Re: Nortel Contivity password

[<ed.rudek () dbopt com>]

In-Reply-To: <20030905230854.GA4575 () spoofed org>

We have recovered over 20 administrator usernames and passwords from Nortel Contivity switches and offer this as a 
service. Specifics are outlined in the following URL:
http://www.dbopt.com/contivity-password.htm
or you may email us at info () dbopt com

Best Regards,
Ed

> On Fri, Sep 05, 2003 at 03:49:00PM -0000, Jim Brezicky wrote:
> > Good Morning all,
> >
> > I rccently changed the admin password on my Nortel Contivity 2600, well as 
> > luck would have it I must have written it down wrong. 
> >
> > Does anyone know if it's recoverable, and if so how. I've checked the web 
> > and haven't been able to find anything so far.
> >
> > Any tips or suggestions would be greatly appreciated.
>
> I was in a similar position a while back, but not with a Nortel Device.
> The root password to a very important machine got changed, but it wasn't
> remembered by the admins correctly.  There was no easy physical access
> to the machine and ssh was the only way of connecting remotely.
>
> Since I was the one who fudged the password, I had a reasonably good
> idea of how I could've screwed up.  I tossed together some quick perl
> and expect code, and I was in relatively quickly.
>
> Basically, the perl code, given a list of possible mistypes for each
> character in the password, will enumerate all possible passwords.  These
> are then piped to the expect script, which attempts to connect to the
> remote machine and run 'id'.  
>
> Since your device doesn't have SSH access, you'll have to cobble
> something together to pipe the possible passwords to the web interface.  
>
> I'm attaching the scripts I used to this mail.  Sure, they are ugly and
> hackish, but drastic times call for drastic measures :)
>
> Good luck,
>
> -jon
>
> --liOOAslEiF7prFVr
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment; filename="unfoo.pl"
>
> #!/usr/bin/perl
>
> $a = "";
> $b = "";
> $c = "";
> $d = "";
> $e = "";
> $f = "";
> $g = "";
> $h = "";
> $i = "";
> $j = ""; 
>   
> foreach $A (split(//, $a)) {
>   foreach $B (split(//, $b)) {
>      foreach $C (split(//, $c)) {
>         foreach $D (split(//, $d)) {
>            foreach $E (split(//, $e)) {
>               foreach $F (split(//, $f)) {
>                  foreach $G (split(//, $g)) {
>                     foreach $H (split(//, $h)) {
>                        foreach $I (split(//, $i)) {
>                           foreach $J (split(//, $j)) {
>                             print "$A$B$C$D$E$F$G$H$I$J\n";
>                           }    
>                        }   
>                     }
>                  }
>               }
>            }
>         }
>      } 
>   }
> }
>
> --liOOAslEiF7prFVr
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment; filename="unfoo.exp"
>
> #!/usr/bin/expect
> set password [lindex $argv 0]
> spawn ssh root@server "id"
> expect {
> assword: { send $password\n;
>           expect {
>            -re "denied" exit 
>           }
>         }
> }
>
>
> --liOOAslEiF7prFVr
> Content-Type: text/plain; charset=us-ascii
>
> ---------------------------------------------------------------------------
> Captus Networks 
> Are you prepared for the next Sobig & Blaster? 
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
> - Precisely Define and Implement Network Security 
> - Automatically Control P2P, IM and Spam Traffic 
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
> http://www.captusnetworks.com/ads/42.htm
> ----------------------------------------------------------------------------
> --liOOAslEiF7prFVr--

---------------------------------------------------------------------------
----------------------------------------------------------------------------