Here's, what I have found or done.
The modem is a Gigaset SX682 Wimax manufactured by Sagem.
The web interface has no default pass but quite a long time back
W1m@xm0deM was the default password for the web interface.
There is no way to update firmware from the user side, I can't change
anything useful from the web interface. The Authentication is done via
username and password that you get when you register.***
I got shell access (yaaay!!!) (hopefully, running linux :-p )
The default username and password is admin and W1m@xm0deM
http://imageshack.us/photo/my-images/6/qubeeup1.jpg/
From the looks of it, it's for maintenance.
I can spoof mac, change the default DNS and basically do all sorts of
crazy stuff.
The modem runs using sequans chipset.
Here's the really awesome part. Pictures are louder than words. :-p
http://imageshack.us/photo/my-images/135/qubeeup2.jpg/
http://img839.imageshack.us/img839/7747/qubeeup3.jpg
It looks like I can sniff, spoof and get all sorts of incredible wimax
data using this cbe command, that controls the sequans chipset.
That isn't even the best part.
The best thing is, every modem from the company has port 39 and port
53 open to the internet. And, port 39 is the port for that maintenance
shell thing. It's nowhere in the crappy 15 page manual (the pages are
really tiny, btw). I did some research using my social engineering
skills and no one knows about this. Google says the same. I have tried
and succeeded in accessing every user's router through that with those
default user and pass and using that, I was even able to get the web
based interface running and I could access their router config via the
interwebs! I am pretty sure it's possible with all of 150,000 users
they have!
Future Projects (Or stuffs, I would appreciate help with)
1. Port Forward from the web interface ( I can't port forward for gods
sake! The shell allows it but I didn't check it as I speak)
2. Get other people's password. or use other people's internet.
(here's a few screenshots of what happens when I have had gotten a web
interface of someone's modem via the internet.
http://img204.imageshack.us/img204/8538/qubeeup4.jpg.
So, I can see the username but not the password.
Here's the Mac.
http://img713.imageshack.us/img713/6440/qubeeup5.jpg)
I can already see the username and mac. Only knowing the password
would do the trick. I have looked in the router using the shell, but I
can't even find it stored in an encrypted version but it should be
there. Or, I might need to get root to get that.
3. Most importantly, I need to find a way to use the maximum possible
internet speed and get past the download limit. Hopefully, solving my
second problem should do that.
Although, a few of my plans might look very black hat, but i am more
of a grey hat. My name is going on Apple's hall of fame for finding a
security vulnerability on their website. :) So, I am a certified white
hat. :-p
Anyways, I know I am far from root (assuming it's a linux box) But,
not bad for 2 day's work especially with no documentation. Let's hope,
tearing apart the modem would get me root.
Any follow up, help or even you guys being interested would greatly be
appreciated. Wimax is fairly new but we all know that it's the next
big thing. And, we are the only few hackers at the moment. So, you get
it, I would really appreciate any sort of help or reply or you can ask
me for any help as well.
Thanks,
Rahat Mahbub
***I don't think it's mac based cause I spoofed mac and got internet
access with it but again, I am not sure if it worked
P.S. Datarate limiting didn't work very well for the first few months,
when they were released. But, works damn good now! Curse them!
P.P.S I am from bangladesh and there are 2 WiMax compaies and I am using Qubee!
--
You received this message because you are subscribed to the Google Groups "wimax hacking" group.
To post to this group, send email to wimax-...@googlegroups.com.
To unsubscribe from this group, send email to wimax-hackin...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/wimax-hacking?hl=en.
I tried to use postpaid qubee tower modem in this way, but it doesn't connect :(
--
You received this message because you are subscribed to the Google Groups "wimax hacking" group.
To view this discussion on the web visit https://groups.google.com/d/msg/wimax-hacking/-/kGO44eJOkZ8J.
To post to this group, send email to wimax-...@googlegroups.com.
To unsubscribe from this group, send email to wimax-hackin...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/wimax-hacking?hl=en.
Diag set macaddr xxxxxxxxxxxx enter
hi
i am sirat
siratm...@gmail.com this is my mail address.
please any one help me to give qubee hack software.
--
You received this message because you are subscribed to the Google Groups "wimax hacking" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wimax-hackin...@googlegroups.com.
To post to this group, send email to wimax-...@googlegroups.com.
Visit this group at http://groups.google.com/group/wimax-hacking?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.