Haxorware Forums
password retrieval using winhex - Printable Version

+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: password retrieval using winhex (/showthread.php?tid=4657)

Pages: 1 2 3 4


RE: password retrieval using winhex - occalifornia - 23-05-2017

(23-05-2017, 11:16 PM)doctor Wrote: 77megs compressed , 135 meg uncompressed.

i did ask for it. AngelBig Grin


RE: password retrieval using winhex - occalifornia - 24-05-2017

(23-05-2017, 11:16 PM)doctor Wrote: 77megs compressed , 135 meg uncompressed.

hi, so I inspected the file. It's your bin file - not the log.

Can you upload your log output?


RE: password retrieval using winhex - drewmerc - 24-05-2017

Quote:name rogcesadmin
password admin
enable admin true

name cusadmin
password user1
enable user1 true

name rmadmin
password user2
enable user2 false

name user3 technician
password user3
enable user3 false

auth
enable false

lots of interesting stuff in there, no idea if useful
ssh, telnet all false on lan side


RE: password retrieval using winhex - occalifornia - 24-05-2017

(24-05-2017, 01:40 AM)drewmerc Wrote:
Quote:name rogcesadmin
password admin
enable admin true

name cusadmin
password user1
enable user1 true

name rmadmin
password user2
enable user2 false

name user3 technician
password user3
enable user3 false

auth
enable false

lots of interesting stuff in there, no idea if useful
ssh, telnet all false on lan side

This guy is the real MVP.


RE: password retrieval using winhex - drewmerc - 24-05-2017

Quote:fw
local
management
rule telnet false
fw
local
management
rule ssh false


Quote:snmp
enable true
snmp
enable
lan false
snmp
enable
wan true



RE: password retrieval using winhex - doctor - 24-05-2017

guys thanks for taking the time to look at the bin file. Ya there are lots of goodies within the bin but I would like to be able to access those extra menus and hidden features. I understand the isp will not give out their passcode due to the fact customer can actually screw the cm up and probably brick it.

So Drewmerc the big question is can i telnet or ssh into the modem. Im assuming false means NO . Im going to try those usernames and passcodes right now and see if i can get in.

occalifornia you used the abbreviation OP , had to google that , i thought you thought my user name was OP.


RE: password retrieval using winhex - drewmerc - 24-05-2017

i'd give it a go simply hex editing false to true and reflashing
only problem is the different character lengths, putting a space after true may work or a linefeed 0A in hex


RE: password retrieval using winhex - doctor - 25-05-2017

i used the replace feature and replaced all the false to true(0a). can you guess how many replacements there were? close to 3,500. With that being said modem didnt power up after that. I think i will just do a few areas where I think it will play an important roll. Btw whats the difference between 0A and 00 they both produce a dot .


RE: password retrieval using winhex - occalifornia - 25-05-2017

(25-05-2017, 01:35 AM)doctor Wrote: i used the replace feature and replaced all the false to true(0a). can you guess how many replacements there were? close to 3,500. With that being said modem didnt power up after that. I think i will just do a few areas where I think it will play an important roll. Btw whats the difference between 0A and 00 they both produce a dot .

You should only be replacing "true" for the segments that affect your ability to use a particular credential.

There are numerous other instances in the bin where boolean logic controls how the system functions and setting them all to false will cause it to enter a non-functional state.


RE: password retrieval using winhex - McAdams - 29-05-2017

(24-05-2017, 03:42 AM)doctor Wrote: occalifornia you used the abbreviation OP , had to google that , i thought you thought my user name was OP.

Means original post/poster, not to be confused with original prankster although it applies sometimes.