xorl %eax, %eax

Zyxel Prestige 660HW-T1 Default Password

with 3 comments

So… here is a little story. Yesterday, I was about to fall asleep and I was looking at some retarded IRC channel where some usual IRC trolls where spending their time. I decide to sacrifice a couple of minutes and play around with these guys. Firstly, I grabbed a couple of IPs from this channel. Then, I logged in to a remote box and start FIN scanning them. Suddenly, there was something that made me laugh…

23/tcp open  telnet

I tried log in to that box and I got a prompt for a password. I wasn’t performing any significant attack so I decided to just guess a couple of passwords and if none of them works I’ll just get back to sleep :p
First attempt: admin
It worked :P And then I had what you can see in the following capture from my terminal.

zyxel pwn
Well, I didn’t do anything harmful. I just insert a new firewall rule to block TCP traffic to and from port 6667 which was the IRCd’s listening address. A couple of minutes later I saw that nice:

 Quit: Ping timeout

I know that this is kind of lame but nevertheless it was fun and I’d like to share it.. It’s just retarded! Just keep an eye on the facts:
1) You are an IRC troll
2) You’re logging on IRC using your real IP
3) You have wide open telnet port on your router
4) You have not changed the default password
I mean… This guy just sucks! Anyway, time to sleep :)


Written by xorl

February 18, 2009 at 21:34

Posted in network devices

3 Responses

Subscribe to comments with RSS.

  1. Are you sure you only “FIN” scanned them? Because the output for Nmap would then be open|filtered for a port that didn’t elicit a RST response. Your output shows that the port is “open”. There is no way to deduce whether the port is open or filtered just with a FIN scan, due to the nature of the scan itself which exploits a RFC 793 ambiguity. Hosts will either send a RST or will not answer at all upon seeing a FIN probe.


    February 19, 2009 at 10:28

  2. I did just FIN scan them, the above is not a copy/paste from terminal, I’ve written it by hand since I made this post from work after more than 24 hours and the only thing I had was a screen capture of the main menu of that router.
    Thanks for the correction :)


    February 19, 2009 at 11:59

  3. I have a Zyxel Prestige 660HW-T1 and haven’t got the password having not required it for years. Does anyone know it. It is not 1234 or admin.


    June 11, 2011 at 10:51

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s