Hacking DSL Router
Posted by Gautam Aggarwal on Saturday, December 08, 2007
This tutorial will explain to you how to hack someone's internet account through his router. This hack is based on a security exploit of the router's default password and the stupidity of the user.
Explanation: When somebody buy's a xDSL/Cable router, the router is set to factory defaults like IP range, user accounts, router table, and most important the security level. The last one we will exploit. Most routers will have a user friendly setup menu running on port 23 (telnet) and sometimes port 80 (http) or both. This is what we are looking for.
Step 1.
Get a multiple IP range scanner like "angry IP scanner".
Get your IP address from here:
http://http://www.cmyip.com/
Get a xDSL/Cabel user IP range. This is a single user IP 212.129.169.196 so the ip range of this Internet provider is 212.129.27.xxx most likely it will be from 212.129.27.1 to 212.129.27.255 . To keep your scanning range not to big it's smart to scan from 212.129.27.1 to 212.129.27.255 it also depends of your bandwidth how fast the scan will be finished. The IP address above is just a example any IP range from a xDSL/Cable provider can be used for this hack. Before you start scanning specify the TCP/IP ports, you know that we are looking for TCP port 23 (telnet) and TCP port 80 (http), so edit the list and select only port 23 and port 80. Now start scanning and wait for the results. When finished scanning look for a IP that has a open port 23 and 80. Write them down or remember them.
Step 2.
Way 1
This is important: Most routers have connection log capability so the last thing you want to do is making a connection with your own broadband connection so use a anonymouse proxy server or dailup connection with a fake name and address (56.9kbps modem for example) when connection to the victim's router. Now get a telnet program. Windows has a standard telnet program just go to start, select run and type down "telnet" without ", click OK. Select "connect" than "Remote system" enter IP adres of the victim in the "host name" field press OK. Wait for your computer to make a connection. This way only works when the router has a open telnet port service running.
Way 2
This is important: Most routers have connection log capability so the last thing you want to do is making a connection with your own broadband connection so use a anonymouse proxy server or dailup connection with a fake name and adres (56.9kbps modem for example) when connection to the victim's router. Open a Internet explorer windows enter the IP address of the victim after the http:// in the address bar. This way only works when the router has a open hyper text transfer protocol (http) service running.
Step 3
Entering the userfriendly setup menu. 9 out of 10 times the menu is protected by a loginname and password. When the user doesn't change any security value's the default password stay's usable. So the only thing you have to do is find out what type of router the victim uses. I use this tool: GFILanguard Network Security Scanner. When you find out the type of router that's been used get the wright loginname and password from this list (get it here. not every router is on the list)Default router password list.
Step 4
When you have a connection in telnet or internet expolorer you need to look for user accounts.PPP, PPtP, PPeP, PPoP, or such connection protocol. If this is not correct look for anything that maybe contains any info about the ISP account of the user. Go to this option and open it. Most likely you will see a overview of user setup options. Now look for the username and password. In most case the username will be freely displayed so just write it down or what ever....The password is a different story. Allmost always the password is protected by ********* (stars) in the telnet way there is noway around it (goto another victim) but when you have a port 80 connection (http). Internet connection way open click right mouse key and select "View source" now look for the field where the star are at. most likely you can read it because in the source code the star are converted to normal ASCII text.If not get a "******** to text" convertor like snadboy's revelation V.2 (get it here) move the cursor over the ****** and....It's a miracle you can read the password.Now you have the username and password. There a million fun thing to do with that but more about that next time.check the tutorial page freqently.
Alternate to step 4:
Download Show password or something like this...
Tips.
Beware on most routers only one person can be logged on simultaneous in the router setup menu. Don't change anything in the router if you don't know what you are doing.
Note: You can skip step 2 if you wish, but I am not responsible if anything goes wrong with you...
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment