Explain the challenges of reading /etc/passwd and /etc/shadow
The ZyXEL B10B (VMG3925-B10B) is an all-in-one ADSL/VDSL router with dual band, 2.4G and 5G WiFi, 4 Gigabit network ports and a separate WAN Ethernet port. AAISP started supplying these in March 2018
*4x 10/100M/1000M ports.
*Modem supports VDSL (FTTC) and ADSL/ADSL2.
*WiFi is 2.4GHz and
5Ghz, 802.11b/g/n, 802.11a/n/ac
*MTU 1500 when in bridge mode not possible yet, but we are working with ZyXEL on this. (2018-03)
*VDSL (FTTC) or ADSL as a bridging modem to a third-party PPPoE router (e.g. FireBrick).▼
VDSL (FTTC) or ADSL as a bridging modem to a third-party PPPoE router (e.g. FireBrick) .
==Factory Default Admin Username/Password==
The B10B has an autogenerated supervisor password (hashed from the serial number). Earlier models left a md5crypt type hash in /etc/passwd, however firmware AAVF.10
introduced these being stored in /etc/shadow. You may have some success reading this file by logging into the router as the "admin" user via SSH. You will need to crack the hash ( eg with hashcat), the password will be 8 characters long using characters 0-9,a-f (lower case)