Results 1 to 6 of 6

Thread: Router and http code to test passwords

Hybrid View

  1. #1
    dlink
    Guest

    Default Router and http code to test passwords

    Hi, i'am trying to write a program to test computers on my lan and i trying to test to see if i can try the default username and password to logon to a broadband and wireless router.

    What i've got so far is
    Connect to router(192.168.0.1)
    connect to port(80)
    GET / HTTP/1.1

    Then would i do something like
    PUT .......
    to enter the user and pass .
    And how would I know if its succeded, would i have recive, and see if it returns the homepage.

    I've tryed to look at the data with wireshark and etthercap but i didn't find the command to add the user and pass.

    Thanks in advanced

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by dlink View Post
    Hi, i'am trying to write a program to test computers on my lan and i trying to test to see if i can try the default username and password to logon to a broadband and wireless router.

    What i've got so far is
    Connect to router(192.168.0.1)
    connect to port(80)
    GET / HTTP/1.1

    Then would i do something like
    PUT .......
    to enter the user and pass .
    And how would I know if its succeded, would i have recive, and see if it returns the homepage.

    I've tryed to look at the data with wireshark and etthercap but i didn't find the command to add the user and pass.

    Thanks in advanced
    http://forums.remote-exploit.org/sho...ighlight=hydra

    For your next task, you might want to try to re-invent the wheel, or possibly fire.

    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    dlink
    Guest

    Default

    I allready know about hydra thanks, but i needed to incorprate it into my program.
    Could you help me out in that area.

    Just a side topic, but if you can enter username and pass to a feild ,useing the virtual the same commands you should beable to open a port with port forwarding, which hydra doesn't do. If some one can tell me how to enter feilds like user and pass then i could work out how to open fowadring.

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by dlink View Post
    Hi, i'am trying to write a program to test computers on my lan and i trying to test to see if i can try the default username and password to logon to a broadband and wireless router.

    What i've got so far is
    Connect to router(192.168.0.1)
    connect to port(80)
    GET / HTTP/1.1

    Then would i do something like
    PUT .......
    to enter the user and pass .
    And how would I know if its succeded, would i have recive, and see if it returns the homepage.

    I've tryed to look at the data with wireshark and etthercap but i didn't find the command to add the user and pass.

    Thanks in advanced
    I'm not sure what the point of this is but the easiest thing to do would be to right a bash script. input the ip and feed it to the command line version of hydra with a script of default user names and passwords made from the phenolite list. automating the connect seems silly because if you were on a large network with 20 routers you would get 20 browser windows open. If hydra returns a user name and password then you know its vunerable.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Please check RFC2616 for the answers to your questions:
    http://www.w3.org/Protocols/rfc2616/rfc2616.html

    Then read up on HTML forms:
    http://www.google.com/search?q=html+forms

    Then read up on HTML form actions:
    http://www.google.com/search?q=html+forms+actions

    Then read up on HTTP GET and POST:
    http://www.google.com/search?q=http+get+post

    Now you should be able to viewsource of the login form(s) and figure out how to programatically assemble the necessary HTTP (or HTTPs) requests to perform the automation you're looking for.

    Edit: Oh I forgot part, you'll also need to read up on HTTP response codes so you can figure out if you successfully logged in or not. (Maybe program exit codes too depending on how you decide to go about this .... if you use wget or similar and shell script it then you'll need to check $errorlevel or %errorlevel%)
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    dlink
    Guest

    Default

    thorin, Thanks you for the links it was what i was looking for.
    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •