WIXB-175 (Clear Series G) telnet enable

[Lokkju Brennr]

I've posted some fun info at
http://code.google.com/p/wimax-hacking/wiki/WIXB175MiscNotes

The primary thing though is that you can enable telnet pretty easily...

- load up TamperData?, Charles, or some other tampering proxy
- log into the device and change the Basic->Device Name to FOO
- in your tampering proxy, change FOO to <!--#exec cmd="fw_setenv
factory 1" -->
- in your tampering proxy, look for a GET request that has a "page"
parameter, and change it's value to "../../etc/hosts"
- the command will be run, and you should see your results
- reboot, and you can telnet right in.

I'll be releasing a script at some point to automate this.

Loki

[Daniel Hückmann]

Excellent work Lokkju.

Daniel Hückmann - Sophsec Intrusion Labs - Silicon Forest (PDX)
--------------------------------------------------------------------------
http://www.google.com/profiles/sanitybit
http://twitter.com/sanitybit

> --
> You received this message because you are subscribed to the Google Groups "wimax hacking" group.
> To post to this group, send email to wimax-...@googlegroups.com.
> To unsubscribe from this group, send email to wimax-hackin...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/wimax-hacking?hl=en.
>
>

[Gilbert Doños]

sir question: can I also do this to a remote WIXB-175 modem and is it still working?? thank you in advance :)

[Gilbert Doños]

sir quick question; does this trick still work now? and can I do this to a remote wixb modem because your tutorial is all about LAN connection... can I do the same thing in a WAN connection?? thank you in advance :)