Hello I did this for fun only. Nothing really special, this is just a story (a true one) Setup OK, I have a ZTE router: ZXHN H108N, that is I am connected to using wlan0 interface (wireless), and the gateway is 192. Swift Shader 5.0 there. 168.1.1, the goal is to gain access to the shell! I am (recently only) running Mint 16, not Kali, not BT5 and of course not Mickey Mouse (Windows)! Reconnaissance and Footprinting Note: as this is my router I didn't have to worry about hidding (going anonemous) by changing MAC address and so on.

Sep 07, 2012 [Other] Ξεκλείδωμα ZTE ZXHN H108L - How to unlock ZTE ZXHN H108L - Telnet; Login Form. To username μας λοιπόν είναι forthnet. ΖΤΕ ZXHN H108N V2.5. Μόλις κανεις Login απο telnet δλδ αμα γραψεις ls σου βγαζει τους φακελους.

But I would recommend doing so if you are pentesting/hacking someone! So first thing to do is to scan the ports and OS banner (to determine the OS) and so on! For that I used nmap. Nmap -F 192.168.1.1 -O Starting Nmap 6.40 ( ) at 2014-06-20 00:03 EEST Nmap scan report for 192.168.1.1 (192.168.1.1) Host is up (0.0035s latency). Not shown: 97 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 443/tcp open https MAC Address: 54:22:F8:16:67:1F (zte) Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.30 Network Distance: 1 hop OS detection performed.

Here is a complete list of ZTE router passwords and. Finding your ZTE router's user name and password is as. ZXHN F620: admin: admin: ZXHN H108N: admin. Hacking ZTE router (ZXHN H108N). Telnet access (opened) CLI; Username; I need the password! For no reason I decided to write my own tool to crack the.

Please report any incorrect results. Nmap done: 1 IP address (1 host up) scanned in 2.32 seconds I used a fast scan (-F option) for no reason really, I could do a full TCP scan or even include UDP. But I would like to keep things. So as you can see the OS is Linux 2.6.9-30 and there are three ports opened. And holy crap this router is running Telnet!!! This should be fun (and it was!) Gaining Access So the next thing is to try and connect to the router via Telnet, so I did the following.

Ligeti-Studio-1558 ~ # telnet 192.168.1.1 Trying 192.168.1.1. Connected to 192.168.1.1. Escape character is '^]'. ************************************************************ Welcome to the world of CLI!

************************************************************ Username:root Password: CLI>Wavelab 6 Full Crack on this page. ? Exec commands: enable Turn on privileged commands. Exit Quit from telnet. Ping Ping the destination. CLI>enable Password: Explanation: • I connect to 192.168.1.1:23 (telnet). • I enter the user name and password (root/public).

• I see CLI>prompt (similar to Cisco routers) so I try '?' • I see enable command, which switch the CLI to config mode. The Attack 0x01 And now I need the password to enable the config mode, I tested some passwords manually, and I guessed it successfully after few attempts, BUT. Let's try brute-force the damn thing The password is alphanumeric, so my charset will be. CLI>enable Password: CLI#? Exec commands: allgreenledon set all green led on allledoff set all led off allledon set all led on configure Enter configuration mode.

Disable Exit from privilege mode. Exit Quit from telnet.

Macaddr show or set mac address ping Ping the destination. Reboot Reboot device. Reset reset device restoredefault Reset to factory configuration. Serialnumber get or set SN swversion show software version CLI#shell ZXHN H108N Login: root Password: Password is incorrect Password: Password is incorrect Password: BusyBox v1.01 (2013.07.10-) Built-in shell (ash) Enter 'help' for a list of built-in commands. # I don't want to make this thread any longer, I know that the subject is boring, but. I had to share (for a very good reason) So the username and the password for the shell is root:root (easy eh?) Conclusion If your router is using Telnet. Get another one!

If it does use SSH check the version and security! Be very careful with these issues, a misconfigured network device can be the worse nightmare one can have if a hacker find out about it! So always check and double check your network configuration and devies you use! Thank you and please leave your comment[s] or question[s] [note] If you are interested in this topic please check my other thread. (, 12:03 AM)chmod Wrote: Another interesting read, I'm sure I have an old telnet enabled router laying around somewhere.