Home - Wireless Cracking - Thomson TG784n (MEO) - Login Algo.


8 Results - Page 1 of 1 -
1
Author Message
Avatar
PTSec

Status: n/a
Joined: Wed, 02 Nov 2011
Posts: 69
Team:
Reputation: 15 Reputation
Offline
Wed, 14 Dec 2011 @ 16:08:38

I´m trying to crack the algorithm of administrator panel of thomson routers....

I got this from users file:

said:


name=Administrator
password=_CYP2_8ae001dc8a74bc6e607a2e8226ddd02fdbbf4cd23aa512d4
hash2=4c0f71fd4ae422b426a4eebec6e8d28b
crypt=zzEululifVOf6 lm=_ENC2_82152B7E284A438EE214753F479FBF95529FAD0DADC51850EC36781ED016E290F9F0ED0C206739CFB67E9664BC85567EE00341870EF859B86AE957D0660D0E44AC46BD765EAC90A5D744797FFC6A9761
ntlm=_ENC2_1A5BC74B67F4864B9793975C737525C077F75DAA4211D71E03D447641CE3CC0381196A887F788CFEBAFEEF85F1653A689438DABA014909453726B924AC7CCC7CAE40CCC30B8992D7C2210F9172611D15


name=meo
password=_CYP2_b3f47eb5f04658f714f389ab9362479ba0a947b5255d3469
hash2=99010e61fcf8b6c41fb97cf64dadf79e
crypt=IPboDYcp4oUrE lm=_ENC2_09576BFC7272DF0E7144412FED0BB0401ED968533C2B03FC5EA33120B8516B935252E91751873E8BAAACB357E9B6B95113D73DC0B38339E26BCB9659571897E47CA9EF97B50D1A5B0A526460CC968CCA
ntlm=_ENC2_0935D785896EDE581CFD99500FCEF09759C481A7F3B3FA15DE9427584E61C791E028201E8ED057DF9A210FE96BBA0ED029836FF0A324CC2BC0596C25946EB1D8143F4A889933FA2ABAEA8F6B39BE1DE5

name=sumeo
password=_CYP2_7bf31c88f33a6bad4d59a1df0ddfc97e6627cc719c91af4c
hash2=094a55fcfbf4850f0f9eef4b5c1ff490
crypt=bSn.KCkvVpgWY lm=_ENC2_DA39C7E4FC1A34E745B377819E2A4EA3340A6AA152F3F5ECCA8D17974F3F00DEFD8DAEE035A1528700DFB8E7281712BE8677330387E455A9F3AC0571486C923B6DAA439187C69D92711E7F2DFF1DD59F
ntlm=_ENC2_EF0B15045AF4C64819E6D21AAB42216A4C484F4B0E887BB014C029EC03B474931B0400FE6CA3E0D4520FD42429808007A904D4977B8731E08411BD7047C0124F955B2ABC90E9C4C22C159DA002A54B4E

name=microuser
password=_CYP2_9e1068578d922e177b722e2d9fb77ae2c796d5e998cf94ae
hash2=afd39976a1973555831cdcb4309d4034
crypt=jn0Aq5ocIPzCI lm=_ENC2_F7C638E530DA70FB4A3FC264733728344C4F9EF1C5F60912ED29730B8BF8DBE4CC89B021E4C43DC4873D89A34133A3652BC8A5EBF3143750790F19182BF3026EC2C4357DD732692328C86B5B729CD429
ntlm=_ENC2_892E111D5DBE7BDC540ED93D487A694662E614FAEA60F679DA628BB8E7F3D7E165932239B14C759B57B9BFD2A8516657D3252F8D96B0412755D015F21C42E2760A0E8CF40FF4B8740A6B6F926ADC3117

I already have this users:

said:


name=Administrator
password=3!play

name=meo
password=meo

name=sumeo
password=bfd,10ng

But I can't find a way to crack microuser hash...
The others are known because the ISP provided them.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Wed, 14 Dec 2011 @ 17:12:33

Hi PTsec

Very interesting stuff !!

My humble experiments failed I'm afraid.

Can I ask what you meant by this ...

said:

I got this from users file:

How did you do that ? Were you just on the LAN or actually on the physical computer ?

Thanks


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
PTSec

Status: n/a
Joined: Wed, 02 Nov 2011
Posts: 69
Team:
Reputation: 15 Reputation
Offline
Wed, 14 Dec 2011 @ 18:03:06

Sorry my english is not good...

The router have a file that adds administrators login information into the system, that was the information I posted before.

The original file: http://pastebin.com/sScGCz3P

But each password seems to have multiple encryption types, its a mess xD

The router firmware:
http://download.modem-help.co.uk/mfcs-A/Alcatel/Modems/TG784n/v1/Firmware/r8-4-3/OVH/OVH-FW-modems-ADSL-Pro.7z.php

The file is located: squashfs-root\archive\ZX9IAJ8.4HF\active\mlpuser.def


Avatar
PTSec

Status: n/a
Joined: Wed, 02 Nov 2011
Posts: 69
Team:
Reputation: 15 Reputation
Offline
Mon, 04 Jun 2012 @ 21:45:12

I discovered a way to bruteforce the password

The hash2 is md5.

md5("$user:Thomson Gateway:$password"


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Mon, 04 Jun 2012 @ 23:35:31

PTSec said:

I discovered a way to bruteforce the password

The hash2 is md5.

md5("$user:Thomson Gateway:$password"

Nearly 6 months after your first post on this and you find the answer !! Now that's what I call determination !!!

Congats on your achievement and thank you for letting others know.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
PTSec

Status: n/a
Joined: Wed, 02 Nov 2011
Posts: 69
Team:
Reputation: 15 Reputation
Offline
Mon, 04 Jun 2012 @ 23:58:37

Hash-IT said:

PTSec said:

I discovered a way to bruteforce the password

The hash2 is md5.

md5("$user:Thomson Gateway:$password"

Nearly 6 months after your first post on this and you find the answer !! Now that's what I call determination !!!

Congats on your achievement and thank you for letting others know.

Thanks for your support :P

Now I just need to crack the hash,

I just posted here: http://forum.md5decrypter.co.uk/topic1123-1x-md5.aspx

Lets hope that someone find the password ^^


Avatar
cmrafrica

Status: n/a
Joined: Mon, 10 Jul 2017
Posts: 1
Team:
Reputation: 0 Reputation
Offline
Tue, 11 Jul 2017 @ 00:09:53

Dear PTSec, anyone:

You found 3 User/Pass for that specific router.

Lately you post:
I discovered a way to bruteforce the password
The hash2 is md5.
md5("$user:Thomson Gateway:$password"

Then you said:
Now I just need to crack the hash,
I just posted here: http://forum.md5decrypter.co.uk/topic1123-1x-md5.aspx
Lets hope that someone find the password ^^

I was trying to open that link, but I get an error: “Server Error in '/' Application. The resource cannot be found.”

Had you done more progresses in discoverying the encrypted passwords?

Because I got a similar router, with Administrator as username, but the given password (3!play) doesn’t work.

I’m based in Portugal and those User/Pass are from one of the 3 main operators we got here.
Your User/Pass are from MEO operator and I got a router from NOS operator (Technicolor TG589).

Can anyone help me please?
Thanks in advance,

Candido


Still alive after all these years ...

Avatar
cvsi
Moderator
Status: Trusted
Joined: Fri, 23 May 2014
Posts: 2106
Team: CynoSure Prime
Reputation: 3100 Reputation
Online
Tue, 11 Jul 2017 @ 00:37:52

This is the updated link to the old one.

https://forum.hashkiller.co.uk/topic-view.aspx?t=1123&m=end#end


There is nothing worth looking at on it tho.


Please read the forum rules. | Please read the paid section rules.

280x, 390x
GTX 1080 Ti , GTX 1080 , 2x GTX 1070 Everything watercooled

BTC - 1As13jsySvbN5wjcNJP3AASiazDX9pVdVw


8 Results - Page 1 of 1 -
1

We have a total of 123240 messages in 14826 topics.
We have a total of 15696 registered users.
Our newest registered member is c35.