCenter and then reassign the vNICs to whatever port groups they should be attached to.
  9. Updated the crack instructions on page 10 for FMC 6.2.3.4 Updating the vulnerability database will not, updating the FMC may as it has in the 6.2.3 and 6.2.3.4 updates. The only things it will likely break though is export controlled features (which VPN and SSL platform features rely upon), and the bug fix for CSCve97160 to use SMB/CIFS v2 and v3. All the stuff involving the MySQL database and the unlimited evaluation should not be effected by a update to the FMC. Also I would not expect updates to the FTD devices to break anything. Even if the FMC gets broken, just follow my instructions on what to search for in the files and you should be able to fix it yourself barring a major change to the licensing system. In case it takes me a while to update the instructions as has happened recently because the 6.2.3 update never showed up in my console and I had to download it elsewhere. No idea, I dont have a physical FTD or (modern) ASA appliance, just a very old ASA 5510 which cant run firepower services. If someone has one in a test environment they wouldnt mind me playing with, or wants to send me ~$250-$300 in bitcoin so I can get a 5506X off eBay, I could try to support physical appliances with this crack. No guarantees I would be successful though. I haven't verified this, but if I had to guess it may only be created when you enable evaluation mode in the FMC. And as other people have said you may have to register a FTD with the FMC as well before this file is created. I have not tried using the FTD at all without a FMC, sorry.
  10. Updated the crack instructions on page 3 for FMC 6.2.3.4
  11. GoldenTulip, I can't respond to private messages because of my post count so i'll post it here. Unfortunately cracking the classic licenses for NGIPSv would be far more involved than what I did with the evaluation crack. It uses a compiled code rather than just perl scripts which makes figuring out what it is doing far more difficult, and I generally avoid dealing with assembly code as much as I can. As I have no use for NGIPSv I dont plan on sinking a ton of time in to cracking it. Sorry.
  12. GoldenTulip, I can't respond to private messages because of my post count so i'll post it here. Unfortunately cracking the classic licenses for NGIPSv would be far more involved than what I did with the evaluation crack. It uses a compiled code rather than just perl scripts which makes figuring out what it is doing far more difficult, and I generally avoid dealing with assembly code as much as I can. As I have no use for NGIPSv I dont plan on sinking a ton of time in to cracking it. Sorry.
  13. GoldenTulip, I can't respond to private messages because of my post count so i'll post it here. Unfortunately cracking the classic licenses for NGIPSv would be far more involved than what I did with the evaluation crack. It uses a compiled code rather than just perl scripts which makes figuring out what it is doing far more difficult, and I generally avoid dealing with assembly code as much as I can. As I have no use for NGIPSv I dont plan on sinking a ton of time in to cracking it. Sorry.
  14. You need to have devices added to your FMC, if there aren't any FTD devices registered to the FMC then there wont be any evaluation licenses Read the manual on deploying a device, this is covered there.
  15. Enable evaluation mode in System->Licenses in the FMC. If that isnt available to you then fvck if I know because I only have a Firepower Threat Defense Virtual and a ASA 5510 in my lab.
  16. Actually no. Those licenses are enabled when you start the evaluation. The only types of licenses which you need to add right now are the VPN licenses. They are listed in the proceeding line because it is how you differentiate a FTD device from a FMC device in the licensing database.
  17. The instructions for the crack on page 10 have been updated: - Verified crack supports of the use of Remote Access VPN licenses. - Updated file paths to remove version dependencies. - Fixed bug CSCve97160, enabled use of SMB/CIFS protocol versions 2 and 3 and added support for Microsoft Scale Out File Server as a remote storage device because a multi-billion dollar company is too lazy to do so and some random guy on a forum has to do it for them.
  18. The instructions for the crack on page 3 have been updated: - Verified crack supports of the use of Remote Access VPN licenses. - Updated file paths to remove version dependencies. - Fixed bug CSCve97160, enabled use of SMB/CIFS protocol versions 2 and 3 and added support for Microsoft Scale Out File Server as a remote storage device because a multi-billion dollar company is too lazy to do so and some random guy on a forum has to do it for them.
  19. The instructions for the crack on page 3 have been updated: - Updated evaluation period to ~88 years. - Simplified instructions. - Added support for high availability devices. - Fixed a problem when inserting rows in to the license_caps table, the value for last_changed column was accidentally omitted in the previous instructions. To fix this problem, in the MySQL console run "delete from license_caps where last_changed = 1; " and then perform the updated instructions above. - Discovered that export controlled features not only effect Remote Access VPNs but also the SSL settings in a Platform Settings policy.
  20. The instructions for the crack on page 10 have been updated: - Updated evaluation period to ~88 years. - Simplified instructions. - Added support for high availability devices. - Fixed a problem when inserting rows in to the license_caps table, the value for last_changed column was accidentally omitted in the previous instructions. To fix this problem, in the MySQL console run "delete from license_caps where last_changed = 1; " and then perform the updated instructions above. - Discovered that export controlled features not only effect Remote Access VPNs but also the SSL settings in a Platform Settings policy.
  21. It is there. As it has a period in the start of the same that makes it a hidden file and will only be shown when you specify the "-a" parameter to the ls command. Enable evaluation mode by going to System->Licenses in the FMC, then edit the file specified in my post. I dont have NGIPSv installed in my lab so I can't test it, but if you take my instructions for adding the VPN licenses, you should be able to do so by inserting the rows in to the MySQL database, but specifying the product type as THREAT. If you look at line 161 and 180 in /Volume/6.2.1/sf/lib/perl/5.10.1/SF/SmartAgentManager.pm you can see all the licenses types which are available. Keep in mind my instructions only work if you have evaluation mode enabled, not if you have a device already connected to a legitimate Smart License. And if evaluation mode is enabled, this shouldnt be necessary as I would think it would add these evaluation licenses anyways. It does for the NGFWv.
  22. Unlimited evaluation [Hidden Content] Add Remote Access VPN and Advanced licenses to an evaluation The Advanced licenses are currently not used for anything, but will be in future versions according to line 161 in the /var/sf/lib/perl/5.10.1/SF/SmartAgentManager.pm file. You likely dont need to enable all 3 Remote Access VPN license types, unless you have a specific use case for doing so. And VPNOnly licenses can not be assigned to a device when either APEX or PLUS licenses are assigned, although APEX and PLUS can be assigned to the same device. The APEX licenses support the most features and what most people will likely want to have installed. For more information on Remote Access VPN license types see [Hidden Content] [Hidden Content] Enable Export Controlled features in a evaluation Remote Access VPN policies and the SSL features in Platform Settings policies require export controlled features be enabled. [Hidden Content] Fix bug CSCve97160, support SMB/CIFS version 2 & 3 and support use of Microsoft Scale Out File Server as a remote storage device The FMC does not support the use of versions 2 and 3 of the SMB/CIFS protocol. A feature request has been submitted under bug CSCve97160 ([Hidden Content]). Microsoft Scale Out File Server (SOFS) requires the use of at least version 2 of the SMB/CIFS protocol. You should be able to manually specify a higher version of the protocol in System->Configuration->Remote Storage Device->Command Line Options but due improper input validation code it will not allow this. Because a multi-billion dollar company is too lazy to spend 5 minutes fixing their flagship firewall I guess some random guy on a forum has to it for them. [Hidden Content] Edit 08-29-17 - Updated evaluation period to ~88 years. - Simplified instructions. - Added support for high availability devices. - Fixed a problem when inserting rows in to the license_caps table, the value for last_changed column was accidentally omitted in the previous instructions. To fix this problem, in the MySQL console run "delete from license_caps where last_changed = 1; " and then perform the updated instructions above. - Discovered that export controlled features not only effect Remote Access VPNs but also the SSL settings in a Platform Settings policy. Edit 09-09-17 - Verified crack supports of the use of Remote Access VPN licenses. - Updated file paths to remove version dependencies. - Fixed bug CSCve97160, enabled use of SMB/CIFS protocol versions 2 and 3 and added support for Microsoft Scale Out File Server as a remote storage device because a multi-billion dollar company is too lazy to do so and some random guy on a forum has to do it for them. Edit 11-22-17 - Figured out what daemon needed to be restarted to enable export control features, so you dont have to reboot the FMC. Edit 08-27-18 - Updated line numbers to enable export controlled features and fixing bug CSCve97160 for FMC 6.2.3. Using pmtool to restart mojo_server doesnt seem to cause these changes to take effect in 6.2.3.4, reverted instructions to instruct you to reboot the FMC instead since i'm not really motivated enough right now to figure out what else needs to be restarted.
  23. Unlimited evaluation [Hidden Content] Add Remote Access VPN and Advanced licenses to an evaluation The Advanced licenses are currently not used for anything, but will be in future versions according to line 161 in the /var/sf/lib/perl/5.10.1/SF/SmartAgentManager.pm file. You likely dont need to enable all 3 Remote Access VPN license types, unless you have a specific use case for doing so. And VPNOnly licenses can not be assigned to a device when either APEX or PLUS licenses are assigned, although APEX and PLUS can be assigned to the same device. The APEX licenses support the most features and what most people will likely want to have installed. For more information on Remote Access VPN license types see [Hidden Content] [Hidden Content] Enable Export Controlled features in a evaluation Remote Access VPN policies and the SSL features in Platform Settings policies require export controlled features be enabled. [Hidden Content] Fix bug CSCve97160, support SMB/CIFS version 2 & 3 and support use of Microsoft Scale Out File Server as a remote storage device The FMC does not support the use of versions 2 and 3 of the SMB/CIFS protocol. A feature request has been submitted under bug CSCve97160 ([Hidden Content]). Microsoft Scale Out File Server (SOFS) requires the use of at least version 2 of the SMB/CIFS protocol. You should be able to manually specify a higher version of the protocol in System->Configuration->Remote Storage Device->Command Line Options but due improper input validation code it will not allow this. Because a multi-billion dollar company is too lazy to spend 5 minutes fixing their flagship firewall I guess some random guy on a forum has to it for them. [Hidden Content] Edit 08-29-17 - Updated evaluation period to ~88 years. - Simplified instructions. - Added support for high availability devices. - Fixed a problem when inserting rows in to the license_caps table, the value for last_changed column was accidentally omitted in the previous instructions. To fix this problem, in the MySQL console run "delete from license_caps where last_changed = 1; " and then perform the updated instructions above. - Discovered that export controlled features not only effect Remote Access VPNs but also the SSL settings in a Platform Settings policy. Edit 09-09-17 - Verified crack supports of the use of Remote Access VPN licenses. - Updated file paths to remove version dependencies. - Fixed bug CSCve97160, enabled use of SMB/CIFS protocol versions 2 and 3 and added support for Microsoft Scale Out File Server as a remote storage device because a multi-billion dollar company is too lazy to do so and some random guy on a forum has to do it for them. Edit 11-22-17 - Figured out what daemon needed to be restarted to enable export control features, so you dont have to reboot the FMC. Edit 08-27-18 - Updated line numbers to enable export controlled features and fixing bug CSCve97160 for FMC 6.2.3. Using pmtool to restart mojo_server doesnt seem to cause these changes to take effect in 6.2.3.4, reverted instructions to instruct you to reboot the FMC instead since i'm not really motivated enough right now to figure out what else needs to be restarted.
  24. I figured out how to crack Firepower Threat Defense Virtual to permit an unlimited evaluation period, adding Remote Access VPN and Advanced licenses and to enable Export Controlled functionality. I can only assume the NGIPSv uses the same licensing method, so it can likely be easily adapted from NGFWv to NGIPSv. If you're interested see [Hidden Content]
×
×
  • Create New...