Bruteforcing router login tips (D-link DIR-655)

Learn how to test your wireless network security. Is your mobile phone safe to talk on? Is DSL internet really 100% safe or can it be hacked?!

Bruteforcing router login tips (D-link DIR-655)

Postby XaneXXXX » Sat Mar 07, 2015 4:52 pm

Image

As you can see in the picture, the login form is not the usual one that most routers have, from what i know most of them have the normal "popup" login form. I have tried using THC-Hydra on this which i normally use when i'm bruteforcing, but hydra can't do this since the username thing is kind of weird.. Or maybe it can only that i don't know how?
When i click the User name tab i can choose between Admin and User, if i select User i can login with a blank password, but i can't change a thing in the settings since i need the Admin account for that.
I also tried using Burpsuite to capture the login data so that i can do a normal http-post bruteforce, but that didn't work either since the router page redirects TWO times before getting to the login page and Hydra can only work with one redirect.

Has anyone encountered this kind of login before?

The login form is also "/login.asp" in the end, not login.php like many others. I don't know anything about .asp lol

Cheers! :)
User avatar
XaneXXXX
Moderator
Moderator
 
Posts: 114
Joined: Sun May 08, 2011 11:19 pm
Location: Dark Zone

Re: Bruteforcing router login tips (D-link DIR-655)

Postby Sethioz » Sat Mar 07, 2015 9:01 pm

Brutus? i never got it to work, but i did a messy manual bruteforce on some sites.
I put together a wordlist and used commview to monitor the responses. Ofcourse i had controlled environment of the page too, so i knew what is the response for "wrong pass" and "right pass".
So i set commview to monitor and STOP recording packets when "right pass" packet was received. so basically i just spammed it with tons of passwords and commview stopped it right after right pass, then i had to go thru last 3-10 passwords manually, cuz i set it to send like 100 per second.

as i said, messy method, but worked. so you need to get a hold of router you know the pass for.

I'm not a programmer, so hard for me to write a custom program, but in terms it's easy to write a simple tool to "check" passwords.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Bruteforcing router login tips (D-link DIR-655)

Postby XaneXXXX » Sat Mar 07, 2015 9:29 pm

Thanks for your answer, i will check it out! :)
User avatar
XaneXXXX
Moderator
Moderator
 
Posts: 114
Joined: Sun May 08, 2011 11:19 pm
Location: Dark Zone

Re: Bruteforcing router login tips (D-link DIR-655)

Postby Sethioz » Tue Mar 10, 2015 5:04 pm

i just have to ask, did you try defaults? such as admin:admin or "admin:password" ..etc and googled it too?
I cracked 1 network that uses d-link, it was admin:admin
some are case sensitive and use like Administrator:admin or Administrator:administrator ..etc

there are only very few routers that use some random combination as password and they write it on back of the router, rest use some defaults and people very rarely change the logins.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Bruteforcing router login tips (D-link DIR-655)

Postby XaneXXXX » Fri Mar 13, 2015 11:36 am

Yes of course. That was the first thing i tried. I googled for the default passwords for that router including just a blank password. none of them worked. I'm not 100% sure that i tried it with uppercase. Will test right now and get back to you.

Update: Didn't work :(
User avatar
XaneXXXX
Moderator
Moderator
 
Posts: 114
Joined: Sun May 08, 2011 11:19 pm
Location: Dark Zone

Re: Bruteforcing router login tips (D-link DIR-655)

Postby XaneXXXX » Fri Mar 13, 2015 12:08 pm

I found this: http://securityadvisories.dlink.com/sec ... e=SAP10048

But i can't really understand how i can use this, not good with site exploits. Any ideas? :)

The firmware version for the router is 2.0.0, and the exploit was found on a later firmware. So it should work on this too.
User avatar
XaneXXXX
Moderator
Moderator
 
Posts: 114
Joined: Sun May 08, 2011 11:19 pm
Location: Dark Zone

Re: Bruteforcing router login tips (D-link DIR-655)

Postby Sethioz » Fri Mar 13, 2015 10:05 pm

I think that admin password exploit has been patched long ago, if not, then he talks about IP hijacking.
like in some area there was a wifi hotspot (paid ofc) and i hijacked somebody's MAC and changed mine and i was able to his paid internet. MAC works exactly like IP.
IP is assigned based on MAC (in local area network) or maybe based on PC name. So if both machines have same MAC and IP, then router is not able to tell the difference between the machines. so if 1 user is logged in as admin and you hijack the IP and/or MAC, then router is not able to tell the difference and thinks that it's same machine.

imagine if you'd have 2 cloned SIM cards, they would both act as one. or if you have 2 mice on PC, they act as same.
but going direct to pages, not sure how that works, i think it all relys on having 1 user logged in as admin, so it's almost a no go, since i doubt anyone would sit there on admin page. anyone who uses admin page configures the router manually and there's no way you would have gotten the wifi pass in the first place, so i guess it's out of question.

unless you "ask" for it nicely :) have some fake page, lock him out of wifi and force him to log into admin and monitor at same time.
usually such fake pages work fine, cuz ppl are retarded and have no idea that they got screwed :)
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Bruteforcing router login tips (D-link DIR-655)

Postby XaneXXXX » Sat Mar 14, 2015 2:28 am

Yeah i was thinking of using that as a last resort, just cloning the page and force him to it with arp spoof or something similar :)
User avatar
XaneXXXX
Moderator
Moderator
 
Posts: 114
Joined: Sun May 08, 2011 11:19 pm
Location: Dark Zone

Re: Bruteforcing router login tips (D-link DIR-655)

Postby Sethioz » Sun Mar 15, 2015 10:41 am

i need to ask someone to write a custom tool to bruteforce any type of HTML page. brutus is similar, but its like 2000 or older and it's rather useless. i never got it to work.
some simple tool that would do "do THIS" and "STOP if you find THIS". then you can leave it to guess passwords and it auto stops when password is found.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Bruteforcing router login tips (D-link DIR-655)

Postby XaneXXXX » Mon Mar 16, 2015 3:47 am

hmm yeah, there is a tool called "Sentry". I have it if you want it. 1.4 is the latest version. It's a great program. But it's too advanced for me.

The program can handle redirects, bypass most of the cookies (it auto update session cookies etc). It can also bypass SOME captchas.

But if you can understand and learn the tool. it can bruteforce almost any website.
User avatar
XaneXXXX
Moderator
Moderator
 
Posts: 114
Joined: Sun May 08, 2011 11:19 pm
Location: Dark Zone

Re: Bruteforcing router login tips (D-link DIR-655)

Postby Sethioz » Sat Mar 21, 2015 12:14 pm

if it's freeware, then post it here. if not, put into private section and make sure you encrypt the .rar + files, then include pass in there.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: Bruteforcing router login tips (D-link DIR-655)

Postby XaneXXXX » Sun Mar 22, 2015 2:59 am

Yeah it's a freeware, uploading latest version 1.4.1.

If you try the program please tell me if you understand it/have any use for it. Would love to learn some more about it, not that many tutorials about the advanced stuff.
Attachments
Sentry_MBA.rar
(9.55 MiB) Downloaded 645 times
User avatar
XaneXXXX
Moderator
Moderator
 
Posts: 114
Joined: Sun May 08, 2011 11:19 pm
Location: Dark Zone

Re: Bruteforcing router login tips (D-link DIR-655)

Postby Sethioz » Sun Mar 22, 2015 10:03 am

Is that ... written by a girl? or what's with all those pink anima thingies that girls love?
anyway it doesn't look so complex, but can't bother testing it atm. I might just install some test site to take a whack at, disable the flood protection and lock outs just to see how it works.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown


Return to Wireless / Network / Internet / Mobile > Hacking / Cracking / Exploiting / Researching

Who is online

Users browsing this forum: No registered users and 3 guests

cron