LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

#1 October 11 2009

Kareem
Member

Tutorial: Extract OGERO router and PPPoE Username and Pass

This tutorial is not about any ILLEGAL activity as we are here breaking the security of OUR router and OUR connection so please Samer do not delete it.

We have paid for an ADSL router and we have the right to access our own equipments. Everytime we need to change our DSL modem we need to go to OGERO because they think that people are too dumb to do it.

1- Connect to the wireless router via cable and not wifi.

2- Verify that you have access to your router with username: user and password: user ( this is available for all OGERO users )

cmd> telnet "router ip"

BCM.... ADSL Router
Login: user
Password:
>

4- Once you are in, type dumpcfg and copy the output to a text file. It will look like :

> dumpcfg

<psitree>
<SystemInfo>
....
<sysUserName value="admin"/>
<tr69c state="enable" upgradesManaged="0" upgradeAvailable="0" informEnbl="1" in
formTime="0" informInterval="30" noneConnReqAuth="0" debugEnbl="0" acsURL="http:
//blink.fs453.ogeronet.com" acsUser="admin" acsPwd="admin" parameterKey="12345"
connReqURL="" connReqUser="admin" connReqPwd="admin" kickURL="" provisioningCode
="12345"/>
<sysPassword value="b********k="/>

....

</ripIfc>
</RouteCfg>
<pppsrv_0_0_35>
<ppp_conId1 userName="L******@ogeronet-1024.com" password="W********c3MGxrQm
t******m95UGw=
" serviceName="" idleTimeout="0" ipExt="disable" auth="aut
o" useStaticIpAddr="0" localIpAddr="255.255.255.255" manual="automatic" Debug="d .....

The things in bold are the username and password for both the router and for the PPPoE connection. The password should end by =

The passwords are Base64 encrypted.

An easy way is and online decryptor such as Base64 Encryption & Decryption Online

Let's say the password is a2FyaW0= , pressing on Base64 to normal string will give me karim, the plain text password.

Now you have router admin password and your PPPoE password. Cheers.


PS: I have only tried it on OGERO D-Link DSL-2640U modems but it should be somehow similar for other ISPs modem


Big thanks to Teo for the support.

Last edited by Kareem (October 11 2009)

Offline

#2 October 11 2009

Ayman
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

@Kareem, thanks for the tut very useful in many cases, keep up the good work :)

Offline

#3 October 11 2009

J4D
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

thats  great :)   im glad you were able to crack it  karim :)  once you  get the encryption name and method the rest is easy :)

Offline

#4 October 11 2009

belal
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

Great!nice one!!
I have a simple adsl modem which is connected to the WAN port of the dlink dir-300 router...
i can only connect the adsl modem through telnet.(which lacks dumpcfg) :

Username : Administrator
Password :
------------------------------------------------------------------------

                             ______  SpeedTouch 5x6
                         ___/_____/\
                        /         /\  6.1.19.0
                  _____/__       /  \
                _/       /\_____/___ \  Copyright (c) 1999-2006, THOMSON
               //       /  \       /\ \
       _______//_______/    \     / _\/______
      /      / \       \    /    / /        /\
   __/      /   \       \  /    / /        / _\__
  / /      /     \_______\/    / /        / /   /\
/_/______/___________________/ /________/ /___/  \
\ \      \    ___________    \ \        \ \   \  /
  \_\      \  /          /\    \ \        \ \___\/
     \      \/          /  \    \ \        \  /
      \_____/          /    \    \ \________\/
           /__________/      \    \  /
           \   _____  \      /_____\/
            \ /    /\  \    /___\/
             /____/  \  \  /
             \    \  /___\/
              \____\/

------------------------------------------------------------------------

{Administrator}=>?
Following commands are available :

help             : Displays this help information
menu             : Displays menu
?                : Displays this help information
exit             : Exits this shell.
..               : Exits group selection.
saveall          : Saves current configuration.
ping             : Send ICMP ECHO_REQUEST packets.
traceroute       : Send ICMP/UDP packets to trace the ip path.

Following command groups are available :

firewall        service         autopvc         connection      cwmp
dhcp            dns             dsd             dyndns          eth
adsl            atm             config          debug           env
expr            grp             hostmgr         ids             igmp
interface       ip              ipqos           label           language
mbus            memm            mlp             nat             ppp
pptp            script          snmp            sntp            software
system          systemlog       upgrade         upnp            user

{Administrator}=>

it seems it won't work with this modem:mad:...anyway thanks for your help

Last edited by belal (October 11 2009)

Offline

#5 October 11 2009

teodorgeorgiev
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

The Alcatel Speedtouch (a.k.a. Thomson Speedtouch) modem is maybe the most widely used one. A really nice and professional unit, but
since it is somehow costly a lot of DSL providers avoid it and go for cheap shit-ass Chinese products.

+ the unit supports TR-069 / CWMP for mass provisioning and maintenance (very useful for large ISPs/telcos). You see, Denys, you see?

There is also an expert mode password that can do wonders with your unit and that password is calculated based on the unit's MAC address.

Belal, here is a command to see your actual speed configured by the provider:

adsl info

Offline

#6 October 11 2009

Padre
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

Ogero DOES have speedtouch units .... you just have to nag A LOT and know the moudir there. he'll ask the tech guy to give you one ;)

Offline

#7 October 11 2009

ManOwaRR
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

U Can Just Reset And Reconfigure it , like i did to my speedtouch thomson router

Offline

#8 October 11 2009

Raficoo
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

hey guys can you help me.. i'm trying to do this but when i get to the 3rd step i get this:

boxzrx.jpg

any idea how to get passed this

Offline

#9 October 11 2009

Kareem
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

what is your ISP and modem ?

Offline

#10 October 11 2009

nuclearcat
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

Kareem - good job! You are right, if you paid for modem - you have full right to configure it as you want.

Offline

#11 October 11 2009

Kareem
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

belal wrote:

Great!nice one!!
I have a simple adsl modem which is connected to the WAN port of the dlink dir-300 router...
i can only connect the adsl modem through telnet.(which lacks dumpcfg) :

Username : Administrator
Password :
------------------------------------------------------------------------

                             ______  SpeedTouch 5x6
                         ___/_____/\
                        /         /\  6.1.19.0
                  _____/__       /  \
                _/       /\_____/___ \  Copyright (c) 1999-2006, THOMSON
               //       /  \       /\ \
       _______//_______/    \     / _\/______
      /      / \       \    /    / /        /\
   __/      /   \       \  /    / /        / _\__
  / /      /     \_______\/    / /        / /   /\
/_/______/___________________/ /________/ /___/  \
\ \      \    ___________    \ \        \ \   \  /
  \_\      \  /          /\    \ \        \ \___\/
     \      \/          /  \    \ \        \  /
      \_____/          /    \    \ \________\/
           /__________/      \    \  /
           \   _____  \      /_____\/
            \ /    /\  \    /___\/
             /____/  \  \  /
             \    \  /___\/
              \____\/

------------------------------------------------------------------------

{Administrator}=>?
Following commands are available :

help             : Displays this help information
menu             : Displays menu
?                : Displays this help information
exit             : Exits this shell.
..               : Exits group selection.
saveall          : Saves current configuration.
ping             : Send ICMP ECHO_REQUEST packets.
traceroute       : Send ICMP/UDP packets to trace the ip path.

Following command groups are available :

firewall        service         autopvc         connection      cwmp
dhcp            dns             dsd             dyndns          eth
adsl            atm             config          debug           env
expr            grp             hostmgr         ids             igmp
interface       ip              ipqos           label           language
mbus            memm            mlp             nat             ppp
pptp            script          snmp            sntp            software
system          systemlog       upgrade         upnp            user

{Administrator}=>

it seems it won't work with this modem:mad:...anyway thanks for your help

Hey belal, you have the admin password, cant you the router from IE? yes you can. You simply login to the wireless router and backup your configuration

http://www.pcwintech.com/files/screensh … 00/015.png


Now you can browse the saved configuration file and continue the tutorial from there. I hope that helps.

Last edited by Kareem (October 11 2009)

Offline

#12 October 11 2009

Kareem
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

Ah sorry belal I guess you meant that the wireless router is just an AP connected to the adsl modem ?

Offline

#13 October 11 2009

belal
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

Ah sorry belal I guess you meant that the wireless router is just an AP connected to the adsl modem ?

Yes, that's it :(
Theoretically, i am sure my current modem will be damaged by some lightings very soon..So, once damaged, i am going to buy that Chinese Ogero D-Link DSL-2640U modem!! :rolleyes:

The Alcatel Speedtouch (a.k.a. Thomson Speedtouch) modem is maybe the most widely used one. A really nice and professional unit, but
since it is somehow costly a lot of DSL providers avoid it and go for cheap shit-ass Chinese products.

These fucked up alcated speedtouch can't reveal the password! Ergo, Chinese shit-ass products FTW!

Offline

#14 October 11 2009

J4D
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

naaahh   you  can protect your self !    i gave you the name of the place that sells surge protectors !

Last edited by jadberro (October 11 2009)

Offline

#15 October 11 2009

Kareem
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

Belal can you try this ? I tried it on my friend cyberia modem and it worked. ftp router ip, login.

330 OK
ftp>
ftp>bin
200 TYPE is now 8-bit binary
ftp>
ftp>hash
200Hash mark printing on (8192 bytes/hash mark).
ftp>cd dl
250 Changed to /dl
ftp>get user.ini
200 Connected to 192.168.1.10 port 1271
...
ftp: 256 bytes sent in 0,000Seconds 256000,000Kbytes/sec.
ftp>


Gdluck.

Last edited by Kareem (October 11 2009)

Offline

#16 October 11 2009

Kareem
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

[ ppp.ini ]
ifconfig intf=Internet user=stingray password=_DEV_872E06E9529A51A17E8D­ 9CEAB149860E status=enabled
ifconfig intf=PPPoA_1 user=stingray password=_DEV_D9087E841A0B7D251583­ 9FF1D6FDEC4E status=enabled

Offline

#17 October 11 2009

belal
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

Kareem check this:

Microsoft Windows [Version 6.1.7100]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>ftp 192.168.1.254
Connected to 192.168.1.254.
220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.
User (192.168.1.254:(none)): Administrator
331 SpeedTouch Password required.
Password:
230 OK
ftp> bin
200  TYPE is now 8-bit binary
ftp> hash
Hash mark printing On  ftp: (2048 bytes/hash mark) .
ftp> cd dl
250 Changed to /dl
ftp> put C:\user.ini
C:\user.ini: File not found
ftp> put C:\Users\Public\user
C:\Users\Public\user: File not found
ftp> put C:\Users\Public\user.txt
200 Connected to 192.168.1.64 port 56492
150 Opening data connection for user.txt
226 File written successfully
ftp> dir
200 Connected to 192.168.1.64 port 56493
150 Opening data connection for /bin/ls
-r--r--r--   1 0        0               9 Jun 29  1971 seed.dat
-r--r--r--   1 0        0             790 Jun 29  1971 sslcert.pem
-r--r--r--   1 0        0             963 Jun 29  1971 sslkey.pem
-rwxrwxrwx   1 0        0               0 Jun 29  1971 user.txt
-rw-rw-rw-   1 0        0           12443 Jun 29  1971 user.tpl
-rwxrwxrwx   1 0        0           55028 Jun 29  1971 user.ini
226 Options: -l  : 6 matches total
ftp: 395 bytes received in 0.00Seconds 98.75Kbytes/sec.

I opened that user.txt file, but it is completely blank..where's the mistake?(btw i have windows7(run as administrator akid,should i do it in my other windows xp laptop?)

Last edited by belal (October 11 2009)

Offline

#18 October 11 2009

Kareem
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

Ok but you have uploaded the user.txt and not the user.ini non ?

Offline

#19 October 11 2009

Kareem
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

sorry sorry my mistake..

try this get user.ini

Did not sleep since yesterday so pardon me :)

Offline

#20 October 11 2009

belal
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

Microsoft Windows [Version 6.1.7100]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>ftp 192.168.1.254
Connected to 192.168.1.254.
220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.
User (192.168.1.254:(none)): Administrator
331 SpeedTouch Password required.
Password:
230 OK
ftp> bin
200  TYPE is now 8-bit binary
ftp> hash
Hash mark printing On  ftp: (2048 bytes/hash mark) .
ftp> cd dl
250 Changed to /dl
ftp> get user.ini
200 Connected to 192.168.1.64 port 56538
150 Opening data connection for user.ini (0)
226 File transfer complete
ftp>

the file user.ini is the the system32 folder...fade kamen..

Offline

#21 October 11 2009

Kareem
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

55028 Jun 29  1971 user.ini how could iy be empty

Offline

#22 October 11 2009

belal
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

no idea. i am going to try it on windows xp. it should work...give me a sec plz

Offline

#23 October 11 2009

belal
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

kamen empty..

Offline

#24 October 11 2009

Kareem
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

can you paste the output of ls command in the dl directory please?

Offline

#25 October 11 2009

belal
Member

Re: Tutorial: Extract OGERO router and PPPoE Username and Pass

i didnt understand..where should i paste the output of the command? in that user.ini file?

Offline

Board footer