Security Basics mailing list archives
Re: Nortel Contivity password
From: <ed.rudek () dbopt com>
Date: 11 Dec 2003 13:05:01 -0000
In-Reply-To: <20030905230854.GA4575 () spoofed org> We have recovered over 20 administrator usernames and passwords from Nortel Contivity switches and offer this as a service. Specifics are outlined in the following URL: http://www.dbopt.com/contivity-password.htm or you may email us at info () dbopt com Best Regards, Ed
On Fri, Sep 05, 2003 at 03:49:00PM -0000, Jim Brezicky wrote:Good Morning all, I rccently changed the admin password on my Nortel Contivity 2600, well as luck would have it I must have written it down wrong. Does anyone know if it's recoverable, and if so how. I've checked the web and haven't been able to find anything so far. Any tips or suggestions would be greatly appreciated.I was in a similar position a while back, but not with a Nortel Device. The root password to a very important machine got changed, but it wasn't remembered by the admins correctly. There was no easy physical access to the machine and ssh was the only way of connecting remotely. Since I was the one who fudged the password, I had a reasonably good idea of how I could've screwed up. I tossed together some quick perl and expect code, and I was in relatively quickly. Basically, the perl code, given a list of possible mistypes for each character in the password, will enumerate all possible passwords. These are then piped to the expect script, which attempts to connect to the remote machine and run 'id'. Since your device doesn't have SSH access, you'll have to cobble something together to pipe the possible passwords to the web interface. I'm attaching the scripts I used to this mail. Sure, they are ugly and hackish, but drastic times call for drastic measures :) Good luck, -jon --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="unfoo.pl" #!/usr/bin/perl $a = ""; $b = ""; $c = ""; $d = ""; $e = ""; $f = ""; $g = ""; $h = ""; $i = ""; $j = ""; foreach $A (split(//, $a)) { foreach $B (split(//, $b)) { foreach $C (split(//, $c)) { foreach $D (split(//, $d)) { foreach $E (split(//, $e)) { foreach $F (split(//, $f)) { foreach $G (split(//, $g)) { foreach $H (split(//, $h)) { foreach $I (split(//, $i)) { foreach $J (split(//, $j)) { print "$A$B$C$D$E$F$G$H$I$J\n"; } } } } } } } } } } --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="unfoo.exp" #!/usr/bin/expect set password [lindex $argv 0] spawn ssh root@server "id" expect { assword: { send $password\n; expect { -re "denied" exit } } } --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --liOOAslEiF7prFVr--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Nortel Contivity password ed.rudek (Dec 11)