Pegasus review, lies and greed of FSL3D

[chooch]

What is the Pegasus Remote? That would make sense if their ME and RCE. I've figured they were running out of money, but they seem to have big $$$ that's been coming in....but their terrible support has probably scared off many new customers. I know I would *NOT* buy a Pegasus Touch today; even if it were $100.

It's a program that remote support uses to get into the Pegasus. I think that they left a port open on the BBB and it scans until it finds the open port and then sets up a reverse SSH tunnel.

How did you get the files off the BBB, if I may ask?

[doobie]

It's a program that remote support uses to get into the Pegasus. I think that they left a port open on the BBB and it scans until it finds the open port and then sets up a reverse SSH tunnel.

How did you get the files off the BBB, if I may ask?

I did a almost a year ago....but basically I removed the BBB, attached a serial port between it and a computer, and was able to get access to the console and used the boot manager on it to look at the file system and files on it, PITA. I'm guessing they'll patch things up if they can if they find out people are exploiting things. I'd be interested in getting more info on what you used to get into the machine.

[chooch]

I did a almost a year ago....but basically I removed the BBB, attached a serial port between it and a computer, and was able to get access to the console and used the boot manager on it to look at the file system and files on it, PITA. I'm guessing they'll patch things up if they can if they find out people are exploiting things. I'd be interested in getting more info on what you used to get into the machine.

Might have to try that, if this SSH tunneling program doesn't get in.

[doobie]

Might have to try that, if this SSH tunneling program doesn't get in.

Ahh, I thought you were able to get in. I wasn't able to with the passwords I received (which were sooooo very secure! this is sarcasm BTW). I don't want to post them online in case someone ends up finding a way to use them to hack people's printers.

[chooch]

Well, the ssh tunneling is going to take days. It did 80 ports with 5 attempts each and that took 6 hours. It's some sort of brute force attack program. It tries a port on the ip and I assume it attempts 5 different passwords. I did an open port scan though and really 22 is the only one that shows the ssh protocol, there are several others that are open, but nothing displays, also when I try the tunneler on them nothing appears to happen. Last night I tried the serial method and was able to see it boot, I have yet to poke around. There is still two other methods left to try and crack this nut if these current methods don't work.

[doobie]

What are you trying to crack? The password? If so based on John The Ripper, I have it, but it won't let me login via that user name/password via ssh on port 22. I will need to get my setup back up to try it out.

[chooch]

What are you trying to crack? The password? If so based on John The Ripper, I have it, but it won't let me login via that user name/password via ssh on port 22. I will need to get my setup back up to try it out.

I'm just trying to get in. If that means cracking the ssh password then so be it.

It could be that the passwords you got don't work, because they changed the username from root to something else, as that is more secure.

[doobie]

HOORAH! I got in. Will post details in the next few hours or so. I need to confirm if I got lucky (after I add a backdoor).

[chooch]

Awesome! Great work.

[doobie]

https://github.com/doobie42/pegasus3dprinter/