hack D-Link router admin pwd

Viewing 14 reply threads
  • Author
    Posts
    • #3883
      mark77
      Participant

      hi,
      i’m quite a newbie…so sorry if i should make idiot questions  😉

      i’m dealing with a D-Link DI-524 (Firmware version V2.04)
      The router itself has wireless set on OFF (i access it thru on AccessPoint of the same Lan i’m autheticated on)
      i can access the router Administration web page (http://router-ip Login) as “user” and
      i could download the settings backup file (which is called “config.bin“)
      i’m guessing, not sure btw, this file contains also the admin password to the router….by i can’t read it, maybe encrypted?

      so, i thought there could be another way to “retrieve” the admin pwd.
      I’ve been reading about tools like Hydra or Medusa
      but i don’t have a clue about how to use them, even where to download the suitable version (i’m using WindowsXp)

      I thank you very much for any help/suggestion.  🙂

    • #24769
      Vedder
      Participant

      Who has turned turned off the wireless?

      If an admin has turned it off then I am sure that they don’t want it turned back on.

      Is this you router?

    • #24770
      mark77
      Participant

      i’ trying to do this security test on the wireless lan of my brother (with his permission, or better he himself has asked me to do that)

      can somebody please help me about either reading the “config.bin”
      or using Medusa/Hydra on Windows (as i said the router has http web login)?
      thanks

    • #24771
      Ketchup
      Participant

      Hydra and Brutus will attack the password on the web site used to manage the router.  Both tools are incredibly easy to use.  You simply point them at the website url that requires logon, and specify a type of attack.  You can use a dictionary word list, or you can simply brute force the password.  Both tools are pretty slow.    Just search google for “brutus download” or “hydra download.” 

      As far as reading the config.bin, the password there is most likely encrypted.  You would have to first find the password in the file and then determine the hash algorithm.  I am not sure if this is a realistic attack vector.  I could be wrong though.

    • #24772
      Anonymous
      Participant

      These passwords are often poorly encoded and fairly easy to bypass if you have some time to spare. I wrote up a couple of examples from a few years back where I cracked simple password encoding schemes. If you can change the user password and look at the password hash you can used this as leverage; this in knows as a known plaintext attack.

      http://www.watersheep.org/~jim/codecracking/

      Silly question, but have you tried the default passwords for this device? admin:password for the win!

      Jimbob

    • #24773
      UNIX
      Participant

      @mark77 wrote:

      can somebody please help me […] using Medusa/Hydra on Windows (as i said the router has http web login)?
      thanks

      Don’t want to be rude but when you can’t read manuals and documentations on those tools such a test may be something which is currently above your head as they tools are really easy to handle.

    • #24774
      unsupported
      Participant

      If you are unable to use the tools you are asking about, try the simple approach.  Search for the default router password.  There are plenty of sites which will show them.  If the default password does not work and you have physical access to the device just try resetting it and then use the default password.

    • #24775
      Anonymous
      Participant

      @unsupported wrote:

      If the default password does not work and you have physical access to the device just try resetting it and then use the default password.

      Just remember to check you bro has the settings for his broadband provider if this thing is linked to an ADSL line. Otherwise this move might cause upset family harmony.

      Jimbob

    • #24776
      mark77
      Participant

      i used Bruter
      but after a few attempts (some minutes) it stopped…and the Router went offline the Lan !!???

      why?

    • #24777
      UNIX
      Participant

      As I don’t know your router model in detail maybe you just DoS’ed it? Meaning that you sent so much requests to it that it denied its further service and temporary shut down.
      Some routers will also behave like this when you entered a certain number of wrong credentials which is of course a security feature.

      Don’t you have physical access as stated by unsupported?

    • #24778
      Anonymous
      Participant

      It could be a defense mechanism in case of brute force attack but like awesec says it’s as likely to be an accidental DoS. Embedded router web servers are often very flaky under load; I’ve seen them fail following an nmap scan so the notion that a brute force attack would disable it is plausible.

      If you have the config file dumped perhaps you should reset the router to the factory default and reload the file? I think your current approach demonstrates the sledgehammer/walnut interface scenario.

      Jimbob

    • #24779
      mark77
      Participant

      as i said the router is a D-Link DI-524 (Firmware version V2.04)

      the test i’m doing is meant without physical access to it

      so, i should decrease the number of simoultaneous “connections” with Bruter ? (i set to 5)
      or the brute force will cause router’s breakdown all the same ?
      (after shutting down, should it reload by itself or not ?)

      other ways to retrieve the admin passowrd ?

    • #24780
      UNIX
      Participant

      I read that but I haven’t any experience with this particular router myself, that was what I meant.

      It sounds logical to remove the number of attempts but then it will depending on the password take you quite a long time to successfully brute the password if at all. Therefore I would say it will be hard to succeed by going this way.

      Other attack possibilities my be on exploits available for this router or its firmware (haven’t checked this) if its using an old one.

      As physical access is no possibility (..) you may try something like phisihing, social engineering etc. Also a keylogger or similar on your brothers pc may help.
      But all this are attack possibilites which have not really anything to do with the router itself and may then again not be what you are looking for.

      Another way may be to reverse engineer the file format of the config file when you assume that the credentials are stored there.

    • #24781
      former33t
      Participant

      I’ll throw in my two cents.  I’ve DOS’d more than a fair share of SoHo routers doing “testing” (of the ethical type of course).  FWIW, the quickest way to DoS the average SoHo router is to hit the DHCP server a LOT.  Most SoHo routers can’t really handle more than one or two DHCP requests at a time.  They’ll fail spectacularly (stop switching, routing to Internet, etc) long before they exhaust their IP range.

    • #24782
      mafebresv
      Participant

      May you share your config.bin? I would like to take a look on it 🙂

Viewing 14 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?