+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: password retrieval using winhex (/showthread.php?tid=4657)
RE: password retrieval using winhex - occalifornia - 23-05-2017
(23-05-2017, 11:16 PM)doctor Wrote: 77megs compressed , 135 meg uncompressed.
i did ask for it.
RE: password retrieval using winhex - occalifornia - 24-05-2017
(23-05-2017, 11:16 PM)doctor Wrote: 77megs compressed , 135 meg uncompressed.
hi, so I inspected the file. It's your bin file - not the log.
Can you upload your log output?
RE: password retrieval using winhex - drewmerc - 24-05-2017
Quote:name rogcesadmin
password admin
enable admin true
name cusadmin
password user1
enable user1 true
name rmadmin
password user2
enable user2 false
name user3 technician
password user3
enable user3 false
auth
enable false
lots of interesting stuff in there, no idea if useful
ssh, telnet all false on lan side
RE: password retrieval using winhex - occalifornia - 24-05-2017
(24-05-2017, 01:40 AM)drewmerc Wrote:Quote:name rogcesadmin
password admin
enable admin true
name cusadmin
password user1
enable user1 true
name rmadmin
password user2
enable user2 false
name user3 technician
password user3
enable user3 false
auth
enable false
lots of interesting stuff in there, no idea if useful
ssh, telnet all false on lan side
This guy is the real MVP.
RE: password retrieval using winhex - drewmerc - 24-05-2017
Quote:fw
local
management
rule telnet false
fw
local
management
rule ssh false
Quote:snmp
enable true
snmp
enable
lan false
snmp
enable
wan true
RE: password retrieval using winhex - doctor - 24-05-2017
guys thanks for taking the time to look at the bin file. Ya there are lots of goodies within the bin but I would like to be able to access those extra menus and hidden features. I understand the isp will not give out their passcode due to the fact customer can actually screw the cm up and probably brick it.
So Drewmerc the big question is can i telnet or ssh into the modem. Im assuming false means NO . Im going to try those usernames and passcodes right now and see if i can get in.
occalifornia you used the abbreviation OP , had to google that , i thought you thought my user name was OP.
RE: password retrieval using winhex - drewmerc - 24-05-2017
i'd give it a go simply hex editing false to true and reflashing
only problem is the different character lengths, putting a space after true may work or a linefeed 0A in hex
RE: password retrieval using winhex - doctor - 25-05-2017
i used the replace feature and replaced all the false to true(0a). can you guess how many replacements there were? close to 3,500. With that being said modem didnt power up after that. I think i will just do a few areas where I think it will play an important roll. Btw whats the difference between 0A and 00 they both produce a dot .
RE: password retrieval using winhex - occalifornia - 25-05-2017
(25-05-2017, 01:35 AM)doctor Wrote: i used the replace feature and replaced all the false to true(0a). can you guess how many replacements there were? close to 3,500. With that being said modem didnt power up after that. I think i will just do a few areas where I think it will play an important roll. Btw whats the difference between 0A and 00 they both produce a dot .
You should only be replacing "true" for the segments that affect your ability to use a particular credential.
There are numerous other instances in the bin where boolean logic controls how the system functions and setting them all to false will cause it to enter a non-functional state.
RE: password retrieval using winhex - McAdams - 29-05-2017
(24-05-2017, 03:42 AM)doctor Wrote: occalifornia you used the abbreviation OP , had to google that , i thought you thought my user name was OP.
Means original post/poster, not to be confused with original prankster although it applies sometimes.