Author Topic: Hacked Express Messenger  (Read 5002 times)

Offline jp0013

  • Contributer
  • *
  • Posts: 20
  • Country: us
  • Karma: +0/-0
    • View Profile
Hacked Express Messenger
« on: January 30, 2014, 10:11:14 AM »
One of my customers, a small university, is in the process of reviewing bids (including ours) for a new PBX. In the meantime, we still have this SX200 to maintain.

System hacked, int'l calling outbound through VM, 0 rerouted to an off premise phone number and admin password changed.

We don't really have any guys who can work on these anymore, so here I am scouring Google for a backdoor password. I found the technician password info, but as far as any instructions on how to reset the admin password through that avenue, I'm at a loss.

Can someone give me any assistance? PM is okay.



Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Hacked Express Messenger
« Reply #1 on: January 30, 2014, 10:18:12 AM »
Log into the admin mailbox with the (all 9s) mailbox.  From there you can change the other passwords.
I would suspect though that the hack came either in the 0 box or another.   
Best thing to do is to block the VM ports from dialing out via COR.

Ralph

Offline jp0013

  • Contributer
  • *
  • Posts: 20
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Hacked Express Messenger
« Reply #2 on: January 30, 2014, 10:25:18 AM »
Log into the admin mailbox with the (all 9s) mailbox.  From there you can change the other passwords.
I would suspect though that the hack came either in the 0 box or another.   
Best thing to do is to block the VM ports from dialing out via COR.

Ralph

when I log in to 999 though, I have no idea what that password is. I've tried 0000, 9999, 1111, 1234, etc. I suspect it was changed in the attack...

Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Hacked Express Messenger
« Reply #3 on: January 30, 2014, 11:52:49 AM »
Yes.  Those aren't it.
I can't post passwords publicly so I'll PM you with them.

Ralph

Offline piceansun

  • New Member
  • *
  • Posts: 2
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Hacked Express Messenger
« Reply #4 on: December 05, 2016, 08:07:44 PM »
Our office voice mail has been hacked and I found this string about resetting the administrative password.  Everyone is getting a message that their voicemail passwords are invalid.  Tried the admin and getting the same.  Phone company called and said long distance calls are going out.  Blocked the line but need to get into our system.  Any help would be appreciated.  Thank you, Dawn

Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Hacked Express Messenger
« Reply #5 on: December 06, 2016, 08:18:58 AM »
You're probably going to have to log into it via a terminal as see whats going on.
I'd suspect that the entire voice mail set up was deleted and you're going to have to recreate it.
Be sure to change the default passwords so it's not so easily hacked.

Ralph

Offline piceansun

  • New Member
  • *
  • Posts: 2
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Hacked Express Messenger
« Reply #6 on: December 06, 2016, 12:18:15 PM »
Hi Ralph,  In reading the old manuals last night I was able to figure out that they changed the length of the passcode (PC) but not any of the PC themselves.  That seems odd but maybe the system won't let you change a PC from a remote/international phone #.  We can get into our voice mail and can change the PC for our individual voice mail boxes.  I got into the administrator but cannot change that PC or even the length of the PC's.  All 3 options in that area say my selection is invalid, so it's blocked somehow.  This morning I checked the admin area for setting box parameters thinking a there might be something to select to prevent the admin PC from being changed, but didn't find anything there.  So I tried to get into editing a box but the #'s I thought would be box #'s get the same answer, invalid selections.  If you have any direction you can point me in I would really appreciate it.  Thank you!


 

Sitemap 1 2 3 4 5 6 7 8 9 10