hi,
i'm quite a newbie...so sorry if i should make idiot questions  

i'm dealing with a D-Link DI-524 (Firmware version V2.04)
The router itself has wireless set on OFF (i access it thru on AccessPoint of the same Lan i'm autheticated on)
i can access the router Administration web page (http://router-ip Login) as "user" and
i could download the settings backup file (which is called "config.bin")
i'm guessing, not sure btw, this file contains also the admin password to the router....by i can't read it, maybe encrypted?

so, i thought there could be another way to "retrieve" the admin pwd.
I've been reading about tools like Hydra or Medusa...
but i don't have a clue about how to use them, even where to download the suitable version (i'm using WindowsXp)

I thank you very much for any help/suggestion.  

i' trying to do this security test on the wireless lan of my brother (with his permission, or better he himself has asked me to do that)

can somebody please help me about either reading the "config.bin"
or using Medusa/Hydra on Windows (as i said the router has http web login)?
thanks

These passwords are often poorly encoded and fairly easy to bypass if you have some time to spare. I wrote up a couple of examples from a few years back where I cracked simple password encoding schemes. If you can change the user password and look at the password hash you can used this as leverage; this in knows as a known plaintext attack.

http://www.watersheep.org/~jim/codecracking/

Silly question, but have you tried the default passwords for this device? admin:password for the win!

Jimbob

If you are unable to use the tools you are asking about, try the simple approach.  Search for the default router password.  There are plenty of sites which will show them.  If the default password does not work and you have physical access to the device just try resetting it and then use the default password.

i used Bruter
but after a few attempts (some minutes) it stopped...and the Router went offline the Lan !!???

why?

It could be a defense mechanism in case of brute force attack but like awesec says it's as likely to be an accidental DoS. Embedded router web servers are often very flaky under load; I've seen them fail following an nmap scan so the notion that a brute force attack would disable it is plausible.

If you have the config file dumped perhaps you should reset the router to the factory default and reload the file? I think your current approach demonstrates the sledgehammer/walnut interface scenario.

Jimbob

I read that but I haven't any experience with this particular router myself, that was what I meant.

It sounds logical to remove the number of attempts but then it will depending on the password take you quite a long time to successfully brute the password if at all. Therefore I would say it will be hard to succeed by going this way.

Other attack possibilities my be on exploits available for this router or its firmware (haven't checked this) if its using an old one.

As physical access is no possibility (..) you may try something like phisihing, social engineering etc. Also a keylogger or similar on your brothers pc may help.
But all this are attack possibilites which have not really anything to do with the router itself and may then again not be what you are looking for.

Another way may be to reverse engineer the file format of the config file when you assume that the credentials are stored there.

May you share your config.bin? I would like to take a look on it :-)