Jump to content


Photo
- - - - -

Hack a modem


  • Please log in to reply
9 replies to this topic

#1 norbertbonnici

norbertbonnici

    Newbie

  • Active Members
  • 3 posts
  • Gender:Male
  • Location:Marsascala, Malta

Posted 12 June 2009 - 03:25 PM

I have a modem/router (thomson tg585) which my ISP blocked admin access. I need to gain admin access to change DNS server settings. Can you suggest a program to bruteforce the thing? I have a lot of free time and an OC'D Core i7 machine smile.gif
Thanks

#2 moonlit

moonlit

    Hak5 Junkie

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,207 posts
  • Gender:Male
  • Location:irc://England:6667

Posted 12 June 2009 - 04:46 PM

Press reset button, use default password (see manual).

#3 Mnemonic

Mnemonic

    Black Ops Specialist and a nice guy.

  • Active Members
  • PipPipPipPipPipPipPip
  • 662 posts
  • Gender:Male
  • Location:Australia

Posted 13 June 2009 - 08:21 AM

Why would an isp block admin access to your modem exactly?
Posted Image

#4 stalkerh

stalkerh

    Newbie

  • Members
  • 2 posts

Posted 14 June 2009 - 11:56 AM

@Mnemonic The ISP's in SA(South Africa) sometimes do that so that they can sell certain uncapped packages and force the user to use the ISP's router.Basically means the user is dependent on the ISP.

@moonlit i dont think he can do that or he would loose the details stored on the device and would end up having to call the ISP again.

#5 miT

miT

    I like ponies!

  • Active Members
  • PipPipPipPipPip
  • 163 posts
  • Gender:Male
  • Location:Los Angeles, CA
  • Interests:I'll let you take a WILD guess (hence this site)

Posted 14 June 2009 - 11:59 PM

QUOTE (dninja91 @ Fri, 12 Jun 2009 13:25:51 +0000) <{POST_SNAPBACK}>
I have a modem/router (thomson tg585) which my ISP blocked admin access. I need to gain admin access to change DNS server settings. Can you suggest a program to bruteforce the thing? I have a lot of free time and an OC'D Core i7 machine smile.gif
Thanks


If you're on a linux box (the only way to be) then you can use hydra, xhydra to brute the login with a password list.

There are a couple of others that will accomplish the same task and have other options that hydra doesn't do (medusa for instance) but hydra is pretty straight forward for this task.

Good luck!
/miT

[ OMGIRC.com ] - Need help? Join our chat for instant assistance!

[ TimAshley.me ] - My personal blog

#6 Mnemonic

Mnemonic

    Black Ops Specialist and a nice guy.

  • Active Members
  • PipPipPipPipPipPipPip
  • 662 posts
  • Gender:Male
  • Location:Australia

Posted 16 June 2009 - 05:16 AM

QUOTE (stalkerh @ Sun, 14 Jun 2009 16:56:26 +0000) <{POST_SNAPBACK}>
@Mnemonic The ISP's in SA(South Africa) sometimes do that so that they can sell certain uncapped packages and force the user to use the ISP's router.Basically means the user is dependent on the ISP.



So does that mean that if the ISP has to replace the modem (faulty) they send a pre-programmed modem? OR do they just access it remotely and program the thing...

I remember when i was working as an adsl specialist with Australian telco we started to use 2wire modems with this remote capability, but never officially used it...

If its the latter would their be a way of sniffing and capturing the traffic between the modem and the isp to analyse what they're programming it with....just wondering :0)
Posted Image

#7 miT

miT

    I like ponies!

  • Active Members
  • PipPipPipPipPip
  • 163 posts
  • Gender:Male
  • Location:Los Angeles, CA
  • Interests:I'll let you take a WILD guess (hence this site)

Posted 16 June 2009 - 09:24 AM

QUOTE (Mnemonic @ Tue, 16 Jun 2009 03:16:31 +0000) <{POST_SNAPBACK}>
So does that mean that if the ISP has to replace the modem (faulty) they send a pre-programmed modem? OR do they just access it remotely and program the thing...

I remember when i was working as an adsl specialist with Australian telco we started to use 2wire modems with this remote capability, but never officially used it...

If its the latter would their be a way of sniffing and capturing the traffic between the modem and the isp to analyse what they're programming it with....just wondering :0)


When a cable modem (maybe DSL also, im not sure) is booted up. It contacts the ISP's TFTP server to download its image. This pre-made image has everything already put into it (speed caps, dns servers, dhcp servers, time servers, filters, ect). There are some tricks to "sniff" the TFTP image so you can download it yourself, decrypt it, edit it to have some ungodly speeds and host it on your OWN TFTP server. So when the modem is powered on, it's grabbing its new uncapped image from your TFTP server instead of the ISP's. This of course is highly illegal and 9 times out of 10 will get your service banned (they do reserve the right to refuse service).

Ask me how i know....... -____-
/miT

[ OMGIRC.com ] - Need help? Join our chat for instant assistance!

[ TimAshley.me ] - My personal blog

#8 stalkerh

stalkerh

    Newbie

  • Members
  • 2 posts

Posted 19 June 2009 - 02:10 PM

@Mnemonic I have never personally used one of these cos i cant really afford it. Also as far as i know they will replace the modem cos its part of the contract.

Also i would imagine that (if im correct) the router would have a web interface.Not all do but some of them do. If this is a case , then i think it would be easy enough to write a custom brute forcer or use any know web based brute forcer

#9 dw5304

dw5304

    Hak5 Fan

  • Members
  • PipPip
  • 22 posts

Posted 24 June 2009 - 12:13 PM

just use snmp to obtain the password. wink.gif
usaly the small isps like that do not include a private snmp community string.
so using private will allow u to walk the router for there user name and password for the unit.

when the modem comes online it sends a broadcast packet to the cmts (cable modem termination system)
asking for an ip, tftp server, and config file to download.

in the config file tells the modem what the speeds are, snmp, passwords, ect.

miT is right on the legality part... but that's where a lot of people go wrong editing the speeds....
anyways, the likely hood of editing the speeds are not good. seeing there signed w/ md5, then depending on the isp
the config will check to make sure the macs and the certs on the modem match. some configs now have a dynamic secrete of witch changes when u save the config. causing u not to be able to log into the network.

#10 MBP

MBP

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 106 posts

Posted 01 July 2009 - 03:44 AM

QUOTE (Mnemonic @ Tue, 16 Jun 2009 11:16:31 +0000) <{POST_SNAPBACK}>
So does that mean that if the ISP has to replace the modem (faulty) they send a pre-programmed modem? OR do they just access it remotely and program the thing...

I remember when i was working as an adsl specialist with Australian telco we started to use 2wire modems with this remote capability, but never officially used it...

If its the latter would their be a way of sniffing and capturing the traffic between the modem and the isp to analyse what they're programming it with....just wondering :0)


you worked for telstra then biggrin.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users