HACK MY ROUTER > 173.25.216.1 username/password unknown (SOLVE COAGULA)


10 posts in this topic Last Reply

Recommended Posts

My ISP Mediacom highjacked my property >the router< this router is not a Mediacom cable rental.

For the first week after installation, Mediacom claimed my router was faulty, which I said.

No its not and >I declined their [rental fee cable modem offer].<

During this time I could manually reset the router to get into the router 192.168.0.1 no problems here. Customer service call center could see the cable modem, until they reset the modem and attempted to [provision] the setup remotely.

Which caused the router be be stuck on downloading the provisioning file. (I doubt, if there was a configuration file even sent).

In this mode customer service would explain they now cant see the router on their end and nothing more would be done.

 

I would get the typical political double speak run around any questions, to avoid the question and really say nothing at all at the end. Only for me to ask the question not answered...

Then get deflected to contact the manufacture of the router. Which I never did, because it was B.S to begin with.

Finally I got someone on the line whom could see the modem and asked one person to turn off the bridge mode or check for a double NAT configuration file incidence. BAM magickly at a lift of a finger the real problem of Mediacom blocking/denying the service magically went away. (Same thing at a push of a button, when a customer hasn't payed the bill...The CM Mac address gets "denial" of the service ban).

 

Short story short, after the CM MAC address ban was lifted and the cable router [provisioning] file was actually sent. I moved on to a fresh UNRAID install... to discover ports being jackhammered, flood of alerts seeing password denials on users TECH, ADMIN, ROOT, ADMIN1, CUSADMIN. I was wondering why I couldn't log into the router to check on the firewall. 

Take a look at the # ifconfig, ipconfig /all screenshot some dickwads at Mediacom warped the settings and also appear to have reset the username and password.

 

I tried a lot of things like 192.168.0.1/administration.asp or 192.168.0.1/security.asp I haven't gotten very far

Anyone here have a idea for me to regain control of my router???

Or hack the router and change the username and password and help me get my router back.

 

Edited by Port22_Login_root_ScanBot
need username and password help (SOLVE)
Link to post

First thing I would try is hit that factory reset button to put everything back to factory settings. Then change your admin password immediately. Do this all while not plugged into their modem. One you control everything again, then go step by step to get only what you need. I would never let them provision a router. They should only be provisioning the modem. I would be looking at a new ISP...

Link to post
Posted (edited)
2 hours ago, falconexe said:

First thing I would try is hit that factory reset button to put everything back to factory settings. Then change your admin password immediately. Do this all while not plugged into their modem. One you control everything again, then go step by step to get only what you need. I would never let them provision a router. They should only be provisioning the modem. I would be looking at a new ISP...

That was how I was getting around them the first rounds with media-com cable, when they was telling me my cable modem/router was faulty. I did the manual reset to get back to step one where they could see my equipment on the cable line.

 

Yes, I am extremely pissed finding out it was provisioned and I'm locked out and it appears the firewall is off as well. It is so bad I do not have access to the wireless to try from windows shell administrator C:\>netsh  netsh>wlan show profile  netsh>wlan show profile"the router"key=clear 

to crack my own wlan key content password.

Since WLAN was never set up, I do not even have the ability to search for saved password on any local machine.

 

I'm just in a bad bind, there was no need for mediacom cable to pull their garbage on my equipment.

I'm still trying trying to regain control of a basic firewall issue that has given me nothing but port-bot pinging grief

 

That did cross my mind to dump mediacom cable for the obvious and well documented repetitive bait-n-switch behavioral deceptive business  practice problems...

I think a love hate relationship is well in order for a that "dish" best served cold. Besides for $23.00 mo. I don't plan to go anywhere for now...

Edited by Port22_Login_root_ScanBot
username password help
Link to post
Posted (edited)

Now that I been able start up the cable modem/router WLAN I can give myself permission, to attempt to take control of my equipment.

Looks like my next course of action should be focusing upon being a bit LAZY and remember to use a encrypted VM

~# get clone https://gethub.com/arismelachroinos/lscript.get via arch

~# cd lscript                                                                   ^

~#/lscript# ls

~#/lscript# chmod +x install.sh

~`#/lscript# ./install.sh

lets take a look at some unique tools, shall we? HACK THE BOX 🤨

 

https://github.com/kimocoder/wifite2 via kali

 

For me it WILL BE just a matter of time, if something like this is of interest...look at YT for NetworkChuck and legally HACK THE BOX

 

Edited by Port22_Login_root_ScanBot
looking at some tool links
Link to post

Is it your router or your Cable Modem?

 

If its your cable modem, there is new firmware pushed because of California and other State Laws. The new firmware sets a default username password and forces a change after first login. My ISP has this documented in their online forums, but I saw my answer in DSLReport forums.

 

For Motorola cable modems what you need to know is:

Username: admin

Password: last 8 of the Serial Number.

Link to post
Posted (edited)
4 hours ago, BRiT said:

Is it your router or your Cable Modem?

 

Both in one device...The POE-coax cable line, Mediacom cable from the pole that connects to the first filter/spliter at the customer location. Where the POE is no longer needed and the coax cable DMZ continues to a modem (my customer supplied LAN HUB firewall equipment) which allows devices on my side to be routed together that also has WiFi broadcast capabilities in one device.

A little bit confusing, so I will leave out the switch that is also connected between cable modem and all other devices on my side of the access point...toss in Wiregaurd/UNRAID/Dockers that have problems of its own on a fresh install.

The first step is establish the DMZ on the Mediacom cable line and regain control of my property, the gateway access point modem.

First objective is to regain control of the cable modem, change the username/password and enable the firewall and port blocking features within the cable modem that has been hijacked by the ISP provider Mediacom cable.

 

Thank you BRiT for contributing some methodology in the username and password

http://www.dslreports.com/tools

Satilite.png

Edited by Port22_Login_root_ScanBot
Link to post
Posted (edited)
22 hours ago, BRiT said:

Other mentioned possibilities included from ( https://www.dslreports.com/forum/r32895609-AZ-New-Motorola-MB8600-Firmware-8600-19-3-11 )

 

Username: admin / Password: motorola

Username: admin / Password: admin

admin/password

Ah thanks, I was digging around looking for my manufacturer and model number.

To clear this idea up where i am at and my ISP provider stance on this issue...

 

I am locked out to get to any form of a limited user interface at the device level that existed before the Mediacom cable install.

I get a wheel of death when attempting to get to the original IP address 192.168.0.1 that mediacom refuses me access to. The IP address appears to have been changed to another IP address. The wheel of death times out not allowing any username/password window pop up to begin with at the device point 196.168.0.1.

(My cleaver ISP provider Mediacom cable also appears to be using a different credentials IP address starting point [ homewifi.mediacable.com ]for a redirect to the device IP address as well)

 

If I do get to Mediacom limited user-face access, for example homewifi.mediacable.com and a new user/password popup window does appear. ( Mediacom stance/excuse is, "because this is not mediacom rental equipment and is a customer provided equipment, I am not allowed access". (a username/password) to have access to get to my property settings at the device level, past their malware installed onto the modem)

In the address bar on top of the browser page, typing in the following parms might work. homewifi.mediacable.com/security.asp or homewifi.mediacable.com/administrator.asp to bypass their login credentials.(If I was at the device level access point, but the malware is expecting a redirect from {IP elsewhere} not directly from 192.168.0.1 but a redirected IP address with the cleared credentials check.)

From here bookmark/save this location <(the step that accurately bypasses the medcom cable popup user/password credential page).

Go back to my ISP user/password webpage [enter the correct user/password credentials] {that does not exist, because they refuse to set up a customer account, because it is customer provided equipment} to get past their webpage login point.

Using the new bookmark saved location, use that location to get behind the ISP webpage layer to get into the device layer of the Linux language the device is actually using. Sorta like the VM layer the ISP uses with the webpage GUI, but the next layer behind is the persistent storage of the changed settings the device is actually using.

For example, if port forwarding is not working, or any changes at the ISP webpage upper layer is not actually saved to the device.

Edited by Port22_Login_root_ScanBot
Link to post
Posted (edited)

* END ALL ENGAGEMENT ACTIVITIES, outside help is not required*

* The activities I find myself invested in engaging in (time wasted) can be potentially avoided. For others, whom discover to find themselves in this similar situation by Their ISP...*

* I contacted customer service of my ISP. Using my social engineering skill set, it is my opinion, there may be an IT cyber security blue team monitoring traffic.*

I will mention an up tick of phone calls from Florida today, odd that no one was on the end of line.

 

My mitigations going forward, advice and opinion.

 

     1.) I need to let go of my self interest in using one device to do all and those other feelings about that modem, let it go...

What other equipment do some individuals have an interest in using? > $$$ Perhaps a Rpi4 installed with PieHole, other software and monitor log your port traffic here, at the DMZ modem access point.

 

          A.) Let the ISP play their game with the hostile hijacking of the modem, (the hackers and port scanning bots have a target of attention, a user/password to breach {let them waste their time doing that activity and monitor that inbound traffic of the username/password failures, admin, tech, cusadmin, admin1, password, ect.}).

In my case example, my cleaver ISP has an external IP address point of entry that is authenticated and forwarded to the first access point.

It appears my ISP might be monitoring that traffic on their end for suspicious activity.

See * three above ^ good for them, I am washing my hands of what ever it is and moving forward in securing my side.

Thank you all for any participation in pen testing Mediacom cable infrastructure leading to my open ports lacking a firewall.

 

          B.) Install a second router LAN Hub to the first modem you can access and have user based control.

Once you can ascertain what that first modem is doing. What is the IP address set by the ISP for your side of the traffic of the first modem used?

Set up the second point of access, for example your type of LAN structure to be used and build it. $$$

 

Thank you, MEDIAcons cable for hijacking my modem, dropping my firewall, leaving my ports wide open and installing your malware into my property...d!(%w@&$

1.) Its is quite clear that MediacomCable is still continuing in their well documented, greed based deceptive bait-n-switch, repetitive behavioral patterns of poor choices in business practice and customer disservice.

2.) Its is quite clear that MediacomCable employees are being used by corporate policies, customer service scripts provided by mediacom to be the mouths and hands into steering unwitting customers into accepting the [rental fee equipment]. (MediacomCable financial motive, MediaCom Cable is comfortable in losing a few "customer supplied equipment" customers. That become pissed off by the scripts, customer services uses supplied by MediaCom Cable. 

Even if the "customer supplied equipment" customer has just enough knowledge to manually set up ones own supplied equipment?) $:-X$

3.) Its is quite clear that MediacomCable treats customers differently based on "customer provided equipment" or MediaCom Cable [rental fee equipment] that is being being used.

     A.) MediaCom Cable customers have limited modem access via [ homewifi.mediacable.com .] A customer that has "customer supplied equipment" do not have access to the full use of their own property that has been hijacked by [provisioning] the "customer supplied equipment."

That is left in a unmanageable state without a firewall, ports left wide open and MediaCom Cable potential malware. Downloaded by the [provisioning] and locking the "customer supplied equipment" user access to the "customer supplied equipment" own property >my modem<.

 

Very Important As a public service reminder, as the title did give, my permission to do what?

HACK MY MODEM "is now revoked". If these type of activities are of interest. For ones own educational purpose or field of interest.

Please do so responsibly, I going forward should not be determined to held responsible for another persons actions of ones own voluntary volution.

There are legal oppertunites to pursue, as in, when someone gives a limited permission to do so. An organized intuition request from an outside 3rd party testing. HACK MY BOX educational constructive outlets.

https://www.hackthebox.eu

 

Edited by Port22_Login_root_ScanBot
pen testing my ISP to my open ports
Link to post
  • Port22_Login_root_ScanBot changed the title to HACK MY ROUTER > 173.25.216.1 username/password unknown (SOLVE COAGULA)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.