Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
password retrieval using winhex
#21
(23-05-2017, 11:16 PM)doctor Wrote: 77megs compressed , 135 meg uncompressed.

i did ask for it. AngelBig Grin
Reply
#22
(23-05-2017, 11:16 PM)doctor Wrote: 77megs compressed , 135 meg uncompressed.

hi, so I inspected the file. It's your bin file - not the log.

Can you upload your log output?
Reply
#23
Quote:name rogcesadmin
password admin
enable admin true

name cusadmin
password user1
enable user1 true

name rmadmin
password user2
enable user2 false

name user3 technician
password user3
enable user3 false

auth
enable false

lots of interesting stuff in there, no idea if useful
ssh, telnet all false on lan side
__________________________________________________________________________________
******new discord chat link https://discord.gg/5BQQbsb*******
Reply
#24
(24-05-2017, 01:40 AM)drewmerc Wrote:
Quote:name rogcesadmin
password admin
enable admin true

name cusadmin
password user1
enable user1 true

name rmadmin
password user2
enable user2 false

name user3 technician
password user3
enable user3 false

auth
enable false

lots of interesting stuff in there, no idea if useful
ssh, telnet all false on lan side

This guy is the real MVP.
Reply
#25
Quote:fw
local
management
rule telnet false
fw
local
management
rule ssh false


Quote:snmp
enable true
snmp
enable
lan false
snmp
enable
wan true
__________________________________________________________________________________
******new discord chat link https://discord.gg/5BQQbsb*******
Reply
#26
guys thanks for taking the time to look at the bin file. Ya there are lots of goodies within the bin but I would like to be able to access those extra menus and hidden features. I understand the isp will not give out their passcode due to the fact customer can actually screw the cm up and probably brick it.

So Drewmerc the big question is can i telnet or ssh into the modem. Im assuming false means NO . Im going to try those usernames and passcodes right now and see if i can get in.

occalifornia you used the abbreviation OP , had to google that , i thought you thought my user name was OP.
Reply
#27
i'd give it a go simply hex editing false to true and reflashing
only problem is the different character lengths, putting a space after true may work or a linefeed 0A in hex
__________________________________________________________________________________
******new discord chat link https://discord.gg/5BQQbsb*******
Reply
#28
i used the replace feature and replaced all the false to true(0a). can you guess how many replacements there were? close to 3,500. With that being said modem didnt power up after that. I think i will just do a few areas where I think it will play an important roll. Btw whats the difference between 0A and 00 they both produce a dot .
Reply
#29
(25-05-2017, 01:35 AM)doctor Wrote: i used the replace feature and replaced all the false to true(0a). can you guess how many replacements there were? close to 3,500. With that being said modem didnt power up after that. I think i will just do a few areas where I think it will play an important roll. Btw whats the difference between 0A and 00 they both produce a dot .

You should only be replacing "true" for the segments that affect your ability to use a particular credential.

There are numerous other instances in the bin where boolean logic controls how the system functions and setting them all to false will cause it to enter a non-functional state.
Reply
#30
(24-05-2017, 03:42 AM)doctor Wrote: occalifornia you used the abbreviation OP , had to google that , i thought you thought my user name was OP.

Means original post/poster, not to be confused with original prankster although it applies sometimes.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)