.

Router User Pass Hack

<<

serfczar

Newbie
Newbie

Posts: 4

Joined: Sat Aug 11, 2007 3:02 am

Post Sat Aug 11, 2007 3:06 am

Router User Pass Hack

Hi, my isp provided me with a router that neither they nor I know the password to. They pointed me towards the manufacturer to get the password but they don't know it either. The isp obviously changed some settings in it to get it to work with the dsl connection.

I'm trying to set up apache and I need to get into the settings of this router to effectively know what is going on with my network.

Does anyone here know a way to get the user and pass details for this router?

I thought about using brutus, would this be the best approach?
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Aug 11, 2007 3:14 am

Re: Router User Pass Hack

Welcome to EH-Net. Interesting that they didn't provide the PW or a way to change it. But, without the name of the manufacturer and the model, probably won't be able to offer much help.  ???

Many routers have a way to reset it back to the default settings by holding a button or something while restarting it. Did you ask them if they have such an option?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Sat Aug 11, 2007 7:11 am

Re: Router User Pass Hack

Please provide the Product Name / Model Number for the router so that we can try finding the default username and password for the product.
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

serfczar

Newbie
Newbie

Posts: 4

Joined: Sat Aug 11, 2007 3:02 am

Post Sat Aug 11, 2007 9:50 am

Re: Router User Pass Hack

If I reset the router my IPTV no longer will work.

This is a COMTREND adsl 2+ router.
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Sat Aug 11, 2007 12:08 pm

Re: Router User Pass Hack

Try the default password for these models:

Comtrend ct-536+ HTTP admin admin Admin
Comtrend ct-536+ HTTP admin 1234 Admin

Also, a good list for default username and passwords for routers:

http://www.irintech.com/x1/blogarchive.php?id=764
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

serfczar

Newbie
Newbie

Posts: 4

Joined: Sat Aug 11, 2007 3:02 am

Post Sun Aug 12, 2007 12:13 pm

Re: Router User Pass Hack

tried it, no avail. model number ct-5621
<<

jimbob

Post Sun Aug 12, 2007 3:26 pm

Re: Router User Pass Hack

Hi,
There is often a way to reset a router to the factory settings, which ought to reset the password to the default. This will of course remove any configuration changes the ISP has made. You may be able to find a manual for your router on the net if you've not been supplied with one by your ISP.

Regards,
Jim
<<

serfczar

Newbie
Newbie

Posts: 4

Joined: Sat Aug 11, 2007 3:02 am

Post Mon Aug 13, 2007 7:28 pm

Re: Router User Pass Hack

I've already stated that I don't want to reset it because it will take off settings my isp put on it, then my iptv will not work.
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Mon Aug 13, 2007 7:48 pm

Re: Router User Pass Hack

If your default password is not working and if you do not want to reset the router, then the next best option is to break it. Various options are available - brutus is a good option as it currently supports HTTP and telnet.
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

LSOChris

Post Mon Aug 13, 2007 9:04 pm

Re: Router User Pass Hack

why dont you call your ISP, tell them your router "is not working" and have them bring you a new one that they do know the password for?
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Aug 13, 2007 10:13 pm

Re: Router User Pass Hack

ChrisG wrote:why dont you call your ISP, tell them your router "is not working" and have them bring you a new one that they do know the password for?


Amen.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Aug 14, 2007 12:31 am

Re: Router User Pass Hack

But that takes all the fun out of it, doesn't it?  ::)

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kev

Post Wed Aug 22, 2007 9:33 am

Re: Router User Pass Hack

True that!  Besides cracking the router password should not be too difficult if its any kind of default password.  The first thing to do is try old fashion password cracking. You manually enter every default router password , even for other manufacturers, that you can find. This might take a little time but thats how it was done years ago. Some determined hackers would spend days trying to guess the password. If the router doesn't have a lock out function, you could write a simple bash script to do it for you assuming you have a pre-complied list of common passwords.  If you get no where, then try more phone calls to the ISP. Try to get beyond the help desk and use a little social engineering. You might be surprised how far you get if you just use a little friendly persuasion and remember that somebody knows the password there!  Any way, this can be a wonderful exercise in basic password cracking if one is into it and its legal! 
Last edited by Kev on Wed Aug 22, 2007 9:37 am, edited 1 time in total.
<<

jimbob

Post Wed Aug 22, 2007 11:11 am

Re: Router User Pass Hack

If you have access to a firmware image for the modem you could try to extract the password from it. I did this once on a conexant-based router. My write up of the actions I took to do this is here...

http://www.watersheep.org/~jim/codecrac ... exant.html

Regards,
Jimbob

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software