You can reset ZTE router with the button or Web-Based Configuration Utility.
Zxhn H108N Series Password Or YourIf you cannot remember the routers username and password or your login credentials stop working, you must reset your ZTE router.
Reset delete all internet or and wireless settings on your device (IP addresses, DNS details, WiFi password, etc). It will only change all settings (Like IP addresses and DNS etc) back to factory defaults. Zxhn H108N Series Download Any SoftwareYou dont need to download any software or tool for this method. So you must find the right login details such as IP address, Username, and Password to reset your router. Zxhn H108N Series Crack These AccountsNext, we will attempt to crack these accounts just because we can actually, we have to do this to provide a proof of concept, again, I try to deal with everything as if we are performing a real scenario. Part Two: Web-Shell and Secrets In part one, I left you with access to the shell as root, but I deliberately didnt explain what to do next, but now I think it is time to dig deeper into this poor router. In part two, we will: Discuss some commands on the router interface. Exploring the file system, searching for something interesting (web-shell). Explore the backup files to obtain all the accounts and some very sensitive information. Backup the user configuration, and decompress them to be used in further attacks. And finally, copy files from the router to your machine using FTP. Disclaimer: I shall not be held liable to and shall not accept any liability, obligation or responsibility whatsoever for any loss or damage may be caused by applying or implementing the attacks andor commands describe hereunder. The information provided here is for educational purpose only, and you are not allowed to use any of these techniques to attack or even probe others, which if done, by-low this can be considered a crime. Warning: I highly recommend you to backup both your user configuration and default configuration from the web user interface. ![]() Once you get the command-line prompt, we need to enable the privileged command, to do that you should use the command enable. The password zte The prompt should change to from CLI to CLI The question mark ( ) will list all the available commands in this mode. As you can see, there are 13 commands available, the first 3 commands (allgreenledon, allledoff and allledon), are related to LEDs testing on the router, you can play with these commands as you which, to reset everything just reboot by using the command reboot. Warning: be careful with the reset or restoredefault commands as they will reset your device to the default settings, something that you may not want to happen. Configure Terminal Next, we have the configure command, which will take you to the configuration mode, this is how we we use it: configure terminal. ![]() The prompt should change to CLI(config) Now, if we enter a question mark ( ) we will see three commands: Access to configuration of the terminal. As mentioned earlier, I wont explain everything, because everything at this stage is simple and self-explanatory. Exploring the File System OK, lets move on to the shell, once you are in the privileged command mode, you can issue the shell command, did you notice that it is a hidden command The username and password are both root, once in the prompt will change to and you can see the banner of BusyBox. You can find many interesting files here, but having the web-shell for now is more than enough, oh and by the way, if you didnt notice already, this is a backdoor Web-shell file. ZXHN H108N Router Web-Shell Open your web browser and go to webshellcmd.gch Accessing the web-shell. Alright, you can enter any Linux command where it says please input shell command:, and press on the Submit button to issue the command. Now, lets try something interesting: Command: cat etcpasswd (copy the results in notepad, and save it on your desktop as passwd without extension), as you can see, the passwords are stored in the shadow file, so let us explore that one as well. Command: cat etcshadow (copy the results in notepad, and save it on your desktop as shadow without extension), one important thing to notice here is the root password which was encrypted using DES (hence the 13 characters hash).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |