Password hacking

So I have this Norstar Startalk Mini that I have to get going, but we've lost all the Windows software (a real shame), and no one knows the administrator password. I connected the serial cable from the Startalk box to one of the Linux boxes under my desk, launched minicom on /dev/ttyS0 with 300 7N1 and voila: I got to see the box doing system startup tests.

At this point I tried sending some break signals, hoping to stop the box before it loaded the system software... but no luck.

I looked into minicom's internal scripting language, runscript. If you have minicom installed you should be able to just type man runscript to see the commands runscript will take.

When nothing worked for the admin password I decided to try to write a script to send from 1000 to 999999999, the range the phone apparently could take. I excluded having a 0 as the first number, though this was a possible password. Unfortunately my script doesn't seem to be working correctly. When I echo the output I don't see anything being sent, but the script does cause new Password: prompts to appear. Here's the script (yes goto - yuck):

# Password hacking script

verbose on
set password 1000
send " "
timeout 9999999999999999999

if password > 999999999 goto endloop

expect {
"assword:" send password
sleep 5

inc password
log password
goto mainloop