Jump to content

Hacking a router... please read

madlogik

By madlogik
in Questions

 Share

Recommended Posts

madlogik Newbie

madlogik

Posted
Posted

Hi!

I got my dirty hands on a 2wire 2700 hg-e Gateway!

(e = telus model)

I'm trying to get access to the MDC (management console)

on it but I need a password...

I tried a few without luck...

then I tried a tool called Brutus (brute forcer)

but that is making the modem reboot...

What other means can I use to get in there???

(its under the form on a web site

http://192.168.1.254/mdc

on the page there is a texbox and a button.

If wrong, you get the same page back but with a top header that says that the previous attempt was wrong.

If anyone can help me hack that b!tch up I would apreciate!

thanks

-mad

*************** EDIT ***************

I just installed AccessDiver ... seems good but I

struggle in right now.. lots of reading ...

***********************************

Link to comment
Share on other sites
SomeoneE1se Newbie

SomeoneE1se

Posted
Posted
Hi!

I got my dirty hands on a 2wire 2700 hg-e Gateway!

(e = telus model)

I'm trying to get access to the MDC (management console)

on it but I need a password...

I tried a few without luck...

then I tried a tool called Brutus (brute forcer)

but that is making the modem reboot...

What other means can I use to get in there???

(its under the form on a web site

http://192.168.1.254/mdc

on the page there is a texbox and a button.

If wrong, you get the same page back but with a top header that says that the previous attempt was wrong.

If anyone can help me hack that b!tch up I would apreciate!

thanks

-mad

*************** EDIT ***************

I just installed AccessDiver ... seems good but I

struggle in right now.. lots of reading ...

***********************************

DUDE.... what are you smoking?

if it yours you should be able to press and hold the reset button for 30 seconds to reset it... if it's not well then you shall be flamed.

Link to comment
Share on other sites
proskater123 Newbie

proskater123

Posted
Posted

ok first off your going to get this post blocked although under the forms hacking you can't put anything on her ABOUT hacking. They hate it and will block you and well ridacul you.

First off it seams that you are on the network.

Secound we can't access that ip becuase it is a local ip. we would need the wan ip.

On brutis, slow it down so it doesn't do so many passwords at once. Maby that will help if possible.

Link to comment
Share on other sites
madlogik Newbie

madlogik

Posted
  • Author
Posted

wow so I really haven't been specific enough

But I'm quite disappointed in some replies..

so Here it goes...

1: I KNOW THE USER PASSWORD BUT THE DEVICE`s MANAGEMENT CONSOLE IS LOCKED BY THE ISP. (so the hardware reset wont help.. but for the user password)

2: I am sorry for the caps but hey

- I do this for fun

- the damn thing is connected STRAIGHT TO MY PC (its not someone else`s)

- It not even My ISP, its a dsl modem and I dont even have a land line.. I just need to get access to the management console on that thing..

so I believe it is TOTALLY LEGAL for me to do this..

I simply want to bridge it with my router and use it as an access point.. but I need the mdc password..

... and I know its an internal ip .. and that you wont reach it...

(please don't .. you will just end up making it reboot!!)

I'm looking for insights.. I dont need anyone to try to "hack" into it..

I need some engineer that could tell me how to download a firmware back to the pc .. or some ex-2wire employees that have that password..

wow come on kids..

please read about my previous posts.. (only 16 but read them) and you'll see Im no bummer.. I wouldn't do anything illegal.

-mad

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted
ok first off your going to get this post blocked although under the forms hacking you can't put anything on her ABOUT hacking. They hate it and will block you and well ridacul you.

Only if you ask stupid questions, or questions that might violate the DMCA. Since the actual show is trying to go legit, they have to consider the DMCA otherwise it opens the door to lawsuits etc. Also, we don't take kindly to people trying to hack things like school networks, hotmail accounts or similar for there own gain, some of us actually are the evil admins people are trying to get around.

Secondly, this is hacking as in "I made KDE work on my iPod!".

Also, geeks tend to use insults as a way of covering up there own lack of knowledge.

Anyhoo, to have a stab at answering the original question, I used to work for a British ISP that used 2wire kit, with its own custom firmware on the devices. I know a few people there had gotten broadband threw the company and had the 2Wire stuff, and had put the original 2wire firmware on the device, removing the BT Branding and locks. BUT YMMV, AND YOU MIGHT BREAK IT.

I've had a brief Google for the password you require, but nothing shows up, have you tried searching for the password you need? Do you know if its specific to your device? Or generic to the whole line of that device?

Link to comment
Share on other sites
DeGrijze Newbie

DeGrijze

Posted
Posted

Sorry this good sound a bit dom, but the last time i visit my fam: in Canada I logt on to the MDC of there TELUS internet connection router with a telnet session on defaultgateway ip adress using the standard Admin (login name) and Admin (password)login.

So dit you tried that?

:?

Gerard

Link to comment
Share on other sites
madlogik Newbie

madlogik

Posted
  • Author
Posted

it is the 2wire 2700 hg-e (e= telus model)

It is a custom firmware

the user level password is telus

(you can change it .. but if you hard reset the device it will be back to telus)

I did an nmap scan on it , and I ran a nessus full assessment test on it.

2 open ports

80

443

nessus didn't find any holes or vulnerabilities.

I tried an 8 meg wordlist on the form of the MDC login but nogo

(using: accessdiver)

with brutus: nogo ... even at lowest speed.. 1 connection max...

after 3 tries the modem reboots

the same reboot would happened if you manually fail 3 times .

yeah .. I tried admin as on of the words in the 8 meg file ;)

fyi: i did try all of the defaults.. (http://www.phenoelit.de/dpl/dpl.html)

I guess my only hope is to find a way to DUMP the current firmware ...

Does anyone have any expertise in that field?

thanks

-mad-

ps: I understand the need to be legit...

curiosity has never been a crime.

and... where there's will... there's a way!

***EDIT***

for me ... hacking = making it do something it wasn't built for, or in a way they never thought about!

definitions of abstract terms:

for it = the thing / project;

for they = the developers / inventors;

For I = not the inventor of the thing, but a frustrated user in some way;

***EDIT***

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

If the ISP locked the thing, you should probably post which ISP that is as the password will most probably be specific to their firmware. Oh, and is there a download link for that firmwhere somewhere? A quick 'strings <filename>' might do wonders.

Link to comment
Share on other sites
Rivernet1 Newbie

Rivernet1

Posted
Posted

Okay, since these were not mentioned...

Have you tried:

admin/[blank]

admin/admin

admin/<serial number>

admin/service

It sounds too easy, but sometimes the most hardest of things, require an easy solution.

Also, you might want to check your AUP - if the provider finds out you're tampering with the MDC and the modem tells them that, you're going to have a lot of explaining to do.

Also it would help us all if you included:

Modem manuf, type, provider

Good luck.

Link to comment
Share on other sites
UsernameDisplaynameLame Newbie

UsernameDisplaynameLame

Posted
Posted

This is an interesting topic because locking mobile phones, handheld consoles, etc is really annoying and just a way for the retailer to "force" you to keep to their network/service (i.e. you can't sell it later to other people unless they want the same provider).

I have a similar problem involving my Navini wireless modem, which is locked to one of Unwired (an ISP in Australia) re-sellers called Exetel (also an ISP in Australia).

Basically, Exetel have locked the modem to their network and I am no longer with them. Now I have this modem that can only be used on their network, whereas other Unwired re-sellers don't do this.

What's really funny is; Exetel offered to buy it back from me for $30 (when I paid $150+ initially). I didn't agree with that offer and a month later they called "out of the blue" and offered $35. Another month later they offered $45..

<rant> I own the equipment and will hack it to bits before they get their hands on it! :D </rant>

So if anyone knows of Navini "hacks" out there, be sure to let me know.

Link to comment
Share on other sites
Sinner Newbie

Sinner

Posted
Posted

90% of the time IPS's use the MDC to remotely manage the router as in if you callin and have problems which is funny because access to every 2wire modem is hosted "off site" of the isp. Yeah really good secutiry there

you are also able to use the MDC as a customer. Sadly it hardly ever works....just like everything else about 2wire products (yes they are peices of shit) If i remeber correctly and that is a shot in the dark @ times. that password would have been your drylin or land line phone number.

Theory is most user's would never have to do more then use then type home in the browser window to configure.

If you are just looking to mess with the wifi on you dont need the MDC for that.

Link to comment
Share on other sites
renegadecanuck Newbie

renegadecanuck

Posted
Posted

Umm, to all those posing links to "default password" sites, and saying things like "try admin/admin" or "try admin/password", if you actaully READ madlogiks post, hes tried all the defaults. That generally includes the admin/admin, admin/[blank], etc.

Plus Telus may be stupid, but they're not THAT stupid.

Madlogik, check the PM I sent you.

Link to comment
Share on other sites
  • 1 month later...
ELStorey Newbie

ELStorey

Posted
Posted

found on a dslreports.com forum in the dark corners under a rock

the mdc password for the 2wire 2700HG-E (E Meaning Telus)

http://ip-of-your-router/mdc (if default http://192.168.1.254/mdc)

the password the entire underground has been looking for is:

dr@cul@! <----------- LOL @ telus! for trying to be L33T

dracula! for those who are hard of seeing.... with a's substutited with @'s (at)

Cheers!!!!

ELStorey

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...