Could An Admin Sent Me A Private Message - Printable Version +- Haxorware Forums (http://www.haxorware.com/forums) +-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6) +--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7) +--- Thread: Could An Admin Sent Me A Private Message (/showthread.php?tid=2668) |
RE: Could An Admin Sent Me A Private Message - southernyankey1970 - 20-07-2013 (20-07-2013, 12:52 PM)Box3r Wrote: the only reason i said about the PM's because ive seen alot of post's about the Telnet Hack not being posted to the public i didnt really want to break the mold hense the PM's , I thought it was the telnet hack that would help me get onto d1.1 macs Guess Not Forget you ever read that post or any other post about it. Only a few know it and you do not need it anyways. Study the provisioning process at cisco.com and read your bootlogs. There are lots of ways in, just not any EASY ways in. What works for me won't do shit for you and vice versa...that's the secret of D3 security now. It's different in every area now...no more Freetards suckin up all the b/w overhead anymore. RE: Could An Admin Sent Me A Private Message - dragonlord7791 - 20-07-2013 blaha blaha telnet hack blah blah just to drive people crazy and a lot of anal sex where fuck is it this telnet crap??? RE: Could An Admin Sent Me A Private Message - joejoe402012 - 20-07-2013 good place to start is http://www.cisco.com/en/US/tech/tk86/tk89/technologies_white_paper09186a008025c169.shtml RE: Could An Admin Sent Me A Private Message - Box3r - 20-07-2013 by the bootlog u mean putty log ? , ill read that page now thank you guys RE: Could An Admin Sent Me A Private Message - slave - 21-07-2013 1. there is no any telnet hacks... 2. snmp on isp working as R/W using upper public and lower private pass from the config 3. if isp wants to disable config passwords he can do it and use second private pass from... 4. getting the second private pass is easy no need any tools shuch as dvb-c or atsc docsis sniffer 5. snmp on many isp could be disabled by ICMP filter isp could disable completly ping other devices on its network from 10xxxx range by adding ACL filters into the cmts config 6.there is a way... to bypass icmp filters/firewalls using cable modem by removing ipstacks from it and assigning to NIC network card at this case the docsis vendor must be added/modiffied on NIC card everything is available by studiyng and testing... network is not such secured as many other crypto devices the reason is everything is keept private and not posted on public sites is simply everything called as private will stay infinity RE: Could An Admin Sent Me A Private Message - ABMJR - 21-07-2013 Never make a statement you cant be 100% sure of. @ # 1. Private String is never in config. Private string is SSH to Network Elements (Field CM's). SNMP is alive and well. RE: Could An Admin Sent Me A Private Message - Box3r - 21-07-2013 ABMJR is there any chance you could help me get on d1.1 macs ? point me in the right direction RE: Could An Admin Sent Me A Private Message - slave - 21-07-2013 (21-07-2013, 03:12 PM)ABMJR Wrote: Never make a statement you cant be 100% sure of. @ # 1.this about what i wrote here is my and my friend private experience about network if you sure about what you say then tell me please about what exactly password you talking to be clear... ? the reason why i asking you is because i know exactly 2rd private password of my isp at first - maybe in your network there is no private password in config file but on other networks it is... we can write using those pass for example mac to the modem (a pass from the config lowwer) there is another password unique for modem manufacturer and this pass is sent before modem update begin i have it... and its also easy to read so clarify please about what exactly password you talking ? to manage the modem over snmp password - modem must know that password first and is this password about what i talking a private password for controll network elements could be a cmts snmp password there is... public (to watch cmts details) and private (to change cmts details) is this what i discover with some help of some friends also second thing which i was trying to explain you since 2 months is my isp have disabled icmp ping on any devices on its network from customer side (this means you cannot ping cmts... you cannot arp you cannot ping second neighbour modems because ICMP is filtered) also if icmp filtered you cannot use any kind of snmp yourself using your hacked modem with ipfilters disabled there are ACL filters turned on cmts to bypass hackers manipulations on isp network devices also... my isp use snmp only for update cable modems the rest things is managed via VPN added: modems in my network are beetwen isp firewall how many times i need to tell you that untill you understand me i am not liar and this what i wrote is just experience this is not story paste from somebody here RE: Could An Admin Sent Me A Private Message - slave - 22-07-2013 i forget to add something those private passwords manufacturer modem type to use them as for certificates read you need a modem with factory mode on isp do not need to see private details of certificates only public details are exchanged beetwen cmts so there is no oid writen by manufacturer which allow you to read certs if modem do not have factory mode on the reason that ISP can overwrite the modem software using manufacturer private pass is.... because there are enterprises oids added to the config by ISP those enteprises oids will allow you to write details to the modem specified in config as enterprise by sending second oid to the modem is thats how isp update firmware without factory mode on using enteprise oids detailed in config you can write anything you want to the modem with factory mode off - if previously config have valid permissions added theoritically you can write some enterprise oid for allow you to read private keys from modem even if is with factory mode off and after sent externall oid will do that job but how you will pool your patched config to second neighbour modem i dissasembly sb5101 firmware and look at factory mode stage there are some calls from uart receiver only.... there are not any externall calls from network port this means factory mode on cannot be turned on remote by any issuer including isp also by creating some of enteprise oids into the config you can turn off/on telnet/ssh web on cable modems is this how isp manage the modems without factory mode on as for example if you call to isp and say my modem freeze reboot etc... he prepare for you diagnostic config (with enterprise oids included) sent it /reboot or no reboot if config is dynamic and after he can manage it completly as R/W so basically the ^key^ for open modems can be only specified in config as enterprise i didnt have enterprise oid for allow you to read certs from the modem... i didnt enter to that stage yet and even doubt i will try to enter... the reason is simply you cannot pool your config to victim modem config remote RE: Could An Admin Sent Me A Private Message - drewmerc - 22-07-2013 i can only think of 1 reason why you would want d1.1 macs as all d1 macs on our isp, as all are for stb boxes and are little to no use for internet the 1 reason is simple old d1 exploits should still work in theory (tho to there credit they have done a good job mitigating said attacks using every option available) |