F460 Light cat cracked Super admin

Source: Internet
Author: User
Tags ftp mongodb postgresql redis administrator password firewall


F460 to modify Telnet login username and password




To view the root account password, you can use the Sendcmd 1 DB p telnetcfg
To modify the root account, you can use the Sendcmd 1 DB set telnetcfg 0 ts_uname XXXXXX
To modify the root password, you can use the Sendcmd 1 DB set telnetcfg 0 ts_upwd XXXXXX



After deleting the TR069, each restart route TR069 out again



TR069 Delete the settings you want to save, you probably forgot to save the settings.
There are light cats do not recommend the deletion of TR069, after the deletion of a lot of free speed up activities will not be eligible to participate in the



Specific process



ZXA10 F460 zhongxing Light Cat (E8-c), the first time the installation, the Super Administrator account: telecomadmin Password: ne7ja%5m This is the default, by the installer set the relevant settings, will automatically download the configuration, this time the Super Administrator password will be modified, Modified to TELECOMADMINXXXXXXXX (8 x is 8 digits, each user is different) this format. Because many settings need to be set under the Super Administrator, it is necessary to crack this super admin password.

Method 1: Hit number 10,000th, report the equipment number can be found. (Of course, it is best to let the installer call to check), I am here is Suzhou Telecom, I played 10000, said a long time ... can be found. This method is the simplest and the least dangerous.

Method 2:telnet the router and enter the BusyBox view. (Here's how winxp,win7 uses Telnet to view itself)
1. Run cmd, enter telnet 192.168.1.1


2. After successful connection, there will be F460 login: hint
Login account and password, mostly root, when the password will not have character prompts
Enter root return root return












2013-04-12 Update:



Now many places telnet cat account password more changed, if there are errors, you can try the account password is






3. After the successful landing, will be prompted BusyBox version, where the shell can be operated





4. Input sendcmd 1 DB p UserInfo



Appear below the thing, see "telecomadmin" this below, I this is the original password has not changed is ne7ja%5m, changed is "telecomadminxxxxxxxx".



<tbl name= "UserInfo" rowcount= "4" >



<row no= "0" >



<DM name= "ViewName" val= "IGD". Userif.userinfo1 "/>



<DM name= "Type" val= "1"/>



<DM name= "Enable" val= "1"/>



<DM name= "Username" val= "Telecomadmin"/>



<DM name= "Password" val= "ne7ja%5m"/>



<DM name= "Right" val= "1"/>



</Row>
........................



-- --- -successfully see the password, to end- - --- -



2013-06-20 Update:



To view the root account password, you can use the Sendcmd 1 DB p telnetcfg



To modify the root account, you can use the Sendcmd 1 DB set telnetcfg 0 ts_uname XXXXXX



To modify the root password, you can use the Sendcmd 1 DB set telnetcfg 0 ts_upwd XXXXXX






2013-04-17 Update:



To modify the super account, you can use sendcmd 1 DB set UserInfo 0 Username XXXXXX



To Modify the Super password, you can use sendcmd 1 DB set UserInfo 0 Password XXXXXX






--- --- do not see the password, continue with the following action--- ---



2012-09-10 Update:



Note: Be careful with the following substitution operations, because the replacement operation is a certain risk!






5. View all Files command ls, go to command CD, copy command CP, here VI Edit command is disabled (this step to see, do not do any action)
View file and password location
Enter LS to view all files





Enter cd/userconfig/cfg into the CFG folder
Input ls, view cfg all files





Here I checked myself, Db_backup_cfg.xml Db_user_cfg.xml is mostly encrypted, may be to prevent direct viewing bar. Db_default_cfg.xml is not encrypted, you can study it yourself. Maybe replace the password directly

6. Enter the HOME/HTTPD folder



Input cd/home/httpd
Note: There is a space between the CD and/



Check to see if there are any login.gch, some words can proceed to the following steps, such as the picture with red all out of the file





Backup LOGIN.GCH to avoid problems with failures



Input Cp/home/httpd/login.gch/home/httpd/login.gchbak



Note: There is more than one space between CDs and/,GCH and/or






7. After you have backed up the file, you are overwriting the file.
Set up a local FTP server,ftp_login compression package with software and replacement files.



Network disk Download: Jinshan Network disk Baidu Network

Extract into the C-packing directory, run the Ftpman folder under the FtpMan.exe. A firewall may be ejected, optionally allowed.



Note: If you have a firewall installed, it is best to temporarily shut down the firewall, free from the use of




The following starts with an operation that replaces LOGIN.GCH



Enter wget ftp://192.168.1.2/login.gch in the Command box



The following prompts show that the replacement LOGIN.GCH succeeded. The above 192.168.1.2 is the address of local FTP, please check your own IP address.






8. Browser, input 192.168.1.1



Appear F460 landing interface, the upper left corner of a string, that is the Super administrator password.







User name Input telecomadmin
A string appears in the upper-left corner of the password, and the general password is telecomadminxxxxxxxx (8 x is 8 digits) of this form. Click Login to access the Super Admin interface
To this end, the Super admin password cracked.


Alibaba Cloud Hot Products

Elastic Compute Service (ECS) Dedicated Host (DDH) ApsaraDB RDS for MySQL (RDS) ApsaraDB for PolarDB(PolarDB) AnalyticDB for PostgreSQL (ADB for PG)
AnalyticDB for MySQL(ADB for MySQL) Data Transmission Service (DTS) Server Load Balancer (SLB) Global Accelerator (GA) Cloud Enterprise Network (CEN)
Object Storage Service (OSS) Content Delivery Network (CDN) Short Message Service (SMS) Container Service for Kubernetes (ACK) Data Lake Analytics (DLA)

ApsaraDB for Redis (Redis)

ApsaraDB for MongoDB (MongoDB) NAT Gateway VPN Gateway Cloud Firewall
Anti-DDoS Web Application Firewall (WAF) Log Service DataWorks MaxCompute
Elastic MapReduce (EMR) Elasticsearch

Alibaba Cloud Free Trail

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.