Citiraj:

6. >Access rule type: Apply to all clients >Comment: svejedno >Access level: custom >Filtering mode: block (allow)

Ovo san jedva naša, mogli ste stavit Internet - Firewall - Access Control ;)

Citiraj:

$(cp /mnt/usbmsd/share/usb_0/passwd /etc) ILI $(cp /mnt/usbmsd/share/usb_1/passwd /etc) [ovo ovisi o particiji koju ruter prepoznaje na usb sticku. odluku koji ćete string upotrijebiti donosite na temelju prethodnog pregleda u USB meniju rutera gdje se particija može pročitati] >U alatnoj traci browsera odete na ALATI te skroz ispod uključite tamper data. Čim vam se otvori prozor tamper data kliknite START TAMPER. Pripazite na to da ništa ne radite na internetu osim ovog namještanja rutera >Pritisnite tipku ADD >Iskočit će vam prozor. odznačite kvačicu na continue tamper i pritisnite tampering >Kopirajte cijeli sadržaj iz kućice reda (CTRL+A) IGD.V_Firewall.FWSOFTCoded.%7Bl%7D.name >Kopirani sadržaj zalijepite tamo di vam piše TCP (naravno da prethodno izbrišete TCP) >Kliknite na 'u redu' 7. Izbrišite access rule koji ste napravili tako da kliknete na access control i ispod stisnete delete. (nakon ovoga pa do reboota admin pass će biti user)

OK zalipin string, dignen temper data. Nakon toga ADD i onda počmu pusti pop-upovi, nakon toga zamjena ona TCP. Sada me zanima šta sa temper data nakon toga, ako i kako doć do delete profila bez da potvrdin 800k puta temper data.

Na kraju toga prije SSH triba li router resetirat?

Proba san već par puta i stalno iman access denied, a neman dole spomenut fw nego stariji. :smoke:

EDIT:
Sve rješeno. Ako neko ima problema sličnih neka javi, rado ću pomoć jer san ja skoro razbio svoga :D
EDIT2:
Ma skužio san sve to :)

ups, ovaj šesti korak sam ja prilikom edita progutao..
uglavnom negdje griješiš, a što se tiče tamper data da ne iskače 800k puta nakon koraka 6 možeš ugasiti tamper data.
ali sad moj iskreni savjet; uskoro dolazi novi tutorijal, sa novim firmwareom. U novom tutorijalu neće trebati usb a i lutanja u webguiju bit će upola smanjena.

dakle svima savjet da sačekate i da se strpite. uskoro ćemo izbaciti novi fw uz značajno brži i lakši tutorijal :)

Nije valjda da ste uspjeli rasturiti root password ? :goood:

To san i ja jučer pokuša, ali bez obzira na dodjeljene ovlasti nisan moga kreirat folder priko ftpa :(

Probaj preko onog file servera, dodas isto onako user i pass (probaj isti kao i za ftp) i kad pita za onaj kao ime za share stavis nesto i to ce se pojaviti kao folder kad se spojis.

Hi Guys!

Sorry, for english (not even sure if it is not against forum rules) but cant speak Crotian at all, found a way that makes SSH enabled way much easier (without USB needed at all) and read that for some it did not work due to firmware upgrade maybe new way will. (Siemens firmware has more holes than a Cheese). Going to test it a bit more then publish it once it works as i want it to.

Welcome to PC Ekspert Forum, english will be just fine :chears:
Inform as when you have something useful or progress.

Hello!

We have a configfile that enables SSH. (no need for USB)
And we've also found a way to copy the passwd file into the device without USB.
A new tutorial will be published in a few days.

Replacing configfile resets whole config though.

Eighter way iam semi-ready and hopefully someone will find this useful too :)
If i did everything right this post should have an enablessh.txt attached to it, it is a php script as iam a lazy programmer (and as such need php to run).

Usage: php enablessh.txt (ipaddr) (web username) (web password) [new admin password]

Example: php enablessh.txt 192.168.1.1 operator operator (enables SSH)
php enablessh.txt 192.168.1.1 operator operator pwned (enables SSH and set administrator password to pwned)

What it does it connects to the router via webinterface, logs in and tell the router to enable ssh without any dirty hack, plus if 4th parameter given it changes administrator password too (even when logged in via subscriber account, Siemens did a really crappy work when it came to priviledge checking). As administrator login is needed to get a shell from SCM management console via sx762os or sx763os commands).

It might be done cleaner still though, any feedback appreciated as i only could try it on my SX763 as danube one already have wrt on.

PS:
For the ones do not trust the php script, it can be done via tamperdata method by tampering at Advanced Settings->Remote Management and adding the following elements (first enables ssh second change admin password):

X_set_IGD.V_SSH.Enable=1
Y_set_IGD.V_PasswordService.Administrator.Password=password

Where X is the next element of the last page post (mine is 4_set_IGD.V_WebServer.RemoteManagement.Interface so X would be 5 for me) and Y is X+1 and password is the urlencoded password you would like to administrator have.

Well, you made a good job.
But, in our case, it's preety useless, because T-Com has locked LAN 3 and 4 to iptv with it's configfile.
The easiest way to unlock these locked LAN ports is to load a new config. Also, in our config we have disabled and removed T-Com remote maintenance.
I must also say that we, on Danube devices can't login into SSH /w administrator, only /w operator and subscriber. The sx763os trick does not work. That's why we must overwrite the passwd file.


Nismo. Ali čak i da imamo root password iz sigurnosnih razloga ga ne bismo smjeli pustiti van. Također bi i T-Com u tom slučaju radit probleme jer bi bili pogođeni SVI njihovi ruteri na optici.

Novi način otključavanja nema veze ni s USB-om ni FTP-om. ;)

Administrator login is disabled or just not have password for it? (If i remember good SCM does not have an option to disable administrator account, but might be wrong). I only made the script because router was reset (when was trying to change connection type from DSL to Ethernet, seems like this one not likes it, would been nice to have voip as do not think the one with WRT will ever have one (do not think 32mb will be enought for asterisk and the voip drivers alone, times even dsl driver running out of it)

sx763os trick does not work because that command need 0 uid/gid on retail boxes only administrator and root have that level of access (and root password is unknown (hopefully)), T-Com firmware might disable administrator account (though iam quiet sure they do not have password for root eighter) but that would break firmware compatibility with retail devices (think scm_app have administrator hardcoded into it quiet a few times), i do not tell script makes it easier, but if it have administrator account due to bug its password can be changed by any other subscriber/operator user, and once log on with that sx763os should give shell (that is due to firmware compatibility too).

I think the Administrator login is disabled. On your website you wrote that the admin password is equal to the WebGui password. I've tried to do so many times but it still doesn't work.

That more means like unknown (its password not admin :)) than "not exists", on retail device my script changes that password (what goes for administrator user/default web login) using fake admin_user subscriber or operator to do so (and that will never be done through config_file as it is stored elsewhere), what is funny/or sad as with operator/subscriber SCM in V_PasswordService Administrator not even visible (still it is there just only shown to administrator creditants, like sx763os), so siemens did a good job there, just messed up at the webpage.. Easy to check though if you cat /etc/passwd and administrator user in it then it is there. :)

Or cat /config/system_configfile_r

Here it shows:

IGD.V_PasswordService.Administrator.Password=1055268;adminlame
....

So administrator password set to adminlame (was testing script, this is what defaults to admin on retail devices), as the routers "firmware" compatible that would make me think, T-Com was setting up Administrator password for the device, so those routers defaults to admin too but as soon as scm_app loads it changes (like my case to adminlame right now).

Why hungarian T-Com cant give devices like this (they gave me a D-Link 360R "access device" not even sure where it is). By the way here they like to give really complex admin username/passwords like (Dlink/Bridge, Telindus/Bridge, .../Bridge) would make me laught if the password would be Bridge there too. :D

Hi bcsaba.

You are right about sx763os working on administrator acc, just checked that and it works.
The reason why administrator password is not accepted is because there is a ssh public key located in /config/certs/pubkeys/administrator/ named 1copy1.
If any file is located at /config/certs/pubkeys/username/ than ssh server uses that for auth, and it ignores one from /config/system_configfile_r.

I assume that public key is only located in t-com and other branded fw-s, so by loading some older fw, which doesn't have that public key, it will accept web password and than we can get shell access.

About the voip on openwrt, it works ,even without asterix, ( check http://code.google.com/p/danube-voip/ ).

That explains why, sadly than script not really useful for any branded device. Seems like it doing same with here, just made the dirrectory and an empty 1copy1 and it did not accept password anymore. The problem with older firmwares that as far as i remember firmware updates never touch config jffs2 area.

When i will have patience to compile new trunk will give it a try, not sure how well it works now, my filesystem on an USB hdd, remember that was a major pain to reach (USB worked fine as a module, once compiled into the kernel, broke ADSL, had to mess with MEI load order to have both work, plus patch rootdelay into to wait until kernel detects harddrive), and that is just one thing not sure what works and not in trunk now.

Pozdrav,

Nije mi jasan prijelaz iz koraka 5 u korak 6. Gdje se nalaze opcije opisane u koraku 6 ?

Advanced > Internet > Firewall > :chears:

I mene je to jebalo upočetku. I obavezno stavi nešto pod komentar.

Uspio sam u medjuvremenu skuziti gdje je.
Sad sam se uspjesno logirao putem SSH sa username: operator i password: operator. Namjera mi je dodati staticke rute zato jer iza routera imam vise subnetova. Jel tko to uspio napraviti. Otisao sam u Layer3Forwarding. Postavio sam atribut V_AdvancedRoutingEnable na 1 (enabled). No ne mogu nikako pronaci gdje dodati staticke rute. Ako tko ima saznanja bio bih zahvalan.

root i operator, a ne operator i operator :rtfm:

Pozdrav jos jednom,
Kod preimenovanja filea iz PASSWD u passwd ftp klijent javlja error RNFR command not allowed i datoteka ostane u PASSWD. Probao vise FTP klijenata. Neznam zasto se dogadja ovo ako je stavljen full access u GUI-u ?

Evo resetirao sam router. Uspio sam preimenovati no otključavanje nije uspjelo. Opis koraka koje sam radio

- Formatirao usb na fat32 i stavio passwd file na njega
- Uploadao active_configfile iz all in one packa
- Ustekao USB stick u router
- Konfigururao FTP, logirao se sa klijenta i pomijenio PASSWD u passwd
- U filewall opcijama postavio opcije:

Access rule type: Apply to all clients
Access level: custom
Filtering mode: block (allow)
TCP port 666

U kucicu desno od porta kopirao $(cp /mnt/usbmsd/share/usb_0/passwd /etc) (usb particija je 0)

- u browseru odabrao tools -> tamper i kliknuo start tamper
- U GUI-ju routera kliknuo ADD
- Makao kvacicu sa continue tamper i kliknuo tampering
- Kopirao IGD.V_Firewall.FWSOFTCoded.%7Bl%7D.name i zamjenio kucicu gdje pise TCP sa ovim. Nakon toga kliknio OK.
- Izbrisao access rule
- Rebootao router
- Probao se logirati sa root i operator i ne radi (access denied)

U drugom pokusaju nisam brisao access rule no ista stvar.

Any ideas ?

Jel pise mozda negdje tamo u tutorialu pod tockom 6 da treba rebootat ruter nakon sta izbrises rule?

Upravo to. Nemoj rebootat, iobavezno stav comment (meni bez toga nije tilo).

Well, locked my router as forgot to delete 1copy1 from pubkey :D

Luckily there is an easy way to get in netherless. We all know there are two administrator user on SX763 root and administrator, the unlucky ones have that pubkey to get administrator locked out, root is not locked out. So first was trying to make the script do the access control tamper way, first it is quiet unpredictable (times command was run times it did not). Then started to mess a bit more with V_PasswordService and not just password writeable by anyone but its name key too.
And what happens when Name=administrator becomes name=root?
Scm_app overwrites root user as certificate limitation only on administrator, shell can be opened for root, though scm_app replaces its shell to mgmt, but we can escape from that with sx763os command, and can delete that nasty 1copy1 key from config.

New script attached to the post.

Its usage would be:
php enablessh.txt routerip webuser webpassword newadminpassword newadminname

Example:
php enablessh.txt 192.168.1.10 operator operator tcomsuxx root

That logs in to web interface using operator/operator, enables ssh, changes admin password to tcomsuxx and changes admin username to root

I think that defeats pubkey authentication completly (unless it is set up on root too what i doubt), it worked for me not sure if it is works on "locked" devices but not see anything why it should not, and it unlocks webinterface admin too as admin_role becomes root as we know root password (changed it to tcomsuxx this case) that password should be accepted on webinterface too (as admin_role is default )

There is one side effect due administrator name change, "administrator" user password stays default (what is logical as scm_app changes root user instead)

Hi

Thx fot the script, but not everyone has php installed, but luckily there is another way.

Issuing set V_SSH.ClientKeys.1.PublicKey = "generated SSH2 -dsa public key here" inside operator/operator mngmt console, after reboot puts that key inside 1copy1 to administrator acc, and by that you can login with your own generated private key, issue sx763os, delete 1copy1 and inside mngmt "V_SSH.ClientKeys.1.User = administrator" to "V_SSH.ClientKeys.1.User = subscriber"

Than it makes a 1copy1 to subscriber acc, and you can than login to administrator with web password.

I have a pdf tutorial for that, but it is not yet ready, and there will be second more easier way by making active_configfile with already preset "rm /config/certs/pubkeys/administrator/1copy1" inside firewall rule bug.

Also operator/operator login for web doesn't work after 4.3.52.11.310 fw. ( and for all fw-s made by sagem )

Could not find any sagem firmware to test, script should work with any creditians have minimal access to webinterface (even subscriber).
Just noticed that could not even test on those, this is v1 Amazon board, as for Danube one think going to stay with openwrt for now (not even sure it still have config partition as much as i messed with it), as for Voip wanted to try it out what you linked, but it still using vmmc and firmware, even tapidemo made router run oom once voip firmware loaded.

4.3.52.19.00
http://forum.pcekspert.com/showpost....&postcount=232

Just saying that on those new fw-s, login page is changed so only with administrator acc can be logged in.

If you need for amazon, PM me.

Sent PM, think will get another cheap danube one from ebay if i can find, it is hard to develop and test on the same router which i get internet from. :)

Hvala .delboy. To je bio problem. Zbunilo me sto se u tutorialu spominje reboot u zagradama.

Uglavnom uspio sam proci kroz sve korake. Uspjesno sam se logirao sa root i operator.Stavio sam novi firmware bootcode i runtime. Time je kako stoji u tutorialu proces zakljucavanja zavrsen. Sve je uspjesno proslo i sada imam narancaste izbornike umjesto ruzicstih :D.

E sad me zanima da li se nakon update-a firmware-a mijenjaju username i password za ssh pristup ili ostaju isti ? Pitam iz razloga jer sam se nakon update firmware-a pokušao ponovo logirati kao root (slijedeci korake iz tutoriala) i dobio sam access denied.

Da mjenjaju se na staro. Sacekaj jos koji dan doci ce nove upute sa puno laskim otkljucavanjem, s kojim ce se imati root pristup za stalno.

Ok ocekujem s nestrpljenjem novi tutorial

Nadam se da postam na dobar topic, ako ne, nemojte me mrziti.
Uglavnom jućer od groma crko moj sx 763- T-com. Prijavio kvar i danas dobio drugog. Ono što je zanimljivo izgleda da je greška kod t-coma i da je stari ruter povukao neki neispravan firmware (ako je to moguce ? ). Veze na net nemam na starom primjerku (online ne svijetli), ali u njegovom izborniku nema više T.com ovog loga, , otvorila mi se mogućnost za update firmwarea što kod novog nema. Sad, ubacio sam nekoliko prnt scrinova pa vidite što se dogodilo, i jel bi se dao stari router ikako osposobiti da radi ??

Nije povukao krivi fw, nego je nvram particija dobila nekakav error (zna se nekad desit) pa se resetirala na onu defaultnu, ali i dalje bi trebao ruter raditi kao prije.
Mozda je problem u configu, probaj stavit taj iz novog.

Ruter ne radi nikako, tj online lampica :) ne svijetli i ne može se uspostaviti veza, a za config, hm, sigurno ima negsje, ali ne mogu naci postupak kako da iskopiram iz ispravnog, pa ako moze mala pomoc.

Može li neko testirat transfer preko WLANa? Nakon zamjenjenih kartica (Edimax EW-7711USn) i novih Windowsa, transfer s jednog na drugo računalo je ~1.2MB/s.

Da nije negdje ostalo upaljeno na 802.11b?
Mozda isto biti jos jedan uzrok tome u ruteru, ali sumljam da je to toga (prekomplicirano za objansit).

http://www.pohrani.com/t/3y/ZJ/4DhT1rBm/untitled.jpg

E da proba san i ADHoc ako išta znači, još su gore brzine :(

A nisi od jućer, snimi koje wireless kanale koriste susjedi i vidi na kojem su najslabiji. Tog najslabiješ odabereš da koristi router, preferiraj 1 - 6 - 11 ili čak 13.

A nisan, ali u krugu od 1 km nema niko net, a ne wireless

Onda prijavi ispravno selo a ne se skrivat pod Split :D