Untitled

Reading config...
Line:defaultHost=192.168.1.1
Line:defaultUsername=admin
Line:defaultPassword=admin
Line:defaultUpgradeFilename=
Line:defaultStartupVariant=DGA4130 AGTEF 1.0.3
Line:defaultFlashFirmware=0
Line:defaultFlashSleepDelay=120
Line:defaultConnectRetryDelay=5
Line:defaultInterCommandDelay=5
Line:variant=789vac v2 iiNet,Ping,dyndns.com,uci set dropbear.@dropbear[0].PasswordAuth='on';uci set dropbear.@dropbear[0].RootPasswordAuth='on';uci set dropbear.@dropbear[0].enable='1';uci commit;echo -e "root\nroot"|passwd;/etc/init.d/dropbear restart
Line:variant=789vac v2 Tiscali,Ping,dyndns.com,sed -i 's#root:/bin/false#root:/bin/ash#' /etc/passwd;uci set dropbear.@dropbear[0].PasswordAuth='on';uci set dropbear.@dropbear[0].Interface='lan';uci set dropbear.@dropbear[0].RootPasswordAuth='on';uci set dropbear.@dropbear[0].enable='1';uci commit;echo -e "root\nroot"|passwd;/etc/init.d/dropbear restart
Line:variant=789vac v2 iiNet Root Inactive UNO,Ping,dyndns.com,sed -i 's/off/on/' /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear;sed -i 's/0/1/' /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear;sed -i 's#root:/bin/false#root:/bin/ash#' /overlay/$(cat /proc/banktable/inactive)/etc/passwd;sed -i "1c $(sed 1q /etc/shadow)" /overlay/$(cat /proc/banktable/inactive)/etc/shadow;switchover
Line:variant=DGA4130 AGTEF 1.0.3,Ping,dyndns.com,sed -i '1croot:x:0:0:root:/root:/bin/ash' /etc/passwd;uci set dropbear.@dropbear[0].RootPasswordAuth='on';uci set dropbear.@dropbear[0].enable='1';uci commit;echo -e "root\nroot"|passwd;/etc/init.d/dropbear restart
Line:variant=DGA4132 AGTHP 1.0.3,DDNS,dyndns.it,sed -i 's#root:/bin/false#root:/bin/ash#' /etc/passwd;uci set dropbear.lan.enable=1;uci set dropbear.lan.RootPasswordAuth=on;uci commit;echo -e "root\nroot"|passwd;/etc/init.d/dropbear restart
Line:variant=DGA4132 1.0.3 Root Inactive,DDNS,dyndns.it,sed -i 's#root:/bin/false#root:/bin/ash#' /etc/passwd;uci set dropbear.lan.enable=1;uci set dropbear.lan.RootPasswordAuth=on;uci commit;echo -e "root\nroot"|passwd;/etc/init.d/dropbear restart;sed -i 's/off/on/' /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear;sed -i 's/0/1/' /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear;sed -i 's#root:/bin/restricted_shell#root:/bin/ash#' /overlay/$(cat /proc/banktable/inactive)/etc/passwd;sed -i "/option Interface 'lan'/s/.*/&\n\toption RootPasswordAuth 'on'/" /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear;sed -i "1c $(sed 1q /etc/shadow)" /overlay/$(cat /proc/banktable/inactive)/etc/shadow;switchover
Line:variant=DGA4130 1.0.3 Root Inactive,Ping,dyndns.com,sed -i '1croot:x:0:0:root:/root:/bin/ash' /etc/passwd;uci set dropbear.@dropbear[0].RootPasswordAuth='on';uci set dropbear.@dropbear[0].enable='1';uci commit;echo -e "root\nroot"|passwd;/etc/init.d/dropbear restart;sed -i 's/off/on/' /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear;sed -i 's/0/1/' /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear;sed -i 's#root:/bin/restricted_shell#root:/bin/ash#' /overlay/$(cat /proc/banktable/inactive)/etc/passwd;sed -i "/option Interface 'lan'/s/.*/&\n\toption RootPasswordAuth 'on'/" /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear;sed -i "1c $(sed 1q /etc/shadow)" /overlay/$(cat /proc/banktable/inactive)/etc/shadow;switchover
Authenticating
Authenticated OK
Sending flash command to modem

<!DOCTYPE HTML>
<html lang="en-us">
<head>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta charset="UTF-8">
    <meta name="CSRFtoken" content="083c852e1d507ee5830dfc601f3585756c0343c4e06c8f2bc5e14633481dc29f">
    <link href="/css/gw.css" rel="stylesheet">
    <link href="/css/responsive.css" rel="stylesheet">
        <link href="/css/TIM.css" rel="stylesheet">
    <!--[if IE 7]><link rel="stylesheet" href="/css/font-awesome-ie7.css"><![endif]-->
    <script src="/js/main-min.js" ></script>
    <!--[if lt IE 9]> <script src="/js/media-min.js"></script> <![endif]-->
    <script src="/js/srp-min.js" ></script>
    <title>Login</title>
</head>

<body>
  <div class="container">
        <div class="logo-technicolor">
        <!--<a href="http:&#47;&#47;www.technicolor.com" target="_blank"><img src="/img/logo.png"></a>-->
        <img class="timlogo" src="/img/TIM.png">
        </div>
        <div class="row">
      <div class="offset4 span4">
        <div class="login">
        <form class="form-horizontal">
          <fieldset>
                <h2>Sign in</h2>

            <div id="erroruserpass" class="alert alert-error hide">
               <strong>Invalid Username or Password</strong>
            </div>
            <div class="control-group">
                <label for="srp_username"><div class="label-icon">
                    <i class="icon-user icon-large"></i>
                </div></label>
                <input class="span3" type="text" placeholder="Your username" id="srp_username" value="admin" autofocus><br><br>
            </div>
            <div class="control-group">
                <label for="srp_password"><div class="label-icon"><i class="icon-lock icon-large"></i></div></label>
                <input class="span3" type="password" placeholder="Your password" id="srp_password"><br><br>
            </div>
            <!-- HIDE WARNING - NOT NOT USED IN DEFAULT CUSTO
            <div id="defaultpassword" class="alert alert-info hide">
                If you haven't changed it, the default password can be found on the sticker under your gateway (it's called <strong>"access code"</strong>)
            </div>
            -->
            <div class="pull-right">
                <a href="/" class="btn btn-primary btn-large">Cancel</a>
                &nbsp;
                <div id="sign-me-in" class="btn btn-primary btn-large">Sign in</div>
                        </div>
          </fieldset>
        </form>
      </div>
      </div>
    </div>
    <div class="row"><div class="copyright span12"><p>&copy; Technicolor 2015</p></div></div>
  </div>
<script>
$(document).ready(
  function() {
    var triesbeforemsg = 3;
    var tries = 0;
    var password = "";

    // Set the focus on the first input field
    $('form:first *:input[type!=hidden]:first').focus();
    // Handle press of enter. Could be handled by adding a hidden input submit but
    // this requires a lot of css tweaking to get it right since display:none does
    // not work on every browser. So go for the js way
    $('form input').keydown(function(e) {
        if(e.which == 13 || e.which == 10) {
            e.preventDefault();
            $("#sign-me-in").click();
        }
    });

    $("#sign-me-in").on("click", function () {
      $(this).text('Verifying');
      password = $("#srp_password")[0].value;

      //If the user has option legacy_salt, do migration
      var legacySalts = "";
      var userNames = "";
      var inputUsername = $("#srp_username")[0].value;
      var index = -1;
      var userNameArray = userNames.split(",")
      var legacySaltArray = legacySalts.split(",")

      for (var i = 0; i < userNameArray.length - 1; i ++)
      {
         if ( inputUsername == userNameArray[i] )
         {
           index = i;
         }
      }
      if (index >= 0)
      {
          //alert(legacySaltArray[index]);
          var hashObj = new jsSHA((legacySaltArray[index]+tch.stringToHex(password)), "HEX");
          password = hashObj.getHash("SHA-1", "HEX");
      }

      var srp = new SRP();
      srp.success = function() {
        // If we showed the login page using an internal redirect (detected
        // by checking if the URL ends with "/login.lp") then we simply
        // have to reload the page to get the actual page content now that
        // we're logged in.
        // Otherwise we explicitly go back to the main page.
        if (window.location.pathname.search(/\/login\.lp$/) == -1){
                    var curl = window.location.href
          window.location.href = curl.substring(0,curl.indexOf("#"));
        }else
          window.location = "/";
      }
      srp.error_message = function(err) {
      if(err == 403){
        $.get("login.lp", {action:"getcsrf"}, function (data){
          $('meta[name=CSRFtoken]').attr('content', data);
          srp.identify("/authenticate", $("#srp_username")[0].value, password);
        });
      }else{
        $("#sign-me-in").text('Sign in');
        $("#erroruserpass").show();
        $(".control-group").addClass("error");
      }
        tries++;
        if(triesbeforemsg > 0 && tries >= triesbeforemsg) {
            $("#defaultpassword").show();
        }
      }
      srp.identify("/authenticate", $("#srp_username")[0].value, password);
    });
  })

</script>
</body>
</html>

Authenticating
Authenticated OK
Splitting command up using semicolons
Sending command: sed -i 's#root:/bin/false#root:/bin/ash#' /etc/passwd
Sleeping...
Sending command: uci set dropbear.lan.enable=1
Sleeping...
Sending command: uci set dropbear.lan.RootPasswordAuth=on
Sleeping...
Sending command: uci commit
Sleeping...
Sending command: echo -e "root\nroot"|passwd
Sleeping...
Sending command: /etc/init.d/dropbear restart
Sleeping...
Sending command: sed -i 's/off/on/' /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear
Sleeping...
Sending command: sed -i 's/0/1/' /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear
Sleeping...
Sending command: sed -i 's#root:/bin/restricted_shell#root:/bin/ash#' /overlay/$(cat /proc/banktable/inactive)/etc/passwd
Sleeping...
Sending command: sed -i "/option Interface 'lan'/s/.*/&\n\toption RootPasswordAuth 'on'/" /overlay/$(cat /proc/banktable/inactive)/etc/config/dropbear
Sleeping...
Sending command: sed -i "1c $(sed 1q /etc/shadow)" /overlay/$(cat /proc/banktable/inactive)/etc/shadow
Sleeping...
Sending command: switchover
Sleeping...
Please try a ssh connection now to 192.168.1.1 with username root and password root (change password immediately with passwd!)  Rebooting your modem now is recommended to stop any services that have been disabled.