最近,我得到了(Canoga-Perkins 9145E-104)媒体转换器/ NID。
给我的朋友在当地的CLEC工作,并为我提供了升级等方面的各种免费工具。
我以为设备上的重置按钮会重置管理密码,但是不会重置。当我打电话给Canoga-Perkins支持人员时,他们实质上说该装置就像一个挂锁。必须将其发送给他们以重置密码。当然,我没有听,而是弹出装置的顶部查看是否有CMOS电池或用于清除NV-RAM的跳线。我的努力是徒劳的。
I do however have console access via COM-port (username/password locked) and it doesn't seem like there is any restriction for password attempts.
I talked to the friend that gave it to me to ask if he knew what the password might be. He said it was from before they moved to AAA servers and most likely had a simple 4-6 digit alpha numerical password.
So my thought was this:
Use crunch, or another dictionary-creating script to make a dictionary to try. However, I'm not sure how to pipe this to the COM-port in Windows or Linux. I am open to any solution with any Distro.
Does anyone have any ideas on a way I could accomplish this task?
Edit:
I found a very similar post, for sending commands over serial connections.
Echo/Pipe command output to Serial line
The user AFH gave some suggestions in the comments there. I'll have to do some reading, as I have no idea how to work out what he is describing.
Edit-2: I had some time to mess with this last night, you can pipe right to ttyUSB0 using minicom. I tested it on Ubuntu and Kali Linux. Using "crunch 4 4 abcd | sudo minicom" Because the device prompts for a username & password. I will have to write the dictionary to a file, parse the file adding a "admin" in-between every password attempt. And most likely figure out how to slow the output down a little bit. I have a friend thats a professional programmer, he said he can write me a program to parse the file adding the admin lines. The only thing left after that is to figure out how to read from the modified file and send it over minicom to the NID.
If you are trying this on ubuntu,
"sudo apt-get install minicom". Use your favorite search engine and follow a online guide to get crunch on your specific version of Ubuntu.
I installed Kali rolling on a old netbook to dedicate it to this task. Its specs are 2x 1.8ghz hyper-theading cores & 2gb ram, You won't require much. If your not into manually installing packages, I'd recommend you go the Kali Linux path. Kali has everything pre-installed that you need for this. It took me about 20 mins after creating the bootable USB to complete fresh-install.
You need to connect the USB to Serial adapter and find out which serial port it is logically attached to.
Type in "dmesg | grep USB" at the terminal.
you should see something similar to this:
You may need to "chmod 777 /dev/ttyUSB0" depending on permissions, distro etc. In Kali i didn't have to do this. You will know if you need to do it if you cant save the settings in minicom.
This depends on the serial device, mine was the classic
Check your devices manual for its serial settings to connect via console. Make sure to save your config in minicom as default after you exit and confirm its working.
If your device only prompts for a password, you are in luck. you just need to;
"crunch 5 5 abcdefghijklmnopqrstuvwxyz0123456789 | minicom" Use whatever parameters suite your password needs. If your device needs a username and password, or you find that the output needs to be slowed down some. read on...
Depending on what crunch is installed on, and how you setup your Linux Distro initially. You may need to execute it with "sudo ./crunch", "./crunch" or in Kali just "crunch" from the terminal. Create a password list and write to to a file. example "crunch 5 5 abcdefghijklmnopqrstuvwxyz0123456789 -o input.txt". Type man crunch on the Kali terminal for extended instructions.
If you remember any portion of the password, you can significantly reduce the time it would take to unlock your device. There are specific options for this in crunch. Search online for tutorials on the advanced functions of crunch if you are interested.
So, after you run crunch with whatever options suited your needs. You should now have a dictionary file named input.text in your root directory.
Copy the python script into a new file. For simplicity, name it "add-user.py" and put it in the root directory. Open up a terminal window and "chmod 777 add-user.py". This will give it read/write access and allow you to execute the script. do a "ls -la", the script should be green in the list. (in kali and ubuntu).
You can now execute the script with, "sudo ./add-user.py" or "./add-user.py". Just make sure the input.txt file is in the same directory and you should be good. Running the script on my poor old netbook took about 35 mins with all lowercase alpha-numeric with 5 digits total.
This part is pretty easy, "cat w-user-output.txt | minicom"
that's basically it. but a couple things should be noted, if you are doing a large dictionary, you may want to tinker with how the script prints its output.starting a count in the "for" loop and printing a line update every 50 loops, would speed the script up a bit. also note that in my case, a blank line was interpreted by minicom as a user hitting enter, this allowed me to modify the script to make three blank lines after each attempt. this slowed the output down a little and ensured that it was synchronized with admin first, password attempt second.
EDIT: The three blank lines didn't work. In-between writing this and coming back to check on cracking progress, I found the conoga perkins box user/passwords were being sent out of sync. This is the proper way to slow it down if you need to:
在根目录中创建一个新文件,将其命名为“ slowdown”。编辑文件,然后输入以下内容。
从终端执行“ chmod + x slowdown”。
您现在可以运行“ cat w-user-output.txt | ./slowdown | minicom”。将bash脚本中的sleep命令调整为您认为设备可以处理的最快速度。
我要感谢史蒂夫(Steve)在深夜喝啤酒的过程中忍受了与编程有关的问题,并且即使在抱怨C#的使用难度的同时,也继续用python对其进行编程。还要特别感谢“ Pimp Juice IT”和“ AFH”这两个用户,他们在路障时都给了我不错的建议。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句