F460 Light cat cracked Super admin

F460 to modify Telnet login username and password

To view the root account password, you can use the Sendcmd 1 DB p telnetcfg
To modify the root account, you can use the Sendcmd 1 DB set telnetcfg 0 ts_uname XXXXXX
To modify the root password, you can use the Sendcmd 1 DB set telnetcfg 0 ts_upwd XXXXXX

After deleting the TR069, each restart route TR069 out again

TR069 Delete the settings you want to save, you probably forgot to save the settings.
There are light cats do not recommend the deletion of TR069, after the deletion of a lot of free speed up activities will not be eligible to participate in the

Specific process

ZXA10 F460 zhongxing Light Cat (E8-c), the first time the installation, the Super Administrator account: telecomadmin Password: ne7ja%5m This is the default, by the installer set the relevant settings, will automatically download the configuration, this time the Super Administrator password will be modified, Modified to TELECOMADMINXXXXXXXX (8 x is 8 digits, each user is different) this format. Because many settings need to be set under the Super Administrator, it is necessary to crack this super admin password.

Method 1: Hit number 10,000th, report the equipment number can be found. (Of course, it is best to let the installer call to check), I am here is Suzhou Telecom, I played 10000, said a long time ... can be found. This method is the simplest and the least dangerous.

Method 2:telnet the router and enter the BusyBox view. (Here's how winxp,win7 uses Telnet to view itself)
1. Run cmd, enter telnet 192.168.1.1


2. After successful connection, there will be F460 login: hint
Login account and password, mostly root, when the password will not have character prompts
Enter root return root return

2013-04-12 Update:

Now many places telnet cat account password more changed, if there are errors, you can try the account password is

3. After the successful landing, will be prompted BusyBox version, where the shell can be operated

4. Input sendcmd 1 DB p UserInfo

Appear below the thing, see "telecomadmin" this below, I this is the original password has not changed is ne7ja%5m, changed is "telecomadminxxxxxxxx".

<tbl name= "UserInfo" rowcount= "4" >

<row no= "0" >

<DM name= "ViewName" val= "IGD". Userif.userinfo1 "/>

<DM name= "Type" val= "1"/>

<DM name= "Enable" val= "1"/>

<DM name= "Username" val= "Telecomadmin"/>

<DM name= "Password" val= "ne7ja%5m"/>

<DM name= "Right" val= "1"/>

</Row>
........................

-- --- -successfully see the password, to end- - --- -

2013-06-20 Update:

To view the root account password, you can use the Sendcmd 1 DB p telnetcfg

To modify the root account, you can use the Sendcmd 1 DB set telnetcfg 0 ts_uname XXXXXX

To modify the root password, you can use the Sendcmd 1 DB set telnetcfg 0 ts_upwd XXXXXX

2013-04-17 Update:

To modify the super account, you can use sendcmd 1 DB set UserInfo 0 Username XXXXXX

To Modify the Super password, you can use sendcmd 1 DB set UserInfo 0 Password XXXXXX

--- --- do not see the password, continue with the following action--- ---

2012-09-10 Update:

Note: Be careful with the following substitution operations, because the replacement operation is a certain risk!

5. View all Files command ls, go to command CD, copy command CP, here VI Edit command is disabled (this step to see, do not do any action)
View file and password location
Enter LS to view all files

Enter cd/userconfig/cfg into the CFG folder
Input ls, view cfg all files

Here I checked myself, Db_backup_cfg.xml Db_user_cfg.xml is mostly encrypted, may be to prevent direct viewing bar. Db_default_cfg.xml is not encrypted, you can study it yourself. Maybe replace the password directly

6. Enter the HOME/HTTPD folder

Input cd/home/httpd
Note: There is a space between the CD and/

Check to see if there are any login.gch, some words can proceed to the following steps, such as the picture with red all out of the file

Backup LOGIN.GCH to avoid problems with failures

Input Cp/home/httpd/login.gch/home/httpd/login.gchbak

Note: There is more than one space between CDs and/,GCH and/or

7. After you have backed up the file, you are overwriting the file.
Set up a local FTP server,ftp_login compression package with software and replacement files.

Network disk Download: Jinshan Network disk Baidu Network

Extract into the C-packing directory, run the Ftpman folder under the FtpMan.exe. A firewall may be ejected, optionally allowed.

Note: If you have a firewall installed, it is best to temporarily shut down the firewall, free from the use of

The following starts with an operation that replaces LOGIN.GCH

Enter wget ftp://192.168.1.2/login.gch in the Command box

The following prompts show that the replacement LOGIN.GCH succeeded. The above 192.168.1.2 is the address of local FTP, please check your own IP address.

8. Browser, input 192.168.1.1

Appear F460 landing interface, the upper left corner of a string, that is the Super administrator password.

User name Input telecomadmin
A string appears in the upper-left corner of the password, and the general password is telecomadminxxxxxxxx (8 x is 8 digits) of this form. Click Login to access the Super Admin interface
To this end, the Super admin password cracked.

Alibaba Cloud Hot Products
Elastic Compute Service (ECS)	Dedicated Host (DDH)	ApsaraDB RDS for MySQL (RDS)	ApsaraDB for PolarDB(PolarDB)	AnalyticDB for PostgreSQL (ADB for PG)
AnalyticDB for MySQL(ADB for MySQL)	Data Transmission Service (DTS)	Server Load Balancer (SLB)	Global Accelerator (GA)	Cloud Enterprise Network (CEN)
Object Storage Service (OSS)	Content Delivery Network (CDN)	Short Message Service (SMS)	Container Service for Kubernetes (ACK)	Data Lake Analytics (DLA)
ApsaraDB for Redis (Redis)	ApsaraDB for MongoDB (MongoDB)	NAT Gateway	VPN Gateway	Cloud Firewall
Anti-DDoS	Web Application Firewall (WAF)	Log Service	DataWorks	MaxCompute
Elastic MapReduce (EMR)	Elasticsearch