Via the web interface of the ActionTec router there is a configuration file you can dump. Not knowing what was in it, I decided to dump the config and read through it. HOLY CRAP....
In the config you can see the user name and password of the account that has access to port 4567:
(username(verizonfios))
(password(&cc;Ya&b9;&ae;&19;]&d1;&be;&ba;v))
I could also see the username and password for the Admin account which I changed for this blog temporarily so you could see an example hash with plaintext password (hoping that someone smart can break it, it's probably dirt simple)
(username(root))
(password(&97;50&91;u&ea;0∾&86;|4m&cb;2&a9;&e4;))
Password is AAAAAAAA11111111
I thought on a whim that the password for the verzionfios might be on the web somewhere.....(really hoping NOT)...BOOM here it is (confirmed by my friend)
http://filedb.experts-exchange.com/incoming/2008/06_w23/30839/Wireless-Broadband-Router.txt
So this is messed up, the secret backdoor port 4567 has the same username and password enabled for every router. Nice...just waiting for FIOS networks to become the WORLDS LARGEST, FASTEST BOTNETS.
Subscribe to:
Post Comments (Atom)
Posts
After testing this, there seems nothing to it. I do not think it works.
ReplyDelete