Jump to content

DLink Exploit?

PoyBoy

By PoyBoy
in Questions

 Share

Recommended Posts

PoyBoy Newbie

PoyBoy

Posted
Posted

My friend, I shall call him J, has one of the Dlink Xtreme G routers (I think that it is a DI-624.) Well, anyways, J is 17 and his dad doesn't want him to have wirelesss internet in his room, but his mom got him a trendnet usb NIC and J uses that. However, the router's admin webservice thingy is locked, and J wants to get in. (he said something about portforarding for bittorent.)

I'm wondering if there is any way of getting into the router short of resetting it, as his dad would notice that? i was thinking Cain & Abel could be used if we could con J's dad into logging into the router.

Any suggestions would be greatly appreciated.

P.S. J's dad uses a laptop running windows 200 and get this: It has Tight VNC installed. Maybe that will help.

Thanks

Link to comment
Share on other sites
barrytone Newbie

barrytone

Posted
Posted

If it get's administered regularly via telnet, or unencrypted http, Cain would do the trick nicely. Just set up the ARP poisoning and leave it running for a while.

Cain's sniffer willl pick up HTTP passwords by default, and does have a telnet sniffer, but you'll have to look through the telnet log manually to find the password. You might want to set Ethereal or something simaler running with a filter of the access point's IP. Just to make sure.

Link to comment
Share on other sites
SonicvanaJr Newbie

SonicvanaJr

Posted
Posted
If it get's administered regularly via telnet, or unencrypted http, Cain would do the trick nicely. Just set up the ARP poisoning and leave it running for a while.

Cain's sniffer willl pick up HTTP passwords by default, and does have a telnet sniffer, but you'll have to look through the telnet log manually to find the password. You might want to set Ethereal or something simaler running with a filter of the access point's IP. Just to make sure.

Yeah the hard part is when you have some n00b users who never go into their routers admin console :?

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted

Sparda (the master of social enginering) has a plan :D

Throw technical gargen at him in to scaring him into thinking that he needs to make sure that he needs to login and check the settings of the router. Give examples of what can happen if it's not set up properly.

Link to comment
Share on other sites
cmp79 Newbie

cmp79

Posted
Posted

Get access to the router hard reset it. This should down internet access to the router if it is DSL. IF you have cable then log in and disable DHCP from the network. Make sure you enable wireless connections. Remember to make sure that you leave the user name and password the default for the router. Now go and trip the breaker for that area of the house make sure you do not get caught. This will cause dad to need to log into the router to set up the password. He will assume that the router loss the setting do to the breaker trip be thankful that it is still good and just reset it up. Now what you want to do is set up Cain & Abel to sniff the new password while he makes it. That is what I would do.

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted
Get access to the router hard reset it. This should down internet access to the router if it is DSL. IF you have cable then log in and disable DHCP from the network. Make sure you enable wireless connections. Remember to make sure that you leave the user name and password the default for the router. Now go and trip the breaker for that area of the house make sure you do not get caught. This will cause dad to need to log into the router to set up the password. He will assume that the router loss the setting do to the breaker trip be thankful that it is still good and just reset it up. Now what you want to do is set up Cain & Abel to sniff the new password while he makes it. That is what I would do.

Thats not such a good idea... it would probably work... but it would cause a high level of suspision... and what if the guy knows that flash memory remeber things even when it doesn't have power?

Link to comment
Share on other sites
cmp79 Newbie

cmp79

Posted
Posted
Get access to the router hard reset it. This should down internet access to the router if it is DSL. IF you have cable then log in and disable DHCP from the network. Make sure you enable wireless connections. Remember to make sure that you leave the user name and password the default for the router. Now go and trip the breaker for that area of the house make sure you do not get caught. This will cause dad to need to log into the router to set up the password. He will assume that the router loss the setting do to the breaker trip be thankful that it is still good and just reset it up. Now what you want to do is set up Cain & Abel to sniff the new password while he makes it. That is what I would do.

Thats not such a good idea... it would probably work... but it would cause a high level of suspision... and what if the guy knows that flash memory remeber things even when it doesn't have power?

I understand you point and agree with you there will be some suspision. That is why I suggested throwing the breaker. Having a breaker trip usually means there was some type of power fault that went though that area of the house. This may leave him to feel that the loss of the config was due to the same thing that caused the breaker to trip not necessarily the power loss.

Link to comment
Share on other sites
comcipher Newbie

comcipher

Posted
Posted

Most of this discussion relies on sniffing the password as he enters it into the router. Even if you captured the traffic, it wouldn't be of any use. Most all modern routers use encryption (https) when you go to login to them. If it's correctly implemented you'll have a hell of a time decrypting it. Best bet is either brute force or put a key logger on his pc to snatch the password, and use social engineering to get him to login to it.

Link to comment
Share on other sites
mazmac24 Newbie

mazmac24

Posted
Posted
My friend, I shall call him J, has one of the Dlink Xtreme G routers (I think that it is a DI-624.) Well, anyways, J is 17 and his dad doesn't want him to have wirelesss internet in his room, but his mom got him a trendnet usb NIC and J uses that.

Thanks

That's exactly what I do. I got mysefp a d-ling wireless g d-132 off tigerdirect using the wireless network my dad has. Except when he unplugs, im also unpluged :cry: :(

Link to comment
Share on other sites
PoyBoy Newbie

PoyBoy

Posted
  • Author
Posted

I looked into the brutus thing and want to get the cracklib library. Unfortunately, Firefox and IE (last resort) froze up when trying to select and copy the wordlist. Does anyone know where the list is downloadable, preferably in a form brutus can handle?

Link to comment
Share on other sites
SonicvanaJr Newbie

SonicvanaJr

Posted
Posted

The method I used requires you to have a wireless card you can put into monitor mode. Atheros or Prism based, and another wireless card or LAN Connection. Then using aircrack-ng you send deauth packets to the wireless clients which cause them to keep disconnecting from the network

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...