Hacking the Panda GateDefender 8100
The Panda GateDefender 8100 is a Linux-based filtering, AV, and intrusion prevention system. The system I have to work with has a P4 3.4GHz CPU, 1GB of DDR400, and an 80GB SATA drive. It has one available PCI slot, 2 unused SATA ports, and a CF slot.
While you can get a display on the VGA connector, its not an actual console. To get a console, you’ll need a serial cable. Open up a terminal emulator and set the port to 57600,8,N,1, then power on the machine. To get into the BIOS, press the tab key when prompted.
If you look at the motherboard, you’ll see JP1 is labeled CMOS Reset. I’ve tried this, and it did not seem to actually reset anything, nor did JP8 (NMI) or JP2 (???). I used a tool called CmosPwd to recover the actual password (its ‘adnap17’). Once in the BIOS, you can move on to getting more access to the box.
First disable the BIOS passwords (select the Password options and press Enter twice). The next setting you will need to change is the Watchdog Timer, under Integrated Peripherals. Set it to disabled, otherwise the system will reboot every 4 minutes if it doesn’t receive a heartbeat signal from the OS.I won’t explain all the BIOS options here, but you will have to go into most of the menus and turn things like the PATA controller back on before you continue.
With that out of the way, lets ditch that annoying serial cable and go for a true console with USB keyboard. To find the USB ports, take the case cover off (2 screws in back and 3 screws on the sides), then take off the front panel (2 screws on the bottom, 1 on each side and the top). You’ll find 2 USB ports right next to the front panel LCD.
Unfortunately, that still doesn’t get you a console. For that, you’ll need to pull the hard drive out and put it into another system, then boot that system from a Linux Live CD. Mount the drive to some temporary location, then do a chroot /wherever to change the Live CD root to the Panda drive. Reset the password for root (passwd root). You’ll also need to update /etc/inittab (to spawn TTYs on the console and serial if you want), /etc/securetty (to allow root to login), and /etc/pam.d/access.conf (to allow root to login). Umount the drive and put it back in the GateDefender, then fire it back up.
You should now be able to login as root with the password that you made. The OS is almost a completely stock install of Debian Sarge, with some custom utilities added. You can update /etc/apt/sources.list to point at the Debian mirrors if you want, and it will work just fine.