Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Brute Force A Router??

  1. #1
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool Brute Force A Router??

    This was a question possed to me by a co-worker of mine. We both are computer techs at a small company. Nothing major mainly just removal of viruses and spyware, and general up keep of home computers. After doing a deminstration of why you need to have a bit of a complex WPA key for your home network my co-worked asked me if someone got into the network would they be able to get the password to the router and change your settings locking you right out of it and allowing them self full control of the router unless it was reset? Im sure there is a way but I was wondering if someone would be able to point me in the right direction of how to do that. I think that would really be a great idea for a add on step to that demistration. Thank you all.

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Yes, it's trivial. Once the attacker is on the WLAN, they can easy attack any device on the WLAN/LAN, including the router. As to how, they could:

    • Try the defaults username/password. Most users never change these.
    • Grab the password via a sniffer.
    • Grab SNMP private data via a sniffer.
    • Brute force the router's logon.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by Thorn View Post
    Yes, it's trivial. Once the attacker is on the WLAN, they can easy attack any device on the WLAN/LAN, including the router. As to how, they could:

    • Try the defaults username/password. Most users never change these.
    • Grab the password via a sniffer.
    • Grab SNMP private data via a sniffer.
    • Brute force the router's logon.
    Trivial on older routers certainly. On the newer routers I have come across there is an option you must enable to allow access to the administrative website from the WLAN interface. On the Linksys I have, the default is disabled i.e. no one can login to the AP administrative website from the WLAN side. You must be physically plugged into the router to access the website. And we all know that if you have physical access to the hardware the game is over.
    I like the bleeding edge, but I don't like blood loss

  4. #4
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool

    Well since its asked to me by a computer tech I would imagin that if I were to use a sniffer then he will just say well if I never log in after my original setup then no packets are there to be sniffed. Since brute force would really be the way to go if the people on the network ever log into the router. What program would I go about researching for that? I have never done a brute force attack so any advice would be helpful.

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by kdiggity317 View Post
    Well since its asked to me by a computer tech I would imagin that if I were to use a sniffer then he will just say well if I never log in after my original setup then no packets are there to be sniffed. Since brute force would really be the way to go if the people on the network ever log into the router. What program would I go about researching for that? I have never done a brute force attack so any advice would be helpful.
    Hydra or Medusa.
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool

    Anyone know of a good tutorial on either hydra or medusa?

  7. #7
    Just burned his ISO benjy's Avatar
    Join Date
    Feb 2008
    Posts
    14

    Default

    Quote Originally Posted by kdiggity317 View Post
    Anyone know of a good tutorial on either hydra or medusa?
    It's very easy

    enjoy!

    Hydra :benjy-blog.blogspot.com/2008/09/hydra-gtk-video.html

    Medusa : benjy-blog.blogspot.com/2008/09/medusa-video.html

    ++

  8. #8
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by bofh28 View Post
    Trivial on older routers certainly. On the newer routers I have come across there is an option you must enable to allow access to the administrative website from the WLAN interface. On the Linksys I have, the default is disabled i.e. no one can login to the AP administrative website from the WLAN side. You must be physically plugged into the router to access the website. And we all know that if you have physical access to the hardware the game is over.
    Unless they take control of a pc on the lan. Then they would be connecting from the wired side.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  9. #9
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    also remember that statistically speaking many people use the same passwords or a mangled form of that password for many applications. So if you sniff out the admins gmail pw there is a good chance that the ap pw will be the same or very similer. You could also DOS the router untill you force someone to log in and check it out.

    One thing I've been wondering about, is there any way to fool a router into thinking that a WLAN client is actually physically connected to the router? One would think that if you can fool clients into thinking that your comp is a router that it should be just as easy to fool a router into thinking that you are a wired client.
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

  10. #10
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool

    Okay now this is prob going to come back and haunt me after posting this but I have to ask what is DOS? The only thing that keeps coming to mind is the old school prompt based OS before Windows. Im pretty sure Im not right, but being that Im still kinda new to the cracking and pentesting thing I ask.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •