Home page logo

basics logo Security Basics mailing list archives

Re: Nortel Contivity password
From: <ed.rudek () dbopt com>
Date: 11 Dec 2003 13:05:01 -0000

In-Reply-To: <20030905230854.GA4575 () spoofed org>

We have recovered over 20 administrator usernames and passwords from Nortel Contivity switches and offer this as a 
service. Specifics are outlined in the following URL:
or you may email us at info () dbopt com

Best Regards,

On Fri, Sep 05, 2003 at 03:49:00PM -0000, Jim Brezicky wrote:
Good Morning all,

I rccently changed the admin password on my Nortel Contivity 2600, well as 
luck would have it I must have written it down wrong. 

Does anyone know if it's recoverable, and if so how. I've checked the web 
and haven't been able to find anything so far.

Any tips or suggestions would be greatly appreciated.

I was in a similar position a while back, but not with a Nortel Device.
The root password to a very important machine got changed, but it wasn't
remembered by the admins correctly.  There was no easy physical access
to the machine and ssh was the only way of connecting remotely.

Since I was the one who fudged the password, I had a reasonably good
idea of how I could've screwed up.  I tossed together some quick perl
and expect code, and I was in relatively quickly.

Basically, the perl code, given a list of possible mistypes for each
character in the password, will enumerate all possible passwords.  These
are then piped to the expect script, which attempts to connect to the
remote machine and run 'id'.  

Since your device doesn't have SSH access, you'll have to cobble
something together to pipe the possible passwords to the web interface.  

I'm attaching the scripts I used to this mail.  Sure, they are ugly and
hackish, but drastic times call for drastic measures :)

Good luck,


Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="unfoo.pl"


$a = "";
$b = "";
$c = "";
$d = "";
$e = "";
$f = "";
$g = "";
$h = "";
$i = "";
$j = ""; 
foreach $A (split(//, $a)) {
  foreach $B (split(//, $b)) {
     foreach $C (split(//, $c)) {
        foreach $D (split(//, $d)) {
           foreach $E (split(//, $e)) {
              foreach $F (split(//, $f)) {
                 foreach $G (split(//, $g)) {
                    foreach $H (split(//, $h)) {
                       foreach $I (split(//, $i)) {
                          foreach $J (split(//, $j)) {
                            print "$A$B$C$D$E$F$G$H$I$J\n";

Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="unfoo.exp"

set password [lindex $argv 0]
spawn ssh root () server "id"
expect {
assword: { send $password\n;
          expect {
           -re "denied" exit 

Content-Type: text/plain; charset=us-ascii

Captus Networks 
Are you prepared for the next Sobig & Blaster? 
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
- Precisely Define and Implement Network Security 
- Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 


  By Date           By Thread  

Current thread:
  • Re: Nortel Contivity password ed.rudek (Dec 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]