Za korisnike koje vole da čačkaju po ADSL modemima i koji imaju HG 531 V1 ADSL modem ( verovatno uspeva i na sličnim modelima ) sam napravio skriptu koja će Vam izvući korisničko ime i lozinku koja se koristi prilikom uspostavljanja adsl veze.
To je korisno imati u slučaju ako vam modem zaglupi a ne pomaže ni fabrički restart, a i korisno je imati ako hoćete da napravite adsl konekciju preko nekog drugog modema.
Arhivu Telekom.zip otpakovati i pokrenuti Script.bat
Posle nekoliko trenutaka ispisaće Vam se korisničko ime i šifra, a kada stisnete ok na prozoru onda će Vam se ti podaci iskopirati u clipboard tako da lako možete sačuvati u fajl.
Arhivu Telekom.zip možete preuzeti ovde
Thoughts of a Kitsune
Friday, October 17, 2014
Sunday, September 28, 2014
Telekom Serbia Router Security Holes
Software version of router:
P.DGA4010G_1.23-Telekom_Serbija_TR069_A
They actually managed to
misspell Serbija instead of Serbia. I mean, really?
Either you write Srbija in
Serbian language or Serbia in English.
I was wondering, if they made
that obvious rookie mistake with spelling what then they did with
security?
There are three security holes:
1.
Login as user with standard
username and password (user: telekom pass: telekom)
(I used Google Chrome)
Right click → Inspect Element
→ Sources → menuBcm.js
From there you can acess all
pages. For example if you want to restart router hit ctrl + F and you
find any function insDoc. For example:
insDoc(nodeMngr, gLnk('R',
getMenuTitle(MENU_RESET_ROUTER), 'resetrouter.html'));
In browser type
routerIpAdress/resetrouter.html and you
will be granted access to this (and to any other options in any insDoc
function) option without verifying first for admin privileges.
2.
Or alternatively you can extract
admin password.
In menuBcm.js you will find also
insDoc(nodeAccCntr, gLnk('R',
getMenuTitle(MENU_ACC_CNTR_PASSWORD), 'password.html'));
So we can try to change admin
password. Type routerIpAdress/password.html
but there you will notice that we need to input old password in order
to change it. No problem, right click and select View page source.
And look at line 12. Yes it's real, line 12 is
pwdAdmin
= 'tzlkisonpk';
Now we have admin password
tzlkisonpk.
And now we can relogin with
user: admin and password: tzlkisonpk to confirm this.
3.
Another even more cooler
security hole is this, you login as user, name: telekom, pass telekom
and paste this in browser adress bar
and execute it
routerIpAdress/password.cgi?adminPassword=MyNewAdminPass
Also, new password can not be larger than 16 characters. You can got this by analyzing password.html source.
routerIpAdress/password.cgi?adminPassword=MyNewAdminPass
Also, new password can not be larger than 16 characters. You can got this by analyzing password.html source.
Congratulations you just now
changed admin password to MyNewAdminPass.
Subscribe to:
Posts (Atom)