Results 1 to 2 of 2

Thread: Breaking into my 2wire 2701HG-G router

  1. #1
    Just burned his ISO
    Join Date
    Jan 2011
    Posts
    2

    Exclamation Breaking into my 2wire 2701HG-G router

    Hi Backtrack users,

    I have a 2wire 2701HG-G router (router+modem) and I am trying to have access to the advanced management panel. Let me explain.

    This router comes from my ISP (and I bought it, not rented). There is a basic administration panel that I have access to where I can forward ports, setup my WiFi, remote access and more. This panel is available at my gateway address through HTTP.

    There's also another administration panel (more advanced) allowing me to bridge connections, increase WiFi signal power, blocking websites and even more. This panel is available at a hidden URL ( http://192.168.1.254/mdc ), but it requires a password (serial number according to the label). I tried the one on my box and it isn't working. 2wire have a couple of keys on their site, but I tried them all. Not working.

    Also, I found that my router is accessible remotely by default. This option can only be turned on from the "advanced" panel. It's available through SSL, port 50001. The protection there is an .htaccess.

    Code:
    root@azerox:~/hydra/dico# nmap ********* --version-all -PN
    
    Starting Nmap 5.00 ( http://nmap.org ) at 2011-01-06 00:22 EST
    Interesting ports on ************* (***************):
    Not shown: 999 filtered ports
    PORT      STATE SERVICE
    50001/tcp open  unknown
    
    Nmap done: 1 IP address (1 host up) scanned in 75.22 seconds
    I'm a bit pissed off to have all these functions unavailable. I read a lot on the Internet, and nobody seems to have accessed this "advanced" panel. The only way to do so (that I found) is to flash the firmware using a firmware from another company (since the 2701HG-G is not available on the Internet). The bad thing about that is that the firmware isn't for this exact model, leaving some functions behind and probably making the router a bit unstable in some cases.

    There's also a couple of exploit to reset the password available online, but I tried them all. I also read this post ( http://www.backtrack-linux.org/forum...ny-signal.html ) and it didn't gave me much information.

    I contacted the tech support of my ISP (Bell Canada) and they don't want to help me out. They told me they don't have this information, but they sure do. They can reboot remotely any router they sold, and the only way the could is through this "backdoor".

    The only ways I see to break in is by:


    The good thing about cracking the HTTP form is that I only have to find the password, so only 1 field to have good. The bad thing is that the router reply after a request is really slow.

    The good thing about cracking the .htaccess is that it's kind of fast (3000 tries per minute). The bad thing is that if I have the wrong login, I have to start all over again. I guessed the login to be admin or root.

    The password list I am using is the "RockYou" one on this site: http://www.skullsecurity.org/wiki/index.php/Passwords.

    I also thought about doing a "MITM" attack, by connecting myself between my router and the phone line, sniffing the path and asking them through tech support to reboot my router.

    | ROUTER | -------- | MY PC | ----- | PHONE LINE | ----- | ISP|

    When they send the request, I would intercept it. Since it's SSL 128-bit, I guess it's impossible to decode any information out of it, but still, just saying in case.

    Any other idea to simplify this task?

    I am running hydra right now. If you have any idea, please, reply!

    Code:
    hydra -S -s 50001 -l admin -P english.txt MY_IP_ADDRESS https-head / -v -V -t 30 -o match.txt
    Thanks a lot!

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Breaking into my 2wire 2701HG-G router

    We can not support you. You will need to contact your ISP or the person who you have the router contract with.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. 2wire router admin password deny signal
    By otkaz in forum Beginners Forum
    Replies: 10
    Last Post: 11-30-2010, 02:27 PM
  2. breaking into existing socket connection
    By trackh4t in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-24-2009, 08:55 PM
  3. Breaking the wpa encryption Cumunity project
    By compaq in forum OLD Programming
    Replies: 3
    Last Post: 11-30-2008, 02:35 PM
  4. Breaking LEAP w/ ASLEAP
    By topless04 in forum OLD Wireless
    Replies: 0
    Last Post: 04-01-2008, 04:25 PM
  5. Problem connecting to 2wire router
    By Dridhas in forum OLD Newbie Area
    Replies: 2
    Last Post: 10-27-2007, 11:17 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •