Telus OCA IP Hijacking Being the first text I ever contribute to this zine, I am afraid that this information is already well-known to us Alberta/BC lads. However, for the ones who've been spaced out.. Our local telco, Telus, has been in this ADSL business for quite some time, and they have changed their rental equipment(i.e. ADSL modems for users): from Motorola CyberSurfer to Cisco 675e router, and then now 3com "HomeConnect" modem, which is by far the shittiest ADSL router in terms of stability. Anyhow, if you've been paying attention to our old k-1ine issues & HC articles, there is an sploit on hijacking IP addresses from your neighbours and etc. To prevent such activities, 3Com has come up with a new interface; http://oca.ab.hsia.telus.net The site lets users to log in and register their NIC's MAC address, and then issues IP address. (Before the IP you'd get is 10.xxx.xx.xx, etc) The problem now is with Telus(as always). They have this default password 'telus 99' or 'telus00'. They occasionally do, however, ask you to set the password for your account, but that's your TELUS account password (the stuff you put in on their lame ass webmail), NOT this oca site password. (I spent countless hours on oca site trying to figure out what da hell happened to my passwd) So what is it worth, you say? Well, not all residential ADSL users use 2 boxes. In fact, not all users are even aware that they get 2 IPs for what they're paying, which leaves us free IPs. If you're one of my type, lazy as hell, and don't wanna set up a router for 1 more IP, you might get away with another poor telus customer's IP. Who knows, you're never smart enough to set up a router so you just wanna steal other people's IP even if you have like 15 boxes running on your network. (why would any sane person do that?) * Loggin in: ------------- 1. go to http://oca.ab.hsia.telus.net (use nutscape, M$IE, Mozilla, whatever that's capable of Java; more on this later) 2. put in your victim's username and default passwd. 3. on Main Menu, go to "Manual Registration and Administration of PC's and Devices". 4. there, you see 2 text forms to put in your NIC's MAC address. Use the one that's empty (or something like 0:0:0:0:0). 5. click on 'submit' on the left frame and see the "Mac Address is registerd successfully" message. 6. go to #hackcanada @ irc.at0mix.net and let others know how 31334 you are.. and k-line .. ugh.. /* FYI "When a normal Mark Renton calls troubleshoots" ***********************/ *dials 310-tech* *listens to the e-slut rep's answering machine, presses 1, 2 for the high speed technical support* "Telus Technical support, Sickboy speaking." "Ugh.. my internet don't work" "okay, what's your username?" "David" (FYI, 'david' uses default passwd 'telus00') "Is the modem lights on?" "Ugh yes, its green lights are on" "okay Mr.Renton, could you please hold" *Sickboy trys to check the connection by connecting to Renton's ADSL modem* "The connection seems to be fine. Could you try 'winipcfg' and tell me what your MAC address and IP?" *Renton tells the MAC and IP* "Okay, it seems to be some other MAC address's been registered in our network. I will reset the password to your account, so that no more break-in would be possible" "Wow, thank you very much!" "No problemo, it's part of our telus high-speed internet service." /******************************************************************************/ * You don't want this happen to your poor Mark Renton. So don't delete the MAC address that's already filled in and put yours. IOW, use your common sense. ** interesting fact: If they issue an IP to your machine A, you can go back to oca.ab.hsia.telus.net and delete machine A's MAC address, and put in machine B's MAC address in the same field, register, and both machine A and B will have the connection to the net, until you reboot the machine. *** I have yet to figure out how to code in java or any scripting. Coders out there, you can write a script to pull out a list of users with the default password. - eth0 02/19/01