Security Basics mailing list archives
Re: Nortel Contivity password
From: Jon Hart <warchild () spoofed org>
Date: Fri, 5 Sep 2003 19:08:54 -0400
On Fri, Sep 05, 2003 at 03:49:00PM -0000, Jim Brezicky wrote:
Good Morning all, I rccently changed the admin password on my Nortel Contivity 2600, well as luck would have it I must have written it down wrong. Does anyone know if it's recoverable, and if so how. I've checked the web and haven't been able to find anything so far. Any tips or suggestions would be greatly appreciated.
I was in a similar position a while back, but not with a Nortel Device. The root password to a very important machine got changed, but it wasn't remembered by the admins correctly. There was no easy physical access to the machine and ssh was the only way of connecting remotely. Since I was the one who fudged the password, I had a reasonably good idea of how I could've screwed up. I tossed together some quick perl and expect code, and I was in relatively quickly. Basically, the perl code, given a list of possible mistypes for each character in the password, will enumerate all possible passwords. These are then piped to the expect script, which attempts to connect to the remote machine and run 'id'. Since your device doesn't have SSH access, you'll have to cobble something together to pipe the possible passwords to the web interface. I'm attaching the scripts I used to this mail. Sure, they are ugly and hackish, but drastic times call for drastic measures :) Good luck, -jon
Attachment:
unfoo.pl
Description:
Attachment:
unfoo.exp
Description:
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Nortel Contivity password Jim Brezicky (Sep 05)
- Re: Nortel Contivity password Mark Acker (Sep 05)
- 802.1x Cutequyz (Sep 08)
- RE: 802.1x Kim Oppalfens (Sep 08)
- RE: 802.1x Chris Locke (Sep 08)
- 802.1x Cutequyz (Sep 08)
- Re: Nortel Contivity password Mark Acker (Sep 05)
- Re: Nortel Contivity password Jon Hart (Sep 08)