Hacking Old Hardware: 3com 1100
Wow, I never, ever thought I’d need to hack into some old networking hardware. Sure enough, I find myself sitting here with a 3com Superstack II 1100 in my lap without the administrator password.
Did you know you can find a TON of useful information on the internets? Or “tubes” or “interwebs” or just plain old “Internet”. Whatever term you fancy, I found the “backdoor password” (see: http://en.wikipedia.org/wiki/Backdoor_%28computing%29) to this 3com SuperStack II 1100. I knew the networking IP scheme cause it was the scheme I set up for a previous employer (10.0.0.xxx) but still didn’t know the IP addy of the switch.
There is a program out there called SuperScan. It is a port scanning tool used by security professional and script kiddies alike. The current version of SuperScan is 4.0. Avoid SuperScan 4.0 like the plague; it is horrible. I use and recommend SuperScan 3.0 (which you can download at http://www.johndball.com-a.googlepages.com/programs-superscan3.rar) If you don’t know how to open a .rar file then you shouldn’t even be messing with a networking switch anyway.
Once I located the IP address (10.0.0.226) I accessed the web-based management utility using Firefox. Well there is where a search engine, like Yahoo or Google, is a HUGE help. I came across http://www.torontotechcenter.com/defaults_1.html and found that this switch could use “manager” and “manager” for the username/password. Sure enough the “backdoor” account worked as the default username and password weren’t change and voila! I was in! 
Leave a Reply