7 Replies

  • If the system is an "SL" type, and the installer didn't change the default login, try:

    • "sltech" with password "12345678"
    Pepper graySpice (1) flagReport
    1 found this helpful thumb_up thumb_down
  • Take advantage of what the hacker used:

    https://secalerts.co/vulnerabilities/nec/sl2100_firmwareOpens a new window

    https://nvd.nist.gov/vuln/detail/CVE-2019-20029Opens a new window

    Specific model number might help for default creds before we go too crazy. If it was a smart hacker, they changed the creds and updated firmware. Lucky that most script-kiddie hackers aren't that clever.

    Otherwise, nuke from orbit, update the device, and let Verizon set it up. Change the password when done.

    Was this post helpful? thumb_up thumb_down
  • jarmbrister​ sltech ?  Googling, I thought the highest login is ADMIN, then I was able to get in with ADMIN1 and ADMIN2 (default passwords), but those aren't highest.

    ADMIN is higher and I tried the default for that 6633222   didn't work.

    Then I find out that the highest (as told to me by a guy at NEC ) is tech.

    But then there's also / instead - sltech  ??

    Only ones I can get in with are ADMIN1 , ADMIN2 and USER.

    enyr0py​  Thanks! I checked those pages.  only ones I knew what to do with was the blank user / password.  didn't work.  Tried the account names above and didn't work.

    Then the other that talks of a  A specially crafted HTTP POST  but i didn't find an example to try : (

    I am trying these on the web interface.  That'll get the same results / all would work on the PC Pro as well as web interface?

    ANd the box has 2 IP addresses, both give the login screen.  Doesn't matter which IP to use?

    It's an SL2100 with 2 082U-B1 cards.

    Was this post helpful? thumb_up thumb_down
  • sltech is basically the installer level login. Has access to all areas.

    Was this post helpful? thumb_up thumb_down
  • Odds are nothing was hacked. More likely voicemail options are enabled that allow a knowledgeable attacker to simply gain outside dial tone from within someone's voicemail. Changing providers will not resolve that.

    Was this post helpful? thumb_up thumb_down
  • LookingToAlwaysLearn wrote:

    The company that put in the system / the VoIP provider disabled the phone service because of that.

    This could be a violation of the law. Phone service is heavily regulated.

    LookingToAlwaysLearn wrote:

    Somehow the church doesn't have a maintenance agreement on the system (anymore? ever?) and the local company wants 1K to help get their phone service going again.

    Churches are horrible customers. They fail to realize that they are still a business and that they need to pay for services. I will never take a church as a client because of this.

    LookingToAlwaysLearn wrote:

    They are asking me - I take care of their PCs / computer network - if I can help.

    I know just a little on VoIP.

    See, they refuse to pay a simple fee to the company that actually knows everything, and are trying to get you to do it. Are you billing them at emergency call out time and material rates? If not all you are doing is losing money yourself.

    Was this post helpful? thumb_up thumb_down
  • Jared Busch​ Thanks.  Personally, this church has been one of my best / longest clients.  

    As for refuse to pay a simple fee - it was around $1K. Not sure how simple that is to you.  I am getting the info 2nd hand, but they supposedly had a maint. agreement.  But a previous pastor supposedly cancelled it.  I don' t know the background on that / why they did that / if it was their decision to make.

    But the phone company not reaching out to treasurer when that was cancelled and turning down requests to get back on the maint agreement because the church views that it was cancelled in mistake... I put the 'blame' on this phone company (that I heard 2nd hand nothing but negative things).  And on principle, I'd get away from that company ASAP.  Short term interest in some $$ but will lose out on long term maint agreement $$.

    Emergency rate? They haven't had phones for 2+ weeks.  so this is at regular rates when I work on it during the day.  And being a church, as well as I feel for myself and other clients... I don't want to overcharge / don't want to be overcharged.  I'm trying to help them to save them money, learn things, increase stickyness with them... and stick it to the phone company.  As it is, they wound up paying the phone company.  Not sure if they will have the interest to find another firm though.  (when I say phone company here, that's the local company that set up the system.  

    The church wound up going back to Verizon for the voip service.

    That said, I HAVE shot myself in the foot trying to save myself money (in general, not just IT things).

    And I am a 1 man shop.  I abhor beaurocracy / committees.  Just tell me what needs to be done. I don't want to sit around with others to discuss things.  So I don't know all that went on with deciding to drop the maint agreement or anything like that.

    Was this post helpful? thumb_up thumb_down

Read these next...