How to Extract PPPoE Password from ZTE F660
- Thread starter newsera
- Start date
- Replies 3
- Views 3,876
Odds are the PPPOE password is "Hathway@123"
In case that doesn't work for you, follow my instructions here to get telnet access on the unit:
broadband.forum
Then run
Another pro tip for finding interesting files/strings, which I used to hunt for the ppp connection details: Run this in telnet in the modem.
This will slowly output a list of files contianing your string to the console. Slowly hunt for things this way, no need to pay dubious telegram services for what you can do yourself easily.
Replace YOUR STRING HERE with whatever you wanna look for. Also keep an eye out for what files are and aren't "standard linux" or "standard busybox", usually with weird names or binaries or folders. They are suretell signs of yummy secrets and config options.
How to access telnet on ZTE ZXHN F660 v7.1
1. GitHub - douniwan5788/zte_modem_tools: tools for zte modem Download this and set it up it's a godsend tool. (You may need to change/remove the dependency version in the requirements.txt if you're using Python 3.11 or newer like me) 2. Run the command python3 zte_factroymode.py --user admin...
broadband.forum
Then run
cat /var/tmp/ppp/options.oe0 it'll show you your PPPOE username, and the hash (I think) of your pppoe password. From here it's up to you to crack the hash. I think it's MD5 because it's only 32 chars long but not sure. It says the max character length of the password is 16 chars too so thankfully we can set a max password length bound if you try to use john the ripper or hashcat on it.Another pro tip for finding interesting files/strings, which I used to hunt for the ppp connection details: Run this in telnet in the modem.
Code:
scan() {
for f in "$1"/*; do
[ -e "$f" ] || continue
case "$f" in
/proc|/sys|/dev|/tmp|/run) continue ;;
esac
if [ -f "$f" ]; then
grep -q "YOUR STRING HERE" "$f" 2>/dev/null && echo "$f"
elif [ -d "$f" ]; then
scan "$f"
fi
done
}
scan /Replace YOUR STRING HERE with whatever you wanna look for. Also keep an eye out for what files are and aren't "standard linux" or "standard busybox", usually with weird names or binaries or folders. They are suretell signs of yummy secrets and config options.
