Tuesday, November 14, 2006

Shell script to recover ADSL passwords

The following shell script will assist you in recovering an ADSL user name - password pair stored in an ADSL router. The script was tested to run on Knoppix 3.2 and 4.0 and should work on other distros as well. However, the devices that can be used with the script, I leave it for you to experiment with :)

Just copy the script to any file, lets say adsl.sh in your $HOME directory, then execute the following commands to run the script (i.e., give it execute permissions and run it!).

$ chmod +x $HOME/adsl.sh
$ $HOME/adsl.sh ipaddress username password

(If you are already in your home directory, just use chmod +x adsl.sh followed by ./adsl.sh)

The parameters of the script are,

ipaddress - Ip address of the router
username - Router configuration user name
password - Router configuration password

For example,
$ $HOME/adsl.sh admin mypass

(where admin and mypass are the router user name and passwords respectively)

If in case you don't know the user name and password of the router configuration, then look it up in the manual pages of the router. The default values for user name and password for most routers are both 'admin'. So try your luck!

That's it. The script will try to download the configuration and match the lines with user name and password in it.

Enough story, here follows the shell script.

# ADSL Router Password Recovery Shell Script
# Copyright (c) 2006 by Ubercoder.
# www.ubercoder.blogspot.com
# Freely (re)distributable.

echo "adslpwd Shell-script by ubercoder, www.ubercoder.blogspot.com"
echo ""

echo "#!/usr/bin/expect

spawn telnet $1

expect {*ogin:}
send \"$2\r\"

expect {*sword:}
send \"$3\r\"

expect {*\-\>*}
send \"console enable\r\"

expect {*antum*}
send \"fm\r\"

expect {*antum*fm*}
send \"cat im.conf\r\"

expect {\#\send}
send \"home\r\"

expect {*antum*}
send \"exit\r\"

expect {*\-\>*}

send \"user logout\r\"

" > /tmp/adsl_tmp.sh

chmod +x /tmp/adsl_tmp.sh

echo "Downloading configuration..."
/tmp/adsl_tmp.sh > /tmp/adsl_tmp.tmp

echo "Done."
echo ""
set `cat /tmp/adsl_tmp.tmp | grep weLoginName`
echo "Username: $3"
set `cat /tmp/adsl_tmp.tmp | grep weLoginPassword`
echo "Password: $3"

If the script proved helpful to you, please do post the manufacturer and model name of the router, as well as the name of the ISP if possible, as a comment to this post. It will be helpful for other users. Thanks!


Anonymous said...

Any script to extract the password of the router itself. I have a router/modem whose password has been set by the ISP and i cant access it I own the router/modem and i am no longer using the services of that ISP.

ubercoder said...

The default user/password for most routers are admin/admin. Try that first. If it doesn't work and now that you don't use the services of that ISP and don't need their settings, try resetting it.

You should be able to reset it by using the reset button on the back of the router. If you can't find it, try searching on Google with manufacturer/model name. You'll find the manual.

After resetting, you will be able to login with admin/admin as user/password and reconfigure it for any other ISP.

Anonymous said...

Have already tried all that.The ISP has locked it with a password which it doesnt want to reveal.

stalker said...

Can you post the router manufacturer name, model name?

kabir said...

can i know how to use this script in windows
i know nothing about scripts

ubercoder said...

Nop. U cant use this on Windows. Shellscripts are to be used on Linux/Unix only.. Try some live CD distribution such as Knoppix or Ubuntu.

S!TRiX said...

ur script worked just fine with my ADSL modem...
but today i went over to a friends place and tried out the script.. and then tried to manually do what the script did...

unfortunately, console enable didnt work and was not recognized.. however it recongnized the command 'sh' and took me to the BusyBox linux shell...
i did an echo * and got these directories...
bin dev etc lib linuxrc mnt proc sbin usr var webs
now what do i do? where to find the im.conf file?

the router is BCM96338 ADSL Router...

ubercoder said...

Hi S!TRiX, sorry for the delay in replying, I was out of station for a week.

It seems that the command set that your router uses is different.

Try to print the contents of the file /etc/network/interfaces

Also try these commands
nvram get ppp_passwd
nvram get ppp_username

Let me know if any of these work. Please send me a copy of the complete screen output (text/shot) to my email, if you would like me to try to add support for your router in the next version.


S!TRiX said...

this modem has encrypted conf files...
how do i decrypt them?