Jump to content

Hack a modem


norbertbonnici

Recommended Posts

I have a modem/router (thomson tg585) which my ISP blocked admin access. I need to gain admin access to change DNS server settings. Can you suggest a program to bruteforce the thing? I have a lot of free time and an OC'D Core i7 machine :)

Thanks

Link to comment
Share on other sites

@Mnemonic The ISP's in SA(South Africa) sometimes do that so that they can sell certain uncapped packages and force the user to use the ISP's router.Basically means the user is dependent on the ISP.

@moonlit i dont think he can do that or he would loose the details stored on the device and would end up having to call the ISP again.

Link to comment
Share on other sites

I have a modem/router (thomson tg585) which my ISP blocked admin access. I need to gain admin access to change DNS server settings. Can you suggest a program to bruteforce the thing? I have a lot of free time and an OC'D Core i7 machine :)

Thanks

If you're on a linux box (the only way to be) then you can use hydra, xhydra to brute the login with a password list.

There are a couple of others that will accomplish the same task and have other options that hydra doesn't do (medusa for instance) but hydra is pretty straight forward for this task.

Good luck!

Link to comment
Share on other sites

@Mnemonic The ISP's in SA(South Africa) sometimes do that so that they can sell certain uncapped packages and force the user to use the ISP's router.Basically means the user is dependent on the ISP.

So does that mean that if the ISP has to replace the modem (faulty) they send a pre-programmed modem? OR do they just access it remotely and program the thing...

I remember when i was working as an adsl specialist with Australian telco we started to use 2wire modems with this remote capability, but never officially used it...

If its the latter would their be a way of sniffing and capturing the traffic between the modem and the isp to analyse what they're programming it with....just wondering :0)

Link to comment
Share on other sites

So does that mean that if the ISP has to replace the modem (faulty) they send a pre-programmed modem? OR do they just access it remotely and program the thing...

I remember when i was working as an adsl specialist with Australian telco we started to use 2wire modems with this remote capability, but never officially used it...

If its the latter would their be a way of sniffing and capturing the traffic between the modem and the isp to analyse what they're programming it with....just wondering :0)

When a cable modem (maybe DSL also, im not sure) is booted up. It contacts the ISP's TFTP server to download its image. This pre-made image has everything already put into it (speed caps, dns servers, dhcp servers, time servers, filters, ect). There are some tricks to "sniff" the TFTP image so you can download it yourself, decrypt it, edit it to have some ungodly speeds and host it on your OWN TFTP server. So when the modem is powered on, it's grabbing its new uncapped image from your TFTP server instead of the ISP's. This of course is highly illegal and 9 times out of 10 will get your service banned (they do reserve the right to refuse service).

Ask me how i know....... -____-

Link to comment
Share on other sites

@Mnemonic I have never personally used one of these cos i cant really afford it. Also as far as i know they will replace the modem cos its part of the contract.

Also i would imagine that (if im correct) the router would have a web interface.Not all do but some of them do. If this is a case , then i think it would be easy enough to write a custom brute forcer or use any know web based brute forcer

Link to comment
Share on other sites

just use snmp to obtain the password. ;)

usaly the small isps like that do not include a private snmp community string.

so using private will allow u to walk the router for there user name and password for the unit.

when the modem comes online it sends a broadcast packet to the cmts (cable modem termination system)

asking for an ip, tftp server, and config file to download.

in the config file tells the modem what the speeds are, snmp, passwords, ect.

miT is right on the legality part... but that's where a lot of people go wrong editing the speeds....

anyways, the likely hood of editing the speeds are not good. seeing there signed w/ md5, then depending on the isp

the config will check to make sure the macs and the certs on the modem match. some configs now have a dynamic secrete of witch changes when u save the config. causing u not to be able to log into the network.

Link to comment
Share on other sites

So does that mean that if the ISP has to replace the modem (faulty) they send a pre-programmed modem? OR do they just access it remotely and program the thing...

I remember when i was working as an adsl specialist with Australian telco we started to use 2wire modems with this remote capability, but never officially used it...

If its the latter would their be a way of sniffing and capturing the traffic between the modem and the isp to analyse what they're programming it with....just wondering :0)

you worked for telstra then :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...