Results 1 to 3 of 3
Discuss Time Capsule Hackable? at the Hardware - Hackint0sh.org; Rworne over at the macos rumors ran nmap against the time capsule and came up ...
  1. #1
    Rookie Array

    Join Date
    Mar 2007
    Posts
    23
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Time Capsule Hackable?

    Rworne over at the macos rumors ran nmap against the time capsule and came up with the following results:

    Code:
    root@mail:~# nmap -v -A 192.168.1.50
    
    Starting Nmap 4.20 ( http://insecure.org ) at 2008-03-02 17:20 PST
    Initiating ARP Ping Scan at 17:20
    Scanning 192.168.1.50 [1 port]
    Completed ARP Ping Scan at 17:20, 0.01s elapsed (1 total hosts)
    Initiating Parallel DNS resolution of 1 host. at 17:20
    Completed Parallel DNS resolution of 1 host. at 17:20, 0.04s elapsed
    Initiating SYN Stealth Scan at 17:20
    Scanning 192.168.1.50 [1697 ports]
    Discovered open port 10000/tcp on 192.168.1.50
    Increasing send delay for 192.168.1.50 from 0 to 5 due to 44 out of 145
    dropped probes since last increase.
    Discovered open port 139/tcp on 192.168.1.50
    Discovered open port 445/tcp on 192.168.1.50
    Discovered open port 548/tcp on 192.168.1.50
    Completed SYN Stealth Scan at 17:20, 17.82s elapsed (1697 total ports)
    Initiating Service scan at 17:20
    Scanning 4 services on 192.168.1.50
    Service scan Timing: About 75.00% done; ETC: 17:22 (0:00:34 remaining)
    Completed Service scan at 17:22, 113.53s elapsed (4 services on 1 host)
    Initiating OS detection (try #1) against 192.168.1.50
    Host 192.168.1.50 appears to be up ... good.
    Interesting ports on 192.168.1.50:
    Not shown: 1693 closed ports
    PORT      STATE SERVICE           VERSION
    139/tcp   open  tcpwrapped
    445/tcp   open  netbios-ssn
    548/tcp   open  afpovertcp?
    10000/tcp open  snet-sensor-mgmt?
    1 service unrecognized despite returning data. If you know the
    service/version, please submit the following fingerprint at
    http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
    SF-Port548-TCP:V=4.20%I=7%D=3/2%Time=47CB5263%P=x86_64-unknown-linux-gnu%r
    SF:(SSLSessionReq,1B2,"\x01\x03\0\0\xff\xff\xecQ\0\0\x01\xa2\0\0\0\0\0\x20
    SF:\0\*\x009\0\xa2\x8f\xfb\x0cTime-Capsule\0\0P\0`\0\x93\0\x94\x07AirPort\
    SF:0\0\x02\x06AFP3\.2\x06AFP3\.1\x03\tDHCAST128\x04DHX2\x06Recon16F8071GEY
    SF:ZQ\0sig-\x04\x08\x02\xc0\xa8\x012\x02\$\x08\x02\xa9\xfe\xb4\xc6\x02\$\x
    SF:14\x07\xfe\x80\0\x06\0\0\0\0\x02\x1eR\xff\xfe\xf5\xbe\x01\x02\$\x0e\x04
    SF:192\.168\.1\.50\0\0\x0cTime\x20Capsule0\0\x8f\xf8\xcc\x01H\x0c\xb32\(\n
    SF:\x8c\xcc\|\x0f\x83\x02\xff\x01\x80\xc3\xc3\x81\x803\xe3\xc1\x80\x0b\xd3
    SF:\xc1\x80\x0b\xb1a\x80\x0b\xe0\xe1\x80\x0b\xe1\xe1\x80\x0b\xd1\xe1\xc0\n
    SF:\xc0\xe1p\x0bx\xc1\x1c\x0by\xc1\x17\x0b3\xff!\xcb\xff\xc4@\x7f\xff\x02\
    SF:x80\x1e\0\x01\xff\xff\xff\xff\x80\0\0\x01\xff\xff\xff\xff\0\x02\x80\0\0
    SF:\x02\x80\0\0\x07\xc0\0\0\x04@\0\0\x04@\0\0\x07\xc0\0\0\x05@\0\x0f\xf9\?
    SF:\xfc\0\x02\x80\0\x0f\xfc\x7f\xfc0\0\x8f\xf8\xfc\x01\xcf\xfc\xff3\xef\xf
    SF:e\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
    SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\
    SF:xff\xff\xff\xff\xff\x7f\xff\xff\xff\x1f\xff\xff\xff\x1f\xff\xff\xff\?\x
    SF:ff\xff\xfc\x7f\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\
    SF:xff\xff\xff\xff\xff\0\x03\x80\0\0\x03\x80\0\0\x07\xc0\0\0\x07\xc0\0\0\x
    SF:07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\xff\xff\xff\xff\?\xfe\xff\xff\xff\xfc\
    SF:x7f\xff")%r(WMSRequest,1B2,"\x01\x03\0N\xff\xff\xecQ\0\0\x01\xa2\0\0\0\
    SF:0\0\x20\0\*\x009\0\xa2\x8f\xfb\x0cTime-Capsule\0\0P\0`\0\x93\0\x94\x07A
    SF:irPort\0\0\x02\x06AFP3\.2\x06AFP3\.1\x03\tDHCAST128\x04DHX2\x06Recon16F
    SF:8071GEYZQ\0sig-\x04\x08\x02\xc0\xa8\x012\x02\$\x08\x02\xa9\xfe\xb4\xc6\
    SF:x02\$\x14\x07\xfe\x80\0\x06\0\0\0\0\x02\x1eR\xff\xfe\xf5\xbe\x01\x02\$\
    SF:x0e\x04192\.168\.1\.50\0\0\x0cTime\x20Capsule0\0\x8f\xf8\xcc\x01H\x0c\x
    SF:b32\(\n\x8c\xcc\|\x0f\x83\x02\xff\x01\x80\xc3\xc3\x81\x803\xe3\xc1\x80\
    SF:x0b\xd3\xc1\x80\x0b\xb1a\x80\x0b\xe0\xe1\x80\x0b\xe1\xe1\x80\x0b\xd1\xe
    SF:1\xc0\n\xc0\xe1p\x0bx\xc1\x1c\x0by\xc1\x17\x0b3\xff!\xcb\xff\xc4@\x7f\x
    SF:ff\x02\x80\x1e\0\x01\xff\xff\xff\xff\x80\0\0\x01\xff\xff\xff\xff\0\x02\
    SF:x80\0\0\x02\x80\0\0\x07\xc0\0\0\x04@\0\0\x04@\0\0\x07\xc0\0\0\x05@\0\x0
    SF:f\xf9\?\xfc\0\x02\x80\0\x0f\xfc\x7f\xfc0\0\x8f\xf8\xfc\x01\xcf\xfc\xff3
    SF:\xef\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
    SF:f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
    SF:ff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\x1f\xff\xff\xff\x1f\xff\xff\
    SF:xff\?\xff\xff\xfc\x7f\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
    SF:ff\xff\xff\xff\xff\xff\xff\0\x03\x80\0\0\x03\x80\0\0\x07\xc0\0\0\x07\xc
    SF:0\0\0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\xff\xff\xff\xff\?\xfe\xff\xff\x
    SF:ff\xfc\x7f\xff");
    MAC Address: 00:1E:52:F5:XX:XX (Unknown)
    Device type: general purpose
    Running: NetBSD
    OS details: NetBSD 4.99.4 (x86)
    Network Distance: 1 hop
    TCP Sequence Prediction: Difficulty=211 (Good luck!)
    IPID Sequence Generation: Incremental
    
    OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
    Nmap finished: 1 IP address (1 host up) scanned in 132.799 seconds
                   Raw packets sent: 1786 (79.296KB) | Rcvd: 1714 (79.208KB)
    Note some interesting results:

    OS is NetBSD 4.99
    processor is x86 based ....

    I wonder if we can hack this to do more stuff?



  2. #2
    Supporter Array

    Join Date
    Aug 2007
    Posts
    164
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    15

    Default

    Hi,

    I wanted to give this thread a little bump.

    I am not deep enough into this topic but remember the efforts that went into the buffalo linkstations. Features like the media servers to be executed would be a real +++ for the time capsule...

  3. #3
    Rookie Array ipatch's Avatar

    Join Date
    Mar 2010
    Posts
    16
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    The processor is not x86 based. It is an ARM processor made by Marvell.

 

 

Similar Threads

  1. [Time Capsule] run SSH on its NetBSD?
    By Rello in forum Hardware
    Replies: 34
    Last Post: 01-11-2013, 02:38 AM
  2. FS: 2TB time capsule
    By ipatch in forum Mac stuff
    Replies: 1
    Last Post: 09-01-2012, 04:43 AM
  3. MacNN: Stardom intros Safe Capsule storage for Time Capsule
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 11-26-2009, 09:40 PM
  4. Apple: New Time Capsule “even better”
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 03-30-2009, 11:40 PM
  5. Replies: 0
    Last Post: 04-02-2008, 03:20 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 08:30 PM.
twitter, follow us!