一个朋友拿了一台无线路由器,让我帮他找到用户名和密码,网上的文章不是太简洁,于是有了本文。
一、安装mpd:
FreeBSD下的mpd简直就是拨号的神器,能做客户端,也能做服务器端。
二、配置mpd,让它接收PPPoE拨号,其实根本不麻烦,直接把/usr/local/etc/mpd5/mpd5.conf.sample复制一个mpd5.conf,然后修改一下pppoe_server和default就可以了,共五行,分别是:
1、设置默认的段;
2、去掉radius,否则会报错;
3、设置pppoe_server名为"*",否则客户端的包过不来;
4-5、设置接入的网卡,共有两处;
-
# cat mpd.conf
-
startup:
-
# configure mpd users
-
set user foo bar admin
-
set user foo1 bar1
-
# configure the console
-
set console self 127.0.0.1 5005
-
set console open
-
# configure the web server
-
set web self 0.0.0.0 5006
-
set web open
-
-
#
-
# Default configuration is "dialup"
-
-
default:
-
load pppoe_server
-
-
common:
-
# Enable multilink protocol
-
set link enable multilink
-
# Set bundle template to use
-
set link action bundle B
-
# Allow peer to authenticate us
-
set link disable chap pap
-
set link accept chap pap
-
set auth authname MyLogin
-
# Set inifinite redial attempts
-
set link max-redial 0
-
set modem var $DialPrefix "DT"
-
set modem var $Telephone "1-415-555-1212"
-
set modem script DialPeer
-
-
pppoe_server:
-
#
-
# Multihomed multilink PPPoE server
-
#
-
-
# Create clonable bundle template
-
create bundle template B
-
# Set IP addresses. Peer address will be later replaced by RADIUS.
-
set ipcp ranges 192.168.0.1/32 127.0.0.2/32
-
-
# Create link template with common info
-
create link template common pppoe
-
# Enable multilink protocol
-
set link enable multilink
-
# Set bundle template to use
-
set link action bundle B
-
# Enable peer authentication
-
set link disable chap pap eap
-
set link enable pap
-
# load radius
-
set pppoe service "*"
-
-
# Create templates for ifaces to listen using 'common' template and let them go
-
create link template em0 common
-
set link max-children 1000
-
set pppoe iface em0
-
set link enable incoming
三、启动mpd,让PPPoE服务器接收拨号:
-
/usr/local/etc/rc.d/mpd5 onestart
四、抓包,找到带“Name”的那行,就是用户名和密码,本文示例用户名为:csh,密码为123456:
-
# tcpdump -ani em0 pppoes
-
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
-
listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
-
18:09:07.901865 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 1, length 37
-
18:09:08.942933 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 147, length 26
-
18:09:08.943601 PPPoE [ses 0x4a] LCP, Conf-Reject (0x04), id 1, length 12
-
18:09:08.943726 PPPoE [ses 0x4a] LCP, Conf-Reject (0x04), id 147, length 8
-
18:09:08.943996 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 2, length 22
-
18:09:08.944447 PPPoE [ses 0x4a] LCP, Conf-Request (0x01), id 148, length 24
-
18:09:08.945266 PPPoE [ses 0x4a] LCP, Conf-Ack (0x02), id 2, length 22
-
18:09:08.945282 PPPoE [ses 0x4a] LCP, Conf-Ack (0x02), id 148, length 24
-
18:09:08.946030 PPPoE [ses 0x4a] PAP, Auth-Req (0x01), id 1, Peer csh, Name 123456
-
18:09:08.947405 PPPoE [ses 0x4a] PAP, Auth-NACK (0x03), id 1, Msg Login incorrect
-
18:09:08.947938 PPPoE [ses 0x4a] LCP, Term-Request (0x05), id 3, length 6
-
18:09:08.948400 PPPoE [ses 0x4a] LCP, Term-Request (0x05), id 149, length 6
-
18:09:08.948733 PPPoE [ses 0x4a] LCP, Term-Ack (0x06), id 4, length 6
-
18:09:08.949086 PPPoE [ses 0x4a] LCP, Term-Ack (0x06), id 3, length 6
-
^C
-
14 packets captured
-
29 packets received by filter
-
0 packets dropped by kernel
五:提醒:
1、别干坏事!
2、复制本文mpd.conf配置会无效,原因是mpd.conf要求除了段名外,每行前面都要有空格,而本博客编辑器会把前置空格吃掉,具体格式看系统自带的示例。
----end----
阅读(7198) | 评论(0) | 转发(1) |