sil3nce

I'm sure you're right, but I'm still too noobie to know exactly what I would do to probe. If I can't crack the WPA algorithm it seems like the router wouldn't communicate. I imagine there is something I'm missing. I won't ask for a tutorial :P but maybe a tip on where to direct my research. Looking at the chip set for vulnerabilities. But how do I probe? Wireshark would just watch, right? Nmap, ping, netcat, etc can't communicate unless I'm connected, right? Or is the approach from the public side?

OH I understand now! So essentially all routers from the ISP broadcast to the public and create a public wifi network that anyone can access? Right? If so, that's fantastic! There is nothing worse than needing wifi and having no open networks anywhere nearby. You're right. The remote management needs never to be active. Unless I suppose I need to fix my grandmother's wireless from China :P. Were I you I would be very interested in the holes made available by this extra "cloud". But I'm still not sold that a crappy 15RMB router is unhackable. But I'm wondering if the only access is through a social hole. Either a trojan or physical access. My goal is to access this router without either. Especially since social engineering is rather silly when I'm attacking myself...

So if I understand this correctly, you can connect to your own router remotely and use the bandwidth through there? Like a VPN? Don't you need a net connection to get to your router? I'm from the US, living in China, and I'm not familiar with that. Unless I'm just not quite sure what you're talking about. :P I'll try accessing the router via the external IP when I have a chance, but if I can not access the management and I can't brute force my way in by capturing IVS then what other options are there? I mean it's a super cheap junkie router. It can't be unhackable. It seems too easy for the management menu to be accessible from the outside, when the remote management is off by default.

I was afraid that would be the answer. It would be really cheap to replace it with a route I know the password to, cause it's my router :P :P P However, these routers are as common as flies, so were I wanted to get into someone else's that would be a very clever and 007 kind of solution. I'm very interested in this. I've never thought about hacking the admin panel when I wasn't already connected. How would I go about doing that? If I'm not connected then I can't just enter the gateway via http. I don't necessarily need a tutorial, but maybe a few bread crumbs to follow :P Thanks guys!!!!

So I know that the router generates random passwords in this structure: xxxx-xxxx-xxxx It uses all loweralphnumeric and includes the dashes, but no other special characters. I've been reading about generating rainbow tables, but all the options include too much, or wont allow me to generate 12 character long passwords. But I don't know if I totally understand the process yet, I'm still reading. Does anyone know a good way of generating either plaintext dictionary or rainbow tables that fit this specific format only? I want to create a dictionary that includes all possible combinations for this format. Correct me if I'm wrong, but there should be: 62^12 = 3,226,266,762,397,899,821,056 possible combinations? This if for my personal TP-Link router that I bought. Noticed this default password formatting and want to see if I can generate a customized table for it. Really appreciate any advice or input.