Fritz Box Admin Password
Hi, i hope that somebody can help me here, iīm trying to get the Admin Pass from a german w-lan router "Fritz Box 7170".
Iīm reading the Cracking Passwords Version 0.8 Guide from the tutorial section right now and i wanted to give it a try with Hydra. But iīm a real noob with this so i hope somebody can help me because i donīt even know where to start. I guess the main problem is that i have no idea where to pass the password to. The tutorial uses a Linksys WRT54GL and the frame source mentions this line: /cgi-bin/login.exe:pws=^PASS^:loginpserr.htm which makes it obvious where the password belongs. However i have no idea where the password is mentioned for my Fritz Box router.
this is the login screen for my router (it basically says enter password):
this is the login screen when i enter an incorrect password ( it says incorrect password, please wait 8 seconds):
this is the frame source:
where do i pass the password to? and is it even possible to brute force the router if there is an increasing waiting time every time you enter a wrong password?
thanks for help
I don't know if you have read these or can read them but there is a lot of info about the fritz box on this german site
Originally Posted by Doyle
Teil 2 seems to have a good bit of info about controlling or fernsteuern over internet.
Not sure if any of that will help you out though.
yeah thanks but iīve already read that page and itīs only about adding some additional software to your router that i donīt need (they call it hacks -.-).
Originally Posted by archangel.amael
i just need to get past the admin passwort so i can access the normal router settings.
doesn't show us anything about the form used to gather and submit the information.
well where else should i look?
Originally Posted by thorin
edit: ok i think i found something with wireshark. i donīt really know how to use it though.
if i go to my routers page and enter a wrong pass i get this:
Hypertext Transfer Protocol
POST /cgi-bin/webcm HTTP/1.1\r\n
Request Method: POST
Request URI: /cgi-bin/webcm
Request Version: HTTP/1.1
Line-based text data: application/x-www-form-urlencoded
getpage=..%2Fhtml%2Findex_inhalt.html&errorpage=.. %2Fhtml%2Findex_inhalt.html&var%3Apagename=home&va r%3Amenu=home&var%3Apagemaster=&=&login%3Acommand% 2Fpassword=testpass&var%3AloginDone=1
testpass was the (wrong) pass that i used which is clearly visible with wireshark... but i still donīt know which part i have to use in Hydra.
plus the waiting time for trying a new password goes easily up to 2 minutes after a few manual tries... somehow i think this router is well protected :(