Re: Nortel Contivity password

From: Jon Hart (
Date: 09/06/03

  • Next message: Jonathan Bowman: "Re: Using brute force to test Sendmail passwords."
    Date: Fri, 5 Sep 2003 19:08:54 -0400
    To: Jim Brezicky <>

    On Fri, Sep 05, 2003 at 03:49:00PM -0000, Jim Brezicky wrote:
    > Good Morning all,
    > I rccently changed the admin password on my Nortel Contivity 2600, well as
    > luck would have it I must have written it down wrong.
    > Does anyone know if it's recoverable, and if so how. I've checked the web
    > and haven't been able to find anything so far.
    > Any tips or suggestions would be greatly appreciated.

    I was in a similar position a while back, but not with a Nortel Device.
    The root password to a very important machine got changed, but it wasn't
    remembered by the admins correctly. There was no easy physical access
    to the machine and ssh was the only way of connecting remotely.

    Since I was the one who fudged the password, I had a reasonably good
    idea of how I could've screwed up. I tossed together some quick perl
    and expect code, and I was in relatively quickly.

    Basically, the perl code, given a list of possible mistypes for each
    character in the password, will enumerate all possible passwords. These
    are then piped to the expect script, which attempts to connect to the
    remote machine and run 'id'.

    Since your device doesn't have SSH access, you'll have to cobble
    something together to pipe the possible passwords to the web interface.

    I'm attaching the scripts I used to this mail. Sure, they are ugly and
    hackish, but drastic times call for drastic measures :)

    Good luck,



    Captus Networks
    Are you prepared for the next Sobig & Blaster?
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Precisely Define and Implement Network Security
     - Automatically Control P2P, IM and Spam Traffic
    FIND OUT NOW - FREE Vulnerability Assessment Toolkit

  • Next message: Jonathan Bowman: "Re: Using brute force to test Sendmail passwords."