Hack bsnl broadband username and passwords
Bsnl Broadband continues to grow as one the most popular broadband services in India with high speed facilities of upto 2 mpbs. But a large number of users of this service are vulnerable to hacker attacks because discovering and hacking the vulnerable victims of this network is shockingly simple. If you are a Bsnl broadband user then immediately assess the security of your internet connection and take appropriate steps to secure yourself.
First lets see how simple it is to hack bsnl dataone broadband usernames and passwords. For this you shall need a ipscanner tool called Angry IP Scanner or nmap or anything similar. Angry ip scanner is a gui tool and is easy for newbies whereas nmap is more powerful and used by hackers.
Ok so lets begin...
Get your IP from : www.ipmango.com
Step 1 : Scan ip range for alive hosts
Start Angry IP scanner and goto options > ports. Type in 80 in the first ports textbox and click ok.
Then goto options > options ; in the display section select "only open ports" and click OK & Save.
Now on the main screen put in the ip scan range as something 59.*.0.0 - 59.*.255.255 (for e.g. 59.95.2.3) and click the start button. And the list that shall follow next are the victims. In this example we choose the range 59.95.0.0 - 59.95.255.255. You will be surprised at the number of victims you discover.
Portscan bsnl ip range using nmap
Nmap can also be used for the same task of host discovery. Here is a quick example for linux
$ sudo nmap --open -sS -sV 59.95.2.1/24 -p 80 -oG - | grep 'open'
"--open" to show only those hosts which have the specified port open. "-sS" for Tcp syn port scan. "-sV" to show the banner information of the http server running. "-p 80" to scan for port 80. "-oG -" for outputting in short greppable format. The output of nmap command is piped to the grep command to look for those lines which have the word "open" in them. This filters the nmap output and shows only those lines which have a open port 80 that is replying. sudo is necessary to run the program as root on ubuntu. If you are already root then sudo is not needed. Root privileges are needed for the Tcp syn method of port scan which uses raw sockets.
The equivalent command on windows would be
C:\>nmap --open -sS -sV 59.95.2.1/24 -p 80 -oG - | findstr "open"
output would be similar to this
C:\>nmap --open -sS -sV 59.95.2.1/24 -p 80 -oG - | findstr "open" # Nmap 6.01 scan initiated Tue Aug 21 23:16:15 2012 as: nmap --open -sS -sV -p 80 -oG - 59.95.2.1/24 Host: 59.95.2.184 () Ports: 80/open/tcp//upnp//Nucleus 4.3 (Huawei|Intracom ADSL router UPnP; Virata-EmWeb 6.2.0; UPnP 1.0)/ Host: 59.95.2.201 () Ports: 80/open/tcp//http//Allegro RomPager 4.07 UPnP|1.0 (ZyXEL ZyWALL 2)/ Host: 59.95.2.247 () Ports: 80/open/tcp//http//micro_httpd/ .....
A possible google dork can be
intitle:"ADSL Router" inurl:"http://59"
However it will not be very effective since broadband ip addresses are online for short time span like a day or so.
Step 2 : Connect to remote bsnl router
Pick the ip-address of any of them and open up your browser and type in http://59.*.*.* (the * should be replaced by the values from the ip you are using. A box will popup asking for username and password. Enter the username : admin and password : admin .There is a high chance that you will be able to login with that username and password.
admin-admin is the default username and password that is set while manufacturing the adsl modem devices.
What follows next is the modem administration panel.
Simply search for the "WAN" option and click it. On the next page you will find the username and password of that user. now right-click on the page and click view source. in Mozilla/Opera This frame -> view frame source
Now in the source code search for this :
INPUT TYPE="PASSWORD" OR <input name="connection0:pppoe:settings/password" value="password" id="uiPostPppoePassword" type="hidden">
and the value field of this input element will have the password in plain text.
If its not there as in case of D-Link DSL 502T ADSL Routers the search for this
<input name="connection0:pppoe:settings/password" style="" type="hidden"> or input type="hidden" name="connection0:pppoe:settings/password" value="password" id="uiPostPppoePassword"
and the value field will have the password. Well each steps take less than 1 minute. Some newer adsl routers do not have the password in the input tag, but instead in the javascript code on the same page. So just view the source of the page and look for something similar to this
pppPassword.value = 'password';
So getting username passwords wont take even 2 minutes and is easier than sending a mail. And this exposes the weak security of bsnl broadband users.
Well this is not a weakness but more of a mis-configuration which leads to insecurity. If you understand networking then you would probably realise that it was merely logging into the remote administration service of the modem and nothing else. This was not really hacking but a simple search of victims who are absolutely ignorant of their weak security on the internet.
Most routers have an option where remote management can be disabled. In other words, you can only connect to the configuration interface from the internal network, not the WAN(Internet) side. You would definitely want to make sure remote management is not active to protect yourself.
Note : On SmartAX MT880 eventhough Remote Management is disabled , it permits remote logins from over the Internet. So change your mode administration passwords immediately.
The problem is that the professionals at Bsnl are ignorant of such simplicity of networking and unable to advise the users or guide them to take proper security measures leaving their customers and themselves absolutely unsecure.
Now lets check a few more options related to this issue. A bsnl broadband modem can be used in two modes.
1. RFC Bridged mode
2. PPPOE mode.
In the RFC Bridged mode the device behaves like a modem device that is attached to your computer and you use some dialup software to dial into the isp through this modem. This is PPPOE from the PC and the adsl device is a good modem. This mode is safer as the username password are on your pc and nothing is on the modem.
In the PPPOE mode the adsl device becomes a router - a distinct network device with many features enabled. In this mode the username password is stored in the modem which will dial to the isp and establish the internet connectivity. The computers will just connect to this router who would be their primary gateway. Now this is the mode where the risk exists.
If remote administration is enabled the remote users from the internet can login to this modems administration panel. Now the main problem is the default admin username-password which most users dont change due to ignorance. "admin-admin" is pair that works in most cases giving you full access to the modems internals. What follows next is simple as drinking a glass of orange juice.
Many users install firewalls and think they are safe, but they fail to understand that the firewall protects their PC not the "router" since the topology is like
(PC) -> Router -> Internet
How to secure your bsnl broadband connection
1. Use RFC Bridged mode if it is sufficient for you.
2. Change the default admin password of your adsl router/modem. This way even if your modem is discovered by hackers, they shall not be able to login into it.
3. Disable wan ping reply . ( this will prevent the hackers from directly discovering your pc when it is on the internet)
4. Disable remote configuration feature and remote logins of all kinds.
5. Check your broadband usage on a regular basis and compare it with your own surfing schedules to check whether someone else has used it or not. If suspiscious usage is indicated then immediately change your broadband password as well.
Spread the security awareness to your friends and other relatives who are using Bsnl broadband and encourage them to secure their internet connectivity.
Update - 09-11-2011
Bsnl has implemented a technique called Port Binding, which will bind a particular username to its phone number. Then that username will only work via that phone number. Hence the above hacking method will become ineffective.
Port Binding is slowly being implemented by Bsnl over all cities and soon would cover the whole Broadband network across the country, making it more secure.
Disclaimer : The information provided below is for educational purpose only. The author is not responsible for any misuse of the information and discourages any illegal use of it.
this is trap,they are trying to find cheaters.
Dear Friend,
I have got lot of username and passwords, but I could not able to use them. my ADSL modem says Authentication Error.
Is if the victm using the net, we can use at same time?
Please comment on this
[email protected]
Plz, stop whine if u are 2 incompetent.. Such as BIG letters, just takes the mood down..
i found the ip address but user name and password is incorrect the default password admin and user name admin is not working…….
please help me…….
i saw another site which just directly cut copy paste this article. and smack that idiot who said you did something similar to cyber crime. keep the good work up. those ‘tards (retards) forgot to read the disclaimer. and plus forget logging in via http, yeah many ISP migrated to port binding. just telnet into it. and get the shell which is mostly a uclinux shell, and type ps aux | grep ppp. and viola you have not only seen their dialing phone number but also you can use some masked password decrypter (de-salt) it and see the username and password. ;-)
sweet sweet telnet. so go to your login shell and type?
apt-get install telnet and then ? demo
Quantum config> print high ppp
Module ‘ppp’:
1 pppoe a1 0 35
1 attribute /txVci=35/rxVci=35/class=UBR/port=a1
1 autoconnect 1
1 welogin _busted hehe_ chap
1 enableprimarydns relay client
1 enablesecondarydns relay client
1 gateway local
1 lcpmaxterminate 2
1 lcpmaxfailure 3
1 echo every 20
1 enable
2 gateway local
3 gateway local
4 gateway local
5 gateway local
6 gateway local
7 gateway local
8 gateway local
Quantum> version
MT880 version V++busted++2 INDIA (May 17 2005)
BSP: R++dang++5 BSP v1.0 (ISOS 9.x)
CSP: Argon III CSP v1.0 (ISOS 9.0)
Quantum>
;-) well well, like we said, in IT industry we build digital fortress out of figament of imagination, then? one tiny wood pecker comes and bring down the entire civilization with one stroke. hehehe! dumb dummy me!
who is buying me beer and some marijuana? ;-)
oh the BSNL guy said its impossible to bust in? isnt it? all i did was inni minni minie moe picked up random IP and telnet and viola i am in. we didnt even use the high end techniques to break in. lol. man “BSNL joker”, please commit suicide. this is just a telnet attempt.
;-) lul lawl rawlf lool lolf :-p kbai
IP and other details were kept hidden to save this chap happily browsing online. :-p
YAAR I HAVE GOT THE USER NAME AND PASSWORDS BUT WHEN I CONNECT BY USING THEM IT GIVES ERROR 691:ACCESS DENIED BECAUSE USERNAME OR PASSWORD INVALID ON DOMAIN
PLZ HELP ME FOR THIS
my id [email protected]
Initially when BSNL started its broadband service Port binding was not enabled. They have done this some 2 years back in chennai.
I am sure that there is a way in by pasing this port binding which disables connection from other landlines other than the prescribed line for an User account. Security is made for someone to break it..which allows more innovation. BSNL will surely have a hole in its security..hope we crack it someday!
i used anil_52 but it is nt working nw a days … m in dataone multiplay system can anyone help me with anyother username whos password is password & work in dataone multiplay broadband….. help……….
can anyone send me username and password for bsnl broadband free use i badly need one espicially of yamuna nagar region or haryana my id is [email protected]
hi,,, prashant
the green dots found wiyh ip address i have to type those ip address in my browser
i cant hack can anyone send me password at [email protected]
please send me bsnl broadband password of unlimited plan at
[email protected].i have home plan 250 or 500 password but not ul.those who give me passwords and uesrname i will give home plan passwords.plz give me passwords plz.
if u r for wiewing somebody’s usage details and address etc, u dont even have to hack the u/n and passowrd… believe me… that bsnl site is so poorly designed.. i was using my own id/ pw and got into some other prsons usage page.. no typing mistakes, since i was copy pasting.. i could even see the address, phone no etc ..
CAN I BE CAUGHT USING THESE IDS
my ip starts with 117.x.x.x so i can’t open a ip in my browser. plz help me
hi prashant i mananged to get some ids and pass but the net speed just inceases a little and is same for all ids and pass do i have to configure any thing
plz any one who knows how to work these user id and passwords can add me on my yahoo id [email protected] plzz prashant send me some ids and passwords plzz
when i place the ip in the broswer how do i come know which is bsnl net or any other net
BSNL has not implemented port binding .. at least i have never found any userid portbinded.. I have checked the uerids and passwords and they work all well. I have even come accross some BSNL userids/passwords used by BSNL IPTV(perhaps) with multiple login possibilities and unlimited data transfers with speed whooping 8 MBPS giving almost instantaneous downloads.
ah..well…
I already knew the trick..
But will you tell me my friend how to check the account type after we have hacked it..I mean how to find out WHAT PLAN WE HAVE HACKED – BUISNESS/HOME or UNLIMITED ?
what a shock !!!! oh my god.. are these passwords working? how to change user id and password of the connection? this is illegal right?
You stupids… what the hell you people think you can do with the usernames and passwords? You can just check those people’s account usage or their bsnl mail account (which is not being used by a single person in tnis country up to my knowledge).
Congratulations to your great discovery….
oh oooo, now prashant its high time you remove this blog ASAP
hey when i try to put admin in id n pass admin then the error comes “Server unavailable. Local login failed.”
Can ne1 help?
Hi Prashant,
Can u help me overcoming the port binding sit.
hello samsoft,
plz give us the idea.plz share
those plz……thank u.
yeah portbinding kaise bandh kya jaiga????????plz help karo,….thank you
KYA BHAI KOHI BHI KUCH BATATE NEHI…HUMLOGO KA KAISE CHALEGA……KUCH TO HELP KARO…..AAP LOGO KA PAO PARTA HOON…..USAGE MANIPULATION KA KOHI TO UPAI BATAO…..MERA EMAIL HAI……[email protected]…………….plz help me…
Earlier I was able to use this facility eaisly . .
But now,
firstly, Angary IP scanner shows port 80 open on all ips under scan?
secondly, When i try to connect to any of these IPs . . it does not connects and after 2-3 tries the connection was reset appears on the browser window . . .
Can U help me with this problem Prashant . . .
what fucking port binding? BSNL sucks, its getting hammered by rookie hackers, this is an old trick, I know a fool proof trick to manipulate data usage limit, and I openly challenge if anyone could do this like me?? this blog sucks
hi yaar plz plz plz send me some broadband usernames and passwords
to my email
for god sake plz
[email protected]
No one can hack bsnl accounts now.I am the broaband area manager.Soon we will have 8mbps connections.PORT BINDING IN ALL CITIES NOW!
Try and hack us!
hello samsoft, u tld about new ideas……….what r those????? please share those……….thank you.
hai friends dont worry about that, for past 3 months i hacked the accouts it is working until the past week after but know bsnl had upgraded their network in such a way that accounts are port binded noe they are upgrading to all cities .so i will come up with new hacking idea in such a way that good result for all
for gods sake remove this post, u cant post such a thing openly here in some blogs.. i hope u remove this very soon, before many come to know about this
Thanks for this info , this is a major security laps in BSNL’s setup. If I can hack into your router , what’s going to stop me from doing anything else . Thankfully 90% of all ID’s are bound to the telephone number . There is a neat tool called
ActMon Password Recovery XP . You just drag the cursor on the password field and it revels the password .
http://www.actmon.com/password%2Drecovery/
this is a major security laps . I have sent an email to all the hacked account holders asking them to disable the router remote administration , change the router password , disable DHCP and enable firewall on their router . BSNL WAKE UP !!!!!!!!! HOLY Smokes !!!!!!!!!
Hi Prashant
It’s so nice that i’m totally shocked. But i cant use that username id for accessing the internet, is their any trick for that.
Thanks
Regards
Kashif
hey prasshant..i tried doing all thhis but it didnt work…when i paste da ip address in da browser..it doesnt wrk…instead u send me sum usrnam n pwds on my mail id…[email protected]…plzzzzzz
thanku
HAKIN BSNL IS JUST A MYTH NOW
Hey you all guyz freakin on to squeeze out bsnl, let me tell you one thing clean and clear that you cannot use others userid and password whereever BSNL has upgraded its network systems…………
And as far as my awareness portbinding has totaly halted the misue of userid system…………
moreover if you a get a user id pass of any person of the same domain you can still just spred it like a papparazi and could do nothing more…………
yes you can do only one thing you can subscribe for games and services provided by the BSNL or its associates and there you can jot down the userid and pass of that haked account and the bill will be adjusted for the telephone that has been issued that userid and password………
ENJOY….
Kick the looserz man……
I HAVE GOT THE USER NAME AND PASSWORDS BUT WHEN I CONNECT BY USING THEM IT GIVES ERROR 691:ACCESS DENIED BECAUSE USERNAME OR PASSWORD INVALID ON DOMAIN
PLZ HELP ME FOR THIS
Hi Prashant…..
i m bsnl bb(rs.250 plan) user frm kolkata…..the problem is……..
connections cant be done with my frnds id/pw(rs.250 plan) from my compu…….when they are offline……….my id/pw is working…….plz tell me the reason……i will be grtful to u…
hi frenz..
plz help me !!! plz tell me how 2 use the RFC bridged mode??? n not being able 2 check my account usage n nor being able 2 change the password…wen i enter my id and passsword in dataone site..the next page doesnt open, it just displayz cannot find…however i use d same id and password 2 conect 2 d internet…plz help !!! my a/c has recently been hacked
Hi friends,
My friend in Guwahati got a whopping bill. His a/c usage is showing heavy downloads at odd hours. Obviously his a/c was hacked and misused.
Is there a utility that can show the IP addresses of the usage? It will be very helpful to convince the BSNL folks of the a/c misuse.
I wonder how they can allow user a/cs to be hacked. What if some anti-nationals were to use this hacking? Surely, there must be a way to track down the culprits.
Best,
Hahaaa…. what a bunch losers.. you guys are soooooo late into this shit.
Why the hell do you think BSNL enabled port binding, cause they knew about these flaws, instead of worrying their customers about the security issues, they preferred to enable port binding on all broadband lines so that a particular connection works only for that respective line.
So ya go ahead and take a “victims” ID and password, but dont forget to take his landline as well…. ROFL LMAO
But this is just the tip of the ice berg…. there is a whole lot more loopholes in the system that you can imagine,…. keep trying kiddies…. hehe :) :)
hiee..
i paste the ip address in browser
but doesnt show any popup window..
HEY I NEED A ID AND PASSWORD SOME ONE PLZ HELP ME????. PLZ MAIL IT TO [email protected]
thank’s and regards,
Manikandan.s
:):):):):):):):):):)
hey u havnt told how do i stop this i mean u said that “change the password of ur modem” but havnt told “procedure for changing d password”!! i search(google) a lot on this but not got anything!!
plz tell me d procedure as well!!!!
thanking u!!
mail me on [email protected]
hey man i have founded various username and passwords but i am not able to log in from my connection plz hlp and also tell me is the trick still working at [email protected]
And same is working for other ISP’s also.. like Airtel and sify as all the ISP set the ADSL router to default password which is a major security flaw.
Hi Parshant,
Its working yaar…I have breaking into 8 boxes
Its really a major security flaw in BSNL and we hv to spread this knowledge to all the BSNL users.