Huawei B593 Driver Firmware Download 2016 Word
I finally cracked this! Just to clarify, I'm running an u-12 model with the. Using the ping-exploit to loosen firewall rules The first thing to is open the firewall to allow local access to the box.
In my I already established, that all the good ports are blocked by IPtables in the Linux. So, the previously published (I'm doing this on my Linux PC):./B593cmd.pl -the-IP- -the-admin-Pwd- 'iptables -I INPUT -i br0 -j ACCEPT' Now all ports are open from the LAN, but there are no changes to the Internet side. We confirm this by running nmap: Nmap scan report for -the-IP- Host is up (0.0082s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 80/tcp open http 443/tcp open https 631/tcp open ipp 8081/tcp open blackice-icecap MAC Address: F8:3D:FF:F8:3D:FF (Huawei Technologies Co.) That is something that I have been able to do earlier, but could not gain anything concrete out of it. Confirm that you know the CLI-password Now that we can run any commands to the box, let's confirm the configuration:./B593cmd.pl -the-IP- -the-admin-Pwd- 'cat /var/curcfg.xml' less The output is a very long XML-file. The good parts are: The output clearly says, that web-GUI and telnet/SSH command line interface have separate user accounts for them. However, the passwords are encrypted.
Huawei E5788u-96a, Netgear nighthawk m1, Huawei B525s-23a, Huawei E8372h-517, Aircard 810s, Huawei B618 cube, Huawei E398u-1, Huawei E8372, Huawei E3372h-153, Aircard 330U, Aircard 790S, Huawei E5570s-320, Huawei B593 Antenna, Huawei E5577cs-321, Huawei E3276s-505, Huawei E5787s-33a, Huawei E5788 MiFi,Huawei B525s-23a, Huawei B890-66, Netgear. Huawei is a leading global information and communications technology (ICT) solutions provider, we have established end-to-end advantages in telecom networks, devices and cloud computing.
I have been able to determine, that it is a BASE64-encoded string and the binary format increases in 64-bit blocks. The only conclusion is to assume, that the passwords are encrypted with a, but the encryption key, and possible initialization vector are currently unknown. Luckily I know what f5338SA1kb4= and 2n+mVpCOAaY= stand for.
They are the default passwords to the box anyway and the manual says that default admin password is admin and default user password is user. Logical, huh? If you don't know the password for CLI- admin, there is no way that you're getting in. Trying out the SSH Now, what can we do with the fact, that SSH is now open and we know the password for privileged admin-user? A SSH-login, when using the correct CLI-password will yield: # ssh admin@ -the-IP- admin@ -the-IP-'s password: Write failed: Broken pipe Not cool.
In my exploit-tool -article, I referred to Mr. Ronkainen's work at. He said to execute a specific command via SSH.
• Install the Motor Speed Control, Receiver & Servos If you have the bottom wing installed, remove it. Install the speed control onto the Velcro ® you installed inside the fuselage. This will make the following installation easier. Install a 6-32 x 1/8' [3mm] set screw into the 2. Midwest super stearman manuals in pdf free.
My next attempt is to follow his instruction: # ssh admin@ -the-IP- /bin/sh admin@ -the-IP-'s password: ------------------------------- -----Welcome to ATP Cli------ ------------------------------- ATP> WHOOO!! Now the hidden shell-command will work: ------------------------------- -----Welcome to ATP Cli------ ------------------------------- ATP>shell shell BusyBox vv1.9.1 (2012-11-20 16:01:41 CST) built-in shell (ash) Enter 'help' for a list of built-in commands.
SSH with non-privileged user / Telnet To test this further, I attempted to login with user user. The non-privileged user does not have the hidden shell-command available and no access will be granted: # ssh user@ -the-IP- /bin/sh user@ -the-IP-'s password: ------------------------------- -----Welcome to ATP Cli------ ------------------------------- ATP>shell shell Command failed.
Also trying to access the ATP Cli via telnet does not work: # telnet -the-IP- Trying -the-IP. Connected to -the-IP. Escape character is '^]'. ------------------------------- -----Welcome to ATP Cli------ ------------------------------- Login: admin Password: Login incorrect. I don't know if the telnet is disconnected completely, or is there yet another set of accounts, but web-GUI nor CLI user credentials won't work there. Future ventures Anyway.
Now that I have the shell-access I have a much better possibility of doing more mischief. I need to explore the config system more as it would be very very nice to have the firewall allow SSH on boot.
Now the only way to allow SSH is to use the exploit and leverage the IPtables. Also on public request, I'm going to implement QoS. Stay tuned for more B593 hacking! Well I'm trying this on an b593-u12 disguised as an 'Speedport LTE 2' (Germany - telekom) running firmware V100R001C748SP104 First the device can't be addressed with 192.168.1.1 the device ignores this and redirects you to speedport.ip I tried the perl script but nothing happens maybe it's patched but there is an open ssh port on the device that asks for login data PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.50 (protocol 2.0) 23/tcp filtered telnet 80/tcp open http 631/tcp filtered ipp 8081/tcp filtered blackice-icecap.