Results 1 to 5 of 5

Thread: Fritz Box Admin Password

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    3

    Default Fritz Box Admin Password

    Hi, i hope that somebody can help me here, iīm trying to get the Admin Pass from a german w-lan router "Fritz Box 7170".

    Iīm reading the Cracking Passwords Version 0.8 Guide from the tutorial section right now and i wanted to give it a try with Hydra. But iīm a real noob with this so i hope somebody can help me because i donīt even know where to start. I guess the main problem is that i have no idea where to pass the password to. The tutorial uses a Linksys WRT54GL and the frame source mentions this line: /cgi-bin/login.exews=^PASS^:loginpserr.htm which makes it obvious where the password belongs. However i have no idea where the password is mentioned for my Fritz Box router.

    this is the login screen for my router (it basically says enter password):

    //img517.imageshack.us/img517/3835/97724497.jpg

    this is the login screen when i enter an incorrect password ( it says incorrect password, please wait 8 seconds):

    //img120.imageshack.us/img120/1683/62855744.jpg

    this is the frame source:

    //img98.imageshack.us/img98/8746/85957121.jpg

    where do i pass the password to? and is it even possible to brute force the router if there is an increasing waiting time every time you enter a wrong password?

    thanks for help

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Doyle View Post
    Hi, i hope that somebody can help me here, iīm trying to get the Admin Pass from a german w-lan router "Fritz Box 7170".
    I don't know if you have read these or can read them but there is a lot of info about the fritz box on this german site
    Teil 2 seems to have a good bit of info about controlling or fernsteuern over internet.
    Not sure if any of that will help you out though.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    3

    Default

    Quote Originally Posted by archangel.amael View Post
    I don't know if you have read these or can read them but there is a lot of info about the fritz box on this tecchannel.de/server/extra/432803/tuning_hacks_fritzbox_fritz_box_erweiterungen_ftp_ telnet/index.html"]german site
    Teil 2 seems to have a good bit of info about controlling or fernsteuern over internet.
    Not sure if any of that will help you out though.
    yeah thanks but iīve already read that page and itīs only about adding some additional software to your router that i donīt need (they call it hacks -.-).
    i just need to get past the admin passwort so i can access the normal router settings.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    img98.imageshack.us/img98/8746/85957121.jpg

    doesn't show us anything about the form used to gather and submit the information.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    3

    Default

    Quote Originally Posted by thorin View Post
    img98.imageshack.us/img98/8746/85957121.jpg

    doesn't show us anything about the form used to gather and submit the information.
    well where else should i look?

    edit: ok i think i found something with wireshark. i donīt really know how to use it though.

    if i go to my routers page and enter a wrong pass i get this:

    Hypertext Transfer Protocol
    POST /cgi-bin/webcm HTTP/1.1\r\n
    Request Method: POST
    Request URI: /cgi-bin/webcm
    Request Version: HTTP/1.1

    Line-based text data: application/x-www-form-urlencoded

    getpage=..%2Fhtml%2Findex_inhalt.html&errorpage=.. %2Fhtml%2Findex_inhalt.html&var%3Apagename=home&va r%3Amenu=home&var%3Apagemaster=&=&login%3Acommand% 2Fpassword=testpass&var%3AloginDone=1

    testpass was the (wrong) pass that i used which is clearly visible with wireshark... but i still donīt know which part i have to use in Hydra.
    plus the waiting time for trying a new password goes easily up to 2 minutes after a few manual tries... somehow i think this router is well protected

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •