ZTE F460 light cat cracking super Administrator

ZXA10 F460 ZTE light CAT (E8-C), in the first installation, super Administrator Account: telecomadmin password: nE7jA % 5 m This is the default, after the installation staff set the relevant settings, the configuration will be automatically downloaded. At this time, the super administrator password will be changed to telecomadminXXXXXXXX (8 X numbers, different for each user. Because many settings can only be set under the super administrator, it is necessary to crack this super administrator password.

Method 1: Call 10000 and report the device number. (Of course, it is best to ask the installer to call us.) I am from Suzhou Telecom. I have been calling 10000 for a long time ............ Yes. This method is the simplest and least dangerous.

Method 2: telnet the vrotelnet and go to busybox. (Winxp is used here. How can I use telnet to view winxp on Windows 7)
1. Run CMD and enter telnet 192.168.1.1


2. After the connection is successful, the following message is displayed: F460 login.
Login account and password, mostly root. No character prompt is displayed when you enter the password
Enter root press ENTER

 

3. After successful login, The busybox version will be displayed. You can perform shell operations here.

4. Input sendcmd 1 DB p UserInfo

See the following: "telecomadmin". If my original password is not changed, it is nE7jA % 5 m. If it is changed, it is "telecomadminXXXXXXXX ".

<Tbl name = "UserInfo" RowCount = "4">

<Row No = "0">

<DM name = "ViewName" val = "IGD. UserIF. UserInfo1"/>

<DM name = "Type" val = "1"/>

<DM name = "Enable" val = "1"/>

<DM name = "Username" val = "telecomadmin"/>

<DM name = "Password" val = "nE7jA % 5 m"/>

<DM name = "Right" val = "1"/>

</Row>
........................

------ The password is displayed successfully, and the end is now ------

 

------ No password is displayed. Please proceed with the following operations ------

 

 

5. view all the file commands ls, enter the command cd, and copy the command cp. Here, the vi editing command is disabled (this step can be done without any operation)
View the file and password location
Enter ls to view all files

 

Enter cd/userconfig/cfg to enter the cfg folder.
Enter ls to view all cfg files

Here I checked it myself. db_backup_cfg.xml db_user_cfg.xml is mostly encrypted and may be prevented from being directly viewed. Db_default_cfg.xml is not encrypted. You can study it yourself. Maybe you can directly replace the password

6. Go to the home/httpd folder.

Enter cd/home/httpd
Note: there is a space between cd and /.

Check whether there is any login. gch. If yes, you can perform the following steps to use all the files in red.

Back up login. gch to avoid failure

Enter cp/home/httpd/login. gch/home/httpd/login. gchbak

Note: there is a space between cd and/, gch, And /.

 

7. After the file is backed up, the file will be overwritten.
Build a local ftp server. The ftp_login package contains software and replacement files.

Decompress the file to the C root directory and run the ftpman.exe file under the ftpmanfolder. A firewall may pop up. You can select allow.

Note: If a firewall is installed, it is best to temporarily disable the firewall and avoid unavailability.

 

 

The next step is to replace login. gch.

Enter wget ftp: // 192.168.1.2/login. gch in the Command box.

 

The following message is displayed, indicating that login. gch is successfully replaced. Above 192.168.1.2 is the address of the local ftp, please check your own IP address.

 

8. Enter 192.168.1.1 in the browser.

On the F460 logon page, a string is displayed in the upper left corner, which is the Super administrator password.

Enter telecomadmin as the user name
A string appears in the upper left corner of the password. Generally, the password is in the form of telecomadminXXXXXXXX (8X8 digits. Click Login to enter the super administrator interface
At this point, the super administrator password cracking has ended.