Fun with ZTE livebox using telnet - Orange

How about of hacking getting access  into a ZTE ZXHN H108N router though web/telnet?

Well thats not hacking, all password are default supplied by I S P (pointless to say their name)

However, my home network uses the livebox as a default gateway to the outside world; Some most  of the livebox are accessible from the net and worst with default logins.

Web connections:

Normally, those having a ZTE router can be scanned using NMAP:

nmap  X.X.X.X  -O -v  (Should be able to get info about the OS being used also)

PORT STATE SERVICE
23/tcp open telnet (I dont use a telnet service @home O.o -- why its opened)
80/tcp open http (my default webserver obviously)
443/tcp open https (SSL certificates are expensive... why this port opened? O.o)

If you browse the address https://ip/, you should be able to view the default login page of a ZTE router.

For the unlucky ones, whose ZTE router still have a default login, then the username/password is admin/admin 🙁

There you go, for having some fun

Telnet connections:

While others can still have fun by accessing its telnet console.
So, I have tested mine locally:-

lol@C-3PO:~$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.

************************************************************
 Welcome to the world of CLI !
 ************************************************************
Username:admin
% Bad username!

Oops.. the admin username does not match its login 🙁

 

Lets try more, username: root,  (it asked the password… Yuppii)

password: toor … and so one does not passed

 

After making some search, I found that the default password is “public”  no reallly?? Oo

so username/password: root/public

 

 ************************************************************
 Welcome to the world of CLI !
 ************************************************************
Username:root
Password:
CLI>?
Exec commands:
 enable Turn on privileged commands.
 exit Quit from telnet.
 ping Ping the destination.
CLI>

 

Like other router, to get privileged access, we type enable:

CLI>enable
Password:

 

ohh not again another password!! so back to the net and came with a  password which is no less than “zte”

…and there you go with privileged access !!

 

The chose is yours, reset/reboot/change configuration using command line … ^_^

CLI>enable
Password:
CLI#?
Exec commands:
 configure Enter configuration mode.
 disable Exit from privilege mode.
 exit Quit from telnet.
 macaddr show or set mac address
 ping Ping the destination.
 reboot Reboot device.
 reset reset device 
 restoredefault Reset to factory configuration.
 serialnumber get or set SN
 swversion show software version
CLI#

 

Happy kas yien  😀