1. Lupa Password Zte F660

I own a ZTE F660 wifi modem. The problem is that I don't know the password to access the configuration page (192.168.1.1), because it is.

Да добавя на чист български, че нито ми се превежда, пък и очаквам @ teou да ме извини ако наплива от уйски айпита е прекален, но
Впрочем: bay.uy си го взех да си се кефя на нещо българско и родно оттатък голямата вода
------------------------------------
The case: Cracking telnet (port 23) admin password to gain benefits of 'owning' your modem.
Hardware modem provided by ISP: ZTE F660
ISP: ANTEL (Uruguay)
Network: FTTH PON
Situation: The local ISP (ANTEL) provide one user password to access very basic modem features which are:
useruser
..and for the techie install stuff they give another one:
instaladorwwzz2233
which is loaded with a little bit more stuff, but we hack right?!
We need all functionality to belongs to us!
Before researching I try known well hacks without success.
http://192.168.1.1/web_shell_cmd.gch
http://192.168.1.1/hidden_version_switch.gch
http://192.168.1.1/manager_dev_query_t.gch
No way and not work at all!
I run an nmap to find what is running and what ports are open!
(look the provided archive and 10x to Gaston Asudrian for the modem)
So basically this is the proceedment of mine (cleverness is not blindness), but you know that too right!?
Use at your own risk!
1. Found a good Telnet (Bruteforce) Password Cracker.
I use the excellent choice for the job - Hydra
https://github.com/vanhauser-thc/thc-hydra
Yes they wins against medusa and ncrack, but you know that ')
2. Download the Hydra and launch a CMD (command, cli) to the folder containing the hydra.exe
You're still using Microsoft Windows! Aren't you?!
I choose not to use a special characters because in my investigation I found a clue that they don't use it at all
3. You need now patience in mine case ~ 3 weeks when recently move to reestablish a whole new fucking life in Uruguay in particular at this time in Montevideo.
Meanwhile I found a lot of information regardess the whole system structure, used hardware equipments and nodes, etc. doesn't matter ')
(I still own a engineer degree on lasers, optics and fine mechanic at all and again look the provided document if you are interested)
Yo-ho-ho and a bottle of rum!
4. Voila! After few weeks finally I've got it and now I can telnet my router and use very cool stuff in the provided BusyBox interface, now let's the hack begin.
5. Meanwhile Daniel Cisa has published his exploit
https://www.exploit-db.com/exploits/36978/
Thanks man with this the rest is much easier!
Firmware: 2.22.21P1T8S

Lupa Password Zte F660

Confirmed that works fine on 2.22.21P1T12S too
The last cracked password was: 5DhD64Je
6. Looking in the provided BIN with HEX editor I found that this binary excellent will be showed as good plain readable database using excellent NirSoft RouterPassView - http://nirsoft.net/utils/router_password_recovery.html
(and yes he fix exactly the problem with ZTE routers on build 1.65)
Run the program and ignore AntiVirus warnings, because you're da real man bro
Drag and drop the config.bin downloaded via the exploitable html which you found in the step above, but you know that too!
This is madness you know I know, NSA know everyone knows ')
So I make a notes here HOW TO and WHY TO make that shits to work for us:
For this research we use the sendcmd command to make manipulation of the 'Read-Only' DB system.
Read carefully below and apply at your own risk.
Don't try to explain to your ISP bulshits, because the shitty system logs almost everything and The Guardian is operative, nut you know this too as always ')
This is the command which give us a table which holds the admin password:
This command shows us all tables:

Код: Избери всички

This command sets a new telnet user, password and port
Please note that after all changes to be applied you must fire save ')
Usefull commands to see a lot of stuff inside the modem:
(I didn't explain it detailed here, because you know it too, sorry ')

Код: Избери всички

mount -n -o remount,rw /
With this command, you can convert read-only file system to read-write file system.
To change back read-only file system.
mount -n -o remount,ro /
sendcmd 1 DB p VoIPSIPLine all > /mnt/usb1_1/666_VoIPSIPLine.xml
'/mnt/' >> '/'
sendcmd 1 DB set FTPUser 0 Location /
sendcmd 1 DB save
sendcmd 1 DB set FTPServerCfg 0 FtpEnable 1
sendcmd 1 DB set FTPUser 1 ViewName IGD.FTPUSER1
sendcmd 1 DB set FTPUser 1 Username root
sendcmd 1 DB set FTPUser 1 Password C.O.R.E.
sendcmd 1 DB set FTPUser 1 Location /
sendcmd 1 DB set FTPUser 1 UserRight 1
sendcmd 1 DB save
sendcmd 1 DB set WANC 1 IsNAT 0
sendcmd 1 DB set WANC 1 IsForward 0
sendcmd 1 DB set WANC 1 IsDefGW 0
sendcmd 1 DB save
setmac show
setmac 1 256 XX:XX:XX:XX:XX:XX
cd /mnt/usb1_1
./config.ash
-----------by Pixel PIrate for now----------------

Here you find how to configure and reset ZTE F660 Router.

Login to ZTE F660 Router

Open a web browser, such as Google Chrome, and enter the IP address of your router in the address bar.

Preconfigured wireless settings

Accessing your router's configuration interface

To connect to your router's web interface, follow these steps:

1. Turn on router
2. Establish a connection between the device and the router via network cable or Wi-Fi*
3. Open web browser
4. Enter IP address in the address bar and then confirm with ‘Enter’ key
5. Enter username and password in the open interface and confirm once more

Reset ZTE F660 router to factory defaults

To reset the ZTE F660 to its default settings, you have to do the following steps:

1. Turn on router
2. Press Factory Reset button and hold for at least 15 seconds
3. Device restarts automatically
4. Default settings have been restored

The unit will reboot automatically. Once the power light stops blinking, the unit has been reset and is ready to use. J dilla donuts. Resetting the router does not reset the firmware to an earlier version, but it will change all settings back to factory defaults.

ZTE F660 Router Security

Change ZTE F660 Default Wifi Name (SSID)

Rename your ZTE F660 Default Wifi Name (SSID). Some ZTE routers come with default network names (with the name of the manufacturer). We recommend to use a different name because a default name unnecessarily identifies the make of your router, making it easier for attackers to break in.

Change ZTE F660 Default Password

It’s easy for a hacker to find out the manufacturer’s default password for your ZTE F660 router and then use that password to access your wireless network. So it’s wise to change the administrator password for your ZTE F660 router. When you’re deciding on your new password, try to pick a complex series of numbers and letters and try to avoid using a password that can be guessed easily.

MAC Address filtering for ZTE F660 router

MAC filtering allows you to limit access to your ZTE F660 router. To enable this feature, enter into your ZTE F660 router the 12-character MAC ID of each computer that will connect to your network. Be sure to update this information if you add or remove devices.

Disabling Broadcast SSID for ZTE F660 router

ZTE F660 router transmits your Wi-Fi network ID (the so-called SSID) to everyone. This may be changed at will by unchecking the corresponding box in the settings. Then your network will not be so easily hacked. However, as a compromise, you will have to enter the SSID every time that you connect a device to the network. This step is not mandatory.

MAC Address filtering for ZTE F660 router

MAC filtering allows you to limit access to your ZTE F660 router. To enable this feature, enter into your ZTE F660 router the 12-character MAC ID of each computer that will connect to your network. Be sure to update this information if you add or remove devices.

Where are you placing the ZTE F660 router in the house?

You wouldn’t think about this at first, but where you place your ZTE F660 also has a bearing on your security.

Place the ZTE F660 router as close as possible to the middle of your house. The first benefit is that all the rooms in your house have the same access to the Internet. The second benefit is that you don’t want to have your wireless signal range reach too much outside your house, where it can be easily intercepted by cybercriminals.

For this reason, don’t place your ZTE F660 router next to a window, since there’s nothing to obstruct the signal going outside your house.