madlogik

FYI: (if it might help) Silent Command Line Install of the .NET Framework: dotnetfx.exe /q:a /c:"install /l /q" Specifying the /q:a and /q options for a silent installation allows for a standardized user installation experience. Specifying the /l option creates a setup log file, Netfx.log, in the %temp% directory where all errors are logged. Source: http://energy.ihs.com/NR/rdonlyres/92F5728...ETFramework.pdf

it is the 2wire 2700 hg-e (e= telus model) It is a custom firmware the user level password is telus (you can change it .. but if you hard reset the device it will be back to telus) I did an nmap scan on it , and I ran a nessus full assessment test on it. 2 open ports 80 443 nessus didn't find any holes or vulnerabilities. I tried an 8 meg wordlist on the form of the MDC login but nogo (using: accessdiver) with brutus: nogo ... even at lowest speed.. 1 connection max... after 3 tries the modem reboots the same reboot would happened if you manually fail 3 times . yeah .. I tried admin as on of the words in the 8 meg file ;) fyi: i did try all of the defaults.. (http://www.phenoelit.de/dpl/dpl.html) I guess my only hope is to find a way to DUMP the current firmware ... Does anyone have any expertise in that field? thanks -mad- ps: I understand the need to be legit... curiosity has never been a crime. and... where there's will... there's a way! ***EDIT*** for me ... hacking = making it do something it wasn't built for, or in a way they never thought about! definitions of abstract terms: for it = the thing / project; for they = the developers / inventors; For I = not the inventor of the thing, but a frustrated user in some way; ***EDIT***

wow so I really haven't been specific enough But I'm quite disappointed in some replies.. so Here it goes... 1: I KNOW THE USER PASSWORD BUT THE DEVICE`s MANAGEMENT CONSOLE IS LOCKED BY THE ISP. (so the hardware reset wont help.. but for the user password) 2: I am sorry for the caps but hey - I do this for fun - the damn thing is connected STRAIGHT TO MY PC (its not someone else`s) - It not even My ISP, its a dsl modem and I dont even have a land line.. I just need to get access to the management console on that thing.. so I believe it is TOTALLY LEGAL for me to do this.. I simply want to bridge it with my router and use it as an access point.. but I need the mdc password.. ... and I know its an internal ip .. and that you wont reach it... (please don't .. you will just end up making it reboot!!) I'm looking for insights.. I dont need anyone to try to "hack" into it.. I need some engineer that could tell me how to download a firmware back to the pc .. or some ex-2wire employees that have that password.. wow come on kids.. please read about my previous posts.. (only 16 but read them) and you'll see Im no bummer.. I wouldn't do anything illegal. -mad

Hi! I got my dirty hands on a 2wire 2700 hg-e Gateway! (e = telus model) I'm trying to get access to the MDC (management console) on it but I need a password... I tried a few without luck... then I tried a tool called Brutus (brute forcer) but that is making the modem reboot... What other means can I use to get in there??? (its under the form on a web site http://192.168.1.254/mdc on the page there is a texbox and a button. If wrong, you get the same page back but with a top header that says that the previous attempt was wrong. If anyone can help me hack that b!tch up I would apreciate! thanks -mad *************** EDIT *************** I just installed AccessDiver ... seems good but I struggle in right now.. lots of reading ... ***********************************

yeah .. cauz I mean.. we are all paranoids... isint it why we search for the truth?

hummm ... yeah its a sata drive... mine is IDE.. --> ill try some live cd and ill let you know.. thanks all ps: I do this for fun, I work there... if I need admin rights to install something Its only a phone call away (our network support guys are reached over the phone) .. but Its only for the kick of doing it.. hehe

Wow, So there I am with my boot disk (containing ntfs4dos), at home no problem, I put the drive in , boot from (usb) , and my autoexec.bat gets the windowssystem32configsam and system files.. no problem.. but I think I faced something I never bothered to look into before today.. I booted my key on a corporate computer.. but I cant get the C drive!! (ntfs4dos fails to pickup the partition) (no it's not just into another drive.. im not a total n00b thanks!!) so Is the drive encrypted? is it another partition? When I boot my (user) account in xp, I get the c: (ntfs drive) . . in the root there is a boot.ini but I know buttkiss about bootloaders.. can anyone shed some light on what I experienced? (cant get the ntfs partition from a dos bootdisk, even with ntfs 4 dos, when I can get it to work from home) ! thanks! -mad-

I have a 1 gigger.. u3 sandisk cruzer micro (not titanium, the cheap stuff) On it , I have (on the CD partition) my special (if caps is on do this, else do that ) program) witch either loads the switchblade or the u3 launcher Switchblade = the max payload + a few tricks of mine (cute ftp pass + others) U3 = the u3 +the portable apps pstart launcher (I kept it since I used to have It on my old usb key and I dumped the thing into a u3p package, installed it to my u3 launcher and made it go autostart) ps: for a VERY FAST way to create your own u3p installable from disk packages, use: Package Factory from: http://www.eure.ca/ On the u3 I got many good apps (the free ones) Mobile web server (I hacked it to death!!! hehe ) sorry for the author.. but I had to remove the ads.. (using resource hacker you can edit the html files within the .exe!!) get my version from: http://madlogik.mine.nu:999/mws_madedit.u3p + skype/editpad/irfanview/foxitreader/some other small bs apps I should remove On my pstart portablleapps (MANY!) including my most used one: firefox ... soon to be 2.0 I really like it on my desktop portable nero , portable photoshop 7 (50 megs only!!) audacity / pspad / VLC / ultra iso / putty + many scripts I made + many tools I made (see my homepage: http://madlogik.mine.nu:999/ and my personal files ... so .. thats about it ! enjoy mad

something to try.. but I dont know if its for the win32 cmd only.. ? hey try it on a floppy boot disk! and tell me!

i do my Iso with nero image burner :) (with the sandisk version tough)

thanks.. I made a .bat :) crash on demand I dont believe there is something to be made out of it tough... OR I cant imagine how / what would be involved ! other than, haha I made you waste time starting the debugger! LMAO.. but hey still thanks! :) -mad

couldnt help but notice your title is: autostart.ini but .. it'S autorun.inf that you should have..

yeah Matt35.. sorry but only by reading your question, I understand you need more (meat) on your (bones).. U simply need to face more comptuer problems... then you will become a true master... get hired in a support helpdesk for instance! that`s what I did.. but policies will kill you .

thanks.. we concluded to that in the chat as well.. :) I will update after the try ** edit: AFAIK: john is only a cracker... ** Im not looking for a cracker.. simply something to get USER:HASH"/"$"/$"/$SDFSDFS/"!$"/$"/$ (kindof) format out of the SAM + SYSTEM combo.. I dont want a dictionary cracker.. im doing rainbowcracking! :) hehe but thanks .

I have a tear to my eyes... really, if you wanna do it.. ... and Ill get flamed for helping you.... but a verry good tool is Brutus www.hoobie.net/brutus but .. if you plan to use it on something that doesnt belong to you... it is detected by most av as hacktool =) killav.exe anyone? ;) but breathe up.. think about your problem... Im sure you can have access to the files in person... or have a cd delivered to a po box? think outside the box ... peace mad

a bit unrelated but found a cool article about autorun.inf and its inner workings.. http://support.microsoft.com/kb/136214

Hi all! I made myself a bootable usb key (using the hp tool (SP27213.exe)) + the winmebootcd.img (google for it! :) ) then I deleeted the whole content of the key (keeping the msdos.sys io.sys and command.com) I placed the files from a regular fat32 bootdisk in there (without the files mentionned above) and did my own autorun.bat - runs ntfsdos gets the sam + system back onto a dump folder on the key... now here is the problem... I found a way to do it offline (ophcrack, load encrypted hash files) then save as to get the equivalent of what I would get with pwdump then I crack it with rcrack and my set of tables (see another of my posts !) Isint there a pwdump for dos? (or at least a samdump equivalent since I already got the sam + system files) Thanks all! -Mad

1: please read the wiki ... 2: to edit an iso. - use winrar (to unzip an .iso) edit the files.. and then 3: use nero burn to image recorder , change the .nrg to .iso when you are asked to save the image file 4: once you made your iso back.. get it to the key with the LPInstaller.exe 5: please read some more... really, it's all covered (but for that edit an iso question) .. -mad- ps: reply with other questions if you stall at some point.

I wonder if thres a way to resize that 6 meg partition...

I made a simpler launch process for payloads. I made a .exe (in the root in the .iso) and modified the original u3 autorun file to launch my tool instead of launchu3 directly!! if caps lock is off : it will launchu3.exe normally.. :) if caps lock is on: it will launch my.exe :) or your.bat or our whatever!!! :) so this way you have your fully functionnal u3 usb key, with u3launcher! the payload and the tools are hidden on the (fakeCD) partition!!! (invisible to a virus sanner for instance) and when you plug it in with caps lock on... , its too late for mcafee to react! + it cant deleete it from the fake cd .. so it keeps on running ! :) cool things happends.. ;) now Im trying to make my rainbowcrack gui an asp page .. .. a bit like rainbowcrack-online did... but I want it done my way! :) well... gotta go typing code lines.. ;) -mad- ps: if you want my version, I can provide you with the lminstaller + my .iso (the payload is a simple ip tool I made...) cool thing about that simple tool: it retreives the wan ip from the whatismyip.com website !! :) so if you have a router .. its a cool tool ;) well ... wtf.. heres the link to my version : http://madlogik.mine.nu:999/madswitchblade_u3.rar (for ez edit, put your tool in there instead of my iptool.exe but give it the same filename!) ---> if you want to run a .bat, google for: bat2exe <---- This works only with U3 usb drives! --> I have a sandisk cruzer micro 1gb u3 enabled pendrive <--

Hi all! This is my first post to the Forums of Hak5! (been on irc ;) ) I decided to give a little contribution (including a tool I made ) -->my tool requires the .net framework 2.0 installed!! <-- this is all for windows ! sorry linux dudes! :| ======= Automating the pwdump / rainbowcrack process ========= === ( and giving away all the required elements to make it work! === So, you wanna test your passwords? HaK5 Can't be too precise? Or you didnt get it all? Couldnt imagine calculating the tables and laughed at this idea? Simply n00b? Let me tell you everything! Here we go 1: download a 10 gig rainbow table this will cover password from 1 to 14 chars lower + upper + numeric + symbols ((but no spaces!!!)) http://rainbowtables.shmoo.com/tables/lm_a...symbol14.tar.gz create a folder something like d:rainbowcrack and unzip all the Rt files *.rt in the lm_alpha-numeric-symbol14 folder like this: d:rainbowcracklm_alpha-numeric-symbol14 <--- *.rt in there. 2: download rainbowcrack http://www.antsight.com/zsl/rainbowcrack/r...ack-1.2-win.zip (unzip it to d:rainbowcrack (or whatever you choose here again!!) 3: get the usb switchblade payload cracked open and get the CMD folder (containing the pwdump tool) and place the whole cmd folder in your rainbowcrack folder d:rainbowcrackCMD and copy my GUI (graphical user interface) to the rainbowcrack folder (( d:rainbowcrack )) (my GUI for rainbowcrack and pwdump automates the pwdump and rcrack process with those tables IF YOU HAVE pwdump in a CMD folder and THOSE tables in the lm_alpha-numeric-symbol14 subfolder and the gui tool from the root of your rcrack folder http://madlogik.mine.nu:999/RainbowCrackGUIv1.0.rar See a screenshot (500kb) With a view of that folder root (to place the files properly for the gui to work!) http://madlogik.mine.nu:999/GUIscreen.JPG now put that drive in a usb enclosure.. with an autorun ... 1 click.. 30 - 180 seconds later.. smile unplug and leave PS: U NEED ADMIN RIGHTS! :) for use on your OWN personal computer only! ;) -mad