Brute Force A Router??
This was a question possed to me by a co-worker of mine. We both are computer techs at a small company. Nothing major mainly just removal of viruses and spyware, and general up keep of home computers. After doing a deminstration of why you need to have a bit of a complex WPA key for your home network my co-worked asked me if someone got into the network would they be able to get the password to the router and change your settings locking you right out of it and allowing them self full control of the router unless it was reset? Im sure there is a way but I was wondering if someone would be able to point me in the right direction of how to do that. I think that would really be a great idea for a add on step to that demistration. Thank you all.
Yes, it's trivial. Once the attacker is on the WLAN, they can easy attack any device on the WLAN/LAN, including the router. As to how, they could:
- Try the defaults username/password. Most users never change these.
- Grab the password via a sniffer.
- Grab SNMP private data via a sniffer.
- Brute force the router's logon.
Thorn
Stop the TSA now! Boycott the airlines.
Trivial on older routers certainly. On the newer routers I have come across there is an option you must enable to allow access to the administrative website from the WLAN interface. On the Linksys I have, the default is disabled i.e. no one can login to the AP administrative website from the WLAN side. You must be physically plugged into the router to access the website. And we all know that if you have physical access to the hardware the game is over.Originally Posted by Thorn
I like the bleeding edge, but I don't like blood loss
Well since its asked to me by a computer tech I would imagin that if I were to use a sniffer then he will just say well if I never log in after my original setup then no packets are there to be sniffed. Since brute force would really be the way to go if the people on the network ever log into the router. What program would I go about researching for that? I have never done a brute force attack so any advice would be helpful.
Hydra or Medusa.
Thorn
Stop the TSA now! Boycott the airlines.
Anyone know of a good tutorial on either hydra or medusa?
It's very easy
enjoy!
Hydra :benjy-blog.blogspot.com/2008/09/hydra-gtk-video.html
Medusa : benjy-blog.blogspot.com/2008/09/medusa-video.html
++
Unless they take control of a pc on the lan. Then they would be connecting from the wired side.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
also remember that statistically speaking many people use the same passwords or a mangled form of that password for many applications. So if you sniff out the admins gmail pw there is a good chance that the ap pw will be the same or very similer. You could also DOS the router untill you force someone to log in and check it out.
One thing I've been wondering about, is there any way to fool a router into thinking that a WLAN client is actually physically connected to the router? One would think that if you can fool clients into thinking that your comp is a router that it should be just as easy to fool a router into thinking that you are a wired client.
Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."
Neo: "What if I take both?"
Morpheus: "Don't do that! You end up like Nick Nolte!"
Okay now this is prob going to come back and haunt me after posting this but I have to ask what is DOS? The only thing that keeps coming to mind is the old school prompt based OS before Windows. Im pretty sure Im not right, but being that Im still kinda new to the cracking and pentesting thing I ask.
Posting Permissions
