Jump to content

Brute force via serial modem null cable


starchfish
 Share

Recommended Posts

Hi,

Just wondering if anyone has ever tried to brute force a switch/router with a console serial port, like Cisco/3COM. I've tried brutus, but it turns out it is a LAN thing. I've heard there are backdoor passwords, but it might also restore the switch back to factory defaults. I kinda want to avoid that, because there are a whole lot of these switches I need to get into.

cheers

StarchFish

Link to comment
Share on other sites

Never tried but the bit rate over a serial modem would be painfully slow. Remember the old days of IT class when they taught you how Serial operated? 1 bit after the other? This would take forever.

What are the exact model of switches you need to do password recovery on?

Link to comment
Share on other sites

3com 3300, the main reason I want to do serial is because I've heard that the ancient 3300 firmware when you're connected via console doesn't time out, I thought that meant that you could blast it with login attempts. When logon on over lan, it gives you 3/4 retries I think, then you'll have to refresh the session.

Link to comment
Share on other sites

starchfish: for the 3com firmware 7.0.1 and 8.1.1 (you should be able to get the firmware here if you dont have it infodeli.3com.com) there is a back door login of debug with the password synnet just telnet in. its a major security flaw that they put in that you should probably fix once you get your switches back up..

Link to comment
Share on other sites

Ah ok i'm with you now. I'm not sure re: the bruteforcing. I'm sure you have scoured the interwebz looking for your answer. Did you see this? http://www.tek-tips.com/viewthread.cfm?qid=555357 Looks like there is a couple of options for password recovery. One by a firmware upgrade. Another by using default passwords (they claim it works with 3300).

I've never touched 3com so sorry can't be of too much more assistance.

Link to comment
Share on other sites

Yeah, I had a look at a few articles around, most of them is about resetting the password/firmware upload etc. Ideally I'd like to find out what the password is, for reasons well, less likely to be detected for one. That's why I'd like to find out if there is a way to just throw every combination of passwords at the switch.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...