.

hack D-Link router admin pwd

<<

mark77

Newbie
Newbie

Posts: 11

Joined: Sun May 31, 2009 1:38 pm

Post Sun Jun 14, 2009 12:34 am

hack D-Link router admin pwd

hi,
i'm quite a newbie...so sorry if i should make idiot questions  ;)

i'm dealing with a D-Link DI-524 (Firmware version V2.04)
The router itself has wireless set on OFF (i access it thru on AccessPoint of the same Lan i'm autheticated on)
i can access the router Administration web page (http://router-ip Login) as "user" and
i could download the settings backup file (which is called "config.bin")
i'm guessing, not sure btw, this file contains also the admin password to the router....by i can't read it, maybe encrypted?

so, i thought there could be another way to "retrieve" the admin pwd.
I've been reading about tools like Hydra or Medusa...
but i don't have a clue about how to use them, even where to download the suitable version (i'm using WindowsXp)

I thank you very much for any help/suggestion.  :)
Last edited by mark77 on Sun Jun 14, 2009 12:45 am, edited 1 time in total.
<<

Vedder

Newbie
Newbie

Posts: 26

Joined: Sun Feb 15, 2009 5:18 am

Post Sun Jun 14, 2009 3:50 am

Re: hack D-Link router admin pwd

Who has turned turned off the wireless?

If an admin has turned it off then I am sure that they don't want it turned back on.

Is this you router?
C|EH, MCSE, MCSA: Security, Security+, Network+, A+
<<

mark77

Newbie
Newbie

Posts: 11

Joined: Sun May 31, 2009 1:38 pm

Post Sun Jun 14, 2009 1:53 pm

Re: hack D-Link router admin pwd

i' trying to do this security test on the wireless lan of my brother (with his permission, or better he himself has asked me to do that)

can somebody please help me about either reading the "config.bin"
or using Medusa/Hydra on Windows (as i said the router has http web login)?
thanks
Last edited by mark77 on Sun Jun 14, 2009 4:44 pm, edited 1 time in total.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Jun 14, 2009 8:45 pm

Re: hack D-Link router admin pwd

Hydra and Brutus will attack the password on the web site used to manage the router.  Both tools are incredibly easy to use.  You simply point them at the website url that requires logon, and specify a type of attack.  You can use a dictionary word list, or you can simply brute force the password.  Both tools are pretty slow.    Just search google for "brutus download" or "hydra download." 

As far as reading the config.bin, the password there is most likely encrypted.  You would have to first find the password in the file and then determine the hash algorithm.  I am not sure if this is a realistic attack vector.  I could be wrong though.
~~~~~~~~~~~~~~
Ketchup
<<

jimbob

Post Mon Jun 15, 2009 3:02 am

Re: hack D-Link router admin pwd

These passwords are often poorly encoded and fairly easy to bypass if you have some time to spare. I wrote up a couple of examples from a few years back where I cracked simple password encoding schemes. If you can change the user password and look at the password hash you can used this as leverage; this in knows as a known plaintext attack.

http://www.watersheep.org/~jim/codecracking/

Silly question, but have you tried the default passwords for this device? admin:password for the win!

Jimbob
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Jun 15, 2009 4:04 am

Re: hack D-Link router admin pwd

mark77 wrote:can somebody please help me [...] using Medusa/Hydra on Windows (as i said the router has http web login)?
thanks


Don't want to be rude but when you can't read manuals and documentations on those tools such a test may be something which is currently above your head as they tools are really easy to handle.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Mon Jun 15, 2009 7:23 am

Re: hack D-Link router admin pwd

If you are unable to use the tools you are asking about, try the simple approach.  Search for the default router password.  There are plenty of sites which will show them.  If the default password does not work and you have physical access to the device just try resetting it and then use the default password.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

jimbob

Post Mon Jun 15, 2009 10:30 am

Re: hack D-Link router admin pwd

unsupported wrote:If the default password does not work and you have physical access to the device just try resetting it and then use the default password.


Just remember to check you bro has the settings for his broadband provider if this thing is linked to an ADSL line. Otherwise this move might cause upset family harmony.

Jimbob
<<

mark77

Newbie
Newbie

Posts: 11

Joined: Sun May 31, 2009 1:38 pm

Post Tue Jun 16, 2009 1:29 am

Re: hack D-Link router admin pwd

i used Bruter
but after a few attempts (some minutes) it stopped...and the Router went offline the Lan !!???

why?
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Jun 16, 2009 1:45 am

Re: hack D-Link router admin pwd

As I don't know your router model in detail maybe you just DoS'ed it? Meaning that you sent so much requests to it that it denied its further service and temporary shut down.
Some routers will also behave like this when you entered a certain number of wrong credentials which is of course a security feature.

Don't you have physical access as stated by unsupported?
<<

jimbob

Post Tue Jun 16, 2009 2:33 am

Re: hack D-Link router admin pwd

It could be a defense mechanism in case of brute force attack but like awesec says it's as likely to be an accidental DoS. Embedded router web servers are often very flaky under load; I've seen them fail following an nmap scan so the notion that a brute force attack would disable it is plausible.

If you have the config file dumped perhaps you should reset the router to the factory default and reload the file? I think your current approach demonstrates the sledgehammer/walnut interface scenario.

Jimbob
<<

mark77

Newbie
Newbie

Posts: 11

Joined: Sun May 31, 2009 1:38 pm

Post Tue Jun 16, 2009 3:24 am

Re: hack D-Link router admin pwd

as i said the router is a D-Link DI-524 (Firmware version V2.04)

the test i'm doing is meant without physical access to it

so, i should decrease the number of simoultaneous "connections" with Bruter ? (i set to 5)
or the brute force will cause router's breakdown all the same ?
(after shutting down, should it reload by itself or not ?)

other ways to retrieve the admin passowrd ?
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Jun 16, 2009 3:32 am

Re: hack D-Link router admin pwd

I read that but I haven't any experience with this particular router myself, that was what I meant.

It sounds logical to remove the number of attempts but then it will depending on the password take you quite a long time to successfully brute the password if at all. Therefore I would say it will be hard to succeed by going this way.

Other attack possibilities my be on exploits available for this router or its firmware (haven't checked this) if its using an old one.

As physical access is no possibility (..) you may try something like phisihing, social engineering etc. Also a keylogger or similar on your brothers pc may help.
But all this are attack possibilites which have not really anything to do with the router itself and may then again not be what you are looking for.

Another way may be to reverse engineer the file format of the config file when you assume that the credentials are stored there.
Last edited by UNIX on Tue Jun 16, 2009 3:35 am, edited 1 time in total.
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Tue Jun 16, 2009 8:04 pm

Re: hack D-Link router admin pwd

I'll throw in my two cents.  I've DOS'd more than a fair share of SoHo routers doing "testing" (of the ethical type of course).  FWIW, the quickest way to DoS the average SoHo router is to hit the DHCP server a LOT.  Most SoHo routers can't really handle more than one or two DHCP requests at a time.  They'll fail spectacularly (stop switching, routing to Internet, etc) long before they exhaust their IP range.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

mafebresv

Newbie
Newbie

Posts: 6

Joined: Fri Jun 19, 2009 8:27 am

Location: Switzerland

Post Sat Jun 20, 2009 7:08 pm

Re: hack D-Link router admin pwd

May you share your config.bin? I would like to take a look on it :-)
SCJA - CRCEP - CREA - CEH

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software