hvordan hack password på vood 322i (lodde,ttl kabel)
Her er en rask guide hvordan hack password ut fra vood 322i , tilgin.com det er en iptlf med router.
Poster om ttl den guide som eks på den tråden her(les den først):
http://www.freakforum.nu/forum/showthread.php?t=116649
http://ranvik.net/privat/router/vood322i/ <- bilde av den
pdf fra produsent :
http://www.tilgin.com/Documents/Prod..._prodSheet.pdf
den har navn "Tilgin Vood 322 Telco Home Gateway"
STOR NB til meg selv power er på 12volt VEKSELSTRØM! IKKE DC!
Det er en guide for dem som vil ha login på routern , og endre voip setings(som du normalt ikke har tilgang til)
Først av alt trenger du en TTL kabel, se forum tråden over.
Neste du må er lodde TTL kablen ned på router. jeg har funnet ut pinout her:
http://ranvik.net/privat/router/vood322i/pinout.JPG
i text verjson er pinout :
1 =TX
2 = +3,3volt(strøm til TLL)
3 =GND
4 =RX
når alt det er loddet på så start hyperterminal, eller putty, bruk disse setings:
port speed: 115200
databit: 8
paritet: ingen
stoppbiter: 1
flytkontrll: maksinvare
NB: jeg vil anbefale og bruke putty OG slå på logg, og save alle data for router/voip config er veldig stor, og du
kan lett drukne i info.
sett så i strøm på routern, da vil du noe som dette her :
Kode
Minimal POST completed... Success.
Last reset cause: Hardware reset (Power-on reset)
i3Boot rev: 1.1.0.5
Press ESC for monitor... 3 2 1
(i3Boot)
i3boot started
Found it!!!!!
i3 linux loaded
start 7unzip and then the kernel
Launching kernel decompressor.
Starting LZMA Uncompression Algorithm.
Copyright (C) 2003 Texas Instruments Incorporated; Copyright (C) 1999-2003 Igor Pavlov.
Compressed file is LZMA format.
Kernel decompressor was successful ... launching kernel.
LINUX started...
Config serial console: ttyS0,115200
CPU revision is: 00018448
Primary instruction cache 16kb, linesize 16 bytes (4 ways)
Primary data cache 16kb, linesize 16 bytes (4 ways)
Number of TLB entries 16.
Linux version 2.4.17_mvl21-malta-mips_fp_le (mig@gentoo) (gcc version 2.95.4 20010319 (prerelease)) #1 Fri Jun 30
11:41:21 CEST 2006
Determined physical RAM map:
memory: 14000000 @ 00000000 (reserved)
On node 0 totalpages: 4032
zone(0): 4032 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line:
calculating r4koff... 00098968(625000)
CPU frequency 125.00 MHz
Calibrating delay loop... 124.92 BogoMIPS
Freeing Adam2 reserved memory [0x14001000,0xfffff000]
Memory: 14232k/16128k available (1384k kernel code, 1896k reserved, 99k data, 60k init)
Dentry-cache hash table entries: 2048 (order: 2, 16384 bytes)
Inode-cache hash table entries: 1024 (order: 1, 8192 bytes)
Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
Checking for 'wait' instruction... unavailable.
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
TI Optimizations: Allocating TI-Cached Memory Pool.
Warning: Number of buffers is not configured.Setting default to 120
Using 120 Buffers for TI-Cached Memory Pool.
DEBUG: Using Hybrid Mode.
NSP Optimizations: Succesfully allocated TI-Cached Memory Pool.
Initializing RT netlink socket
Starting kswapd
Disabling the Out Of Memory Killer
devfs: v1.7 (20011216) Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options: 0x1
pty: 32 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with no serial options enabled
ttyS00 at 0xa8610e00 (irq = 15) is a 16550A
block: 64 slots per queue, batch=16
DEBUG: Initializing the voice port management module.
+ masse mer, resten finnes på http://ranvik.net/privat/router/vood322i/boot.txt
Når den har boote opp, kan du se den kjøre linux som alt annet.
jeg viste ikke password for routern.
skriv bare: cd etc
så skrive: cat config.xml
Kode
# cat config.xml
<config version="3.5.0A" fsstamp="20051207165636">
<entities>
<manager>
<settings>
<dependencies>
<connection>
<bridge>
<tops>
<lanbridge0></lanbridge0>
</tops>
</bridge>
<default>
<tops></tops>
</default>
</connection>
<encaps>
<default>
<bottoms>
<eth0>
</eth0>
</bottoms>
</default>
</encaps>
</dependencies>
<ifaces>
<eth1>Ethernet1</eth1>
</ifaces>
</settings>
</manager>
<logger>
<settings>
<loglevel>notice</loglevel>
<facility>
<logic>notice</logic>
<entity>notice</entity>
<module>notice</module>
<user>notice</user>
</facility>
<syslog enable="1">/dev/log</syslog>
<klog enable="1">/dev/klog</klog>
</settings>
</logger>
<security>
<settings>
<username>Conf</username>
<password>admin</password>
<shadow>1</shadow>
<idle_timeout>30</idle_timeout>
<cli>
<level_1>view</level_1>
<level_2>logger</level_2>
<level_3>nobody</level_3>
<level_4>nobody</level_4>
<level_5>Admin</level_5>
</cli>
</settings>
</security>
<dproxy>
<settings>
<state>1</state>
</settings>
</dproxy>
</entities>
<modules>
<selector>
<id>lan0</id>
<active>1</active>
<lan>1</lan>
<description>LAN group 1</description>
<container_name>lan</container_name>
<path>static</path>
<modules>
<flan>
<active>1</active>
<lan>1</lan>
<settings>
<private>
<ping>
<state>0</state>
</ping>
<block></block>
</private>
<fdb></fdb>
<public></public>
</settings>
</flan>
<qos>
<active>1</active>
<lan>1</lan>
<settings>
<trusted>0</trusted>
<enabled>0</enabled>
<qw_low>40</qw_low>
<qw_med>60</qw_med>
<qw_high>100</qw_high>
<qw_voice>100</qw_voice>
<ql_low>0</ql_low>
<ql_med>0</ql_med>
<ql_high>20</ql_high>
<ql_voice>15</ql_voice>
<qos_type>ip</qos_type>
<default_rule>
<rule_name>Default</rule_name>
<prot_type>ip</prot_type>
<sa_ip>*</sa_ip>
<sa_mask>*</sa_mask>
<sa_port_start>*</sa_port_start>
<sa_port_end>*</sa_port_end>
<da_ip>*</da_ip>
<da_mask>*</da_mask>
<da_port_start>*</da_port_start>
<da_port_end>*</da_port_end>
<protocol>*</protocol>
<priority>low</priority>
<phy_port>0</phy_port>
</default_rule>
</settings>
</qos>
<hostname>
<active>1</active>
<lan>1</lan>
<settings>
<name>vood</name>
<domain>lan</domain>
</settings>
</hostname>
<static>
<active>1</active>
<lan>1</lan>
<settings>
<ip>192.168.1.1</ip>
<netmask>255.255.255.0</netmask>
</settings>
</static>
</modules>
</selector>
<bridge>
<id>lanbridge0</id>
<active>1</active>
<lan>1</lan>
<settings>
<stp>off</stp>
<active_lan_ports>0</active_lan_ports>
</settings>
</bridge>
<bfilter>
<id>lanfilter0</id>
<active>1</active>
<lan>1</lan>
<settings>
<activated>0</activated>
<hidden_rules_en>0</hidden_rules_en>
<max_proto>7</max_proto>
<protocol>
<proto0 type="Any">0x0000</proto0>
<proto1 type="IPv4">0x0800</proto1>
<proto2 type="IPv6">0x86DD</proto2>
<proto3 type="RARP">0x8035</proto3>
<proto4 type="IPX - Ethernet II">0x8137</proto4>
<proto5 type="PPPoE Discovery">0x8863</proto5>
<proto6 type="PPPoE Session">0x8864</proto6>
</protocol>
<bf_mng_port>0</bf_mng_port>
</settings>
</bfilter>
<dhcps>
<id>landhcps0</id>
<active>0</active>
<lan>1</lan>
<settings>
<state>1</state>
<start>192.168.1.2</start>
<end>192.168.1.254</end>
<lease>3600</lease>
<inflease>604800</inflease>
<subnet>255.255.255.0</subnet>
<pc1>
<ip>192.168.1.1</ip>
<mac>00:00:00:00:00:00</mac>
<hname>router</hname>
</pc1>
</settings>
</dhcps>
<dhcpfwd>
<id>landhcpfwd0</id>
<active>1</active>
<lan>1</lan>
<settings>
<state>0</state>
<ip>20.0.0.3</ip>
</settings>
</dhcpfwd>
<voice>
<id>voice</id>
<active>1</active>
<lan>0</lan>
<settings>
<state>1</state>
<connection>connection0</connection>
<config></config>
</settings>
</voice>
<route>
<id>route</id>
<active>1</active>
<lan>0</lan>
<settings>
<entry id="0" private="1">
<connection>lan0</connection>
<destination>239.0.0.0</destination>
<netmask>255.0.0.0</netmask>
<metric>1</metric>
</entry>
</settings>
</route>
<resolver>
<id>resolver</id>
<active>1</active>
<lan>0</lan>
<settings>
<nameserver1></nameserver1>
<nameserver2></nameserver2>
<nameserver3></nameserver3>
<gw>10.2.0.1</gw>
</settings>
</resolver>
<filter>
<id>filter</id>
<active>1</active>
<lan>0</lan>
<settings>
<proxy>0</proxy>
<cookies>0</cookies>
<java>0</java>
<activex>0</activex>
<popups>0</popups>
</settings>
</filter>
<upnp>
<id>upnp</id>
<active>1</active>
<lan>0</lan>
<settings>
<state>0</state>
<connection></connection>
<lan></lan>
</settings>
</upnp>
<igmpproxy>
<id>igmpproxy</id>
<active>1</active>
<lan>0</lan>
<settings>
<state>0</state>
<connection></connection>
</settings>
</igmpproxy>
<snmp>
<id>snmpcm</id>
<active>1</active>
<lan>0</lan>
<settings>
<snmpstate>1</snmpstate>
<trapstate>1</trapstate>
<trapinfo>
<entry0>
<trapdest></trapdest>
<trapcommunity></trapcommunity>
<trapversion></trapversion>
</entry0>
<entry1>
<trapdest></trapdest>
<trapcommunity></trapcommunity>
<trapversion></trapversion>
</entry1>
<entry2>
<trapdest></trapdest>
<trapcommunity></trapcommunity>
<trapversion></trapversion>
</entry2>
</trapinfo>
<community>
<entry0>
<name>public</name>
<access>ro</access>
</entry0>
<entry1>
<name></name>
<access></access>
</entry1>
<entry2>
<name></name>
<access></access>
</entry2>
</community>
<system>
<sysname>VRG322</sysname>
<syslocation>stockholm,sweden</syslocation>
<syscontact>support@i3micro.com</syscontact>
<sysoid>1.3.6.1.4.1.294</sysoid>
</system>
</settings>
</snmp>
<routed>
<id>rip</id>
<active>1</active>
<lan>0</lan>
<settings>
<state>0</state>
<direction>0</direction>
<version>2</version>
<pwdreqd>1</pwdreqd>
<password>test</password>
<route1>
<net>0.0.0.0</net>
<gateway>255.255.255.0</gateway>
<metric>1</metric>
<state>0</state>
<use>0</use>
</route1>
<interface>
<lan0>
<port>br0</port>
<options>3</options>
</lan0>
<connection0>
<port>eth0</port>
<options>c3</options>
</connection0>
</interface>
</settings>
</routed>
<sntp>
<id>sntp</id>
<active>1</active>
<lan>0</lan>
<settings>
<status>0</status>
<prim_server>0.0.0.0</prim_server>
<secn_server>0.0.0.0</secn_server>
<tert_server>0.0.0.0</tert_server>
<timeout>5</timeout>
<retry_count>2</retry_count>
<poll_interval>30</poll_interval>
<timezone>Greenwich Mean Time</timezone>
<daylight>0</daylight>
<connection></connection>
</settings>
Resten finnes på http://ranvik.net/privat/router/vood322i/config.xml.txt
Du vil da se MASSE info om helle config på helle greia, den er veldig stor så søk i log etter: username
da vil du få en linje som ser sånn her ut:
><username>Conf</username><password>admin</password>
hvis du går på
http://192.168.1.1 da spør om det her og fyll ut det du se over.
Username: Conf
Password: admin
hvis du går på /misc/default.ini står det litt intresangt:
Enable_Web_Conf = "1"
Enable_Web_User = "1"
Enable_Web_Root = "1"
Enable_Analogue_Conf = "1"
Web_Users = "Admin",
"SubA",
"SubB",
"Conf"
#Admin = "admin
wpgOZmlCIqqM"
#SubA = "SubA
wEz91rR8mBcQ"
#SubB = "SubB
wOc.dv4ZBEc2"
#Conf = "Conf
wd.vMj.ESqU."
Admin = "admin:xT2.jAb9"
SubA = "SubA:SubA"
SubB = "SubB:SubB"
Conf = "Conf:admin"
Mer info om voip settings osv, og sikerheten fra lan/wan siden kommer.
Sist endret av ranvik; 30. oktober 2008 kl. 03:38.