eternaltruth Posted August 26, 2014 Share Posted August 26, 2014 We have a belkin router in our hostel. But someone does Mac address filtering and all people from using WiFi. Is there any way to crack the password of login interface to remove the Mac filtering? P.S- I don't want to use reset button on router. Link to comment Share on other sites More sharing options...
Sitwon Posted August 26, 2014 Share Posted August 26, 2014 (edited) 1. Try the default password. Often people don't change the password.2. Try other common passwords. Often people pick really terrible or obvious passwords. 3. Brute-force the login page. Most router web interfaces have very weak protections against brute-force login attacks.Edit:4. Bypass the router by replacing it with a new one, or just plugging a new one in to an unfiltered LAN port and using that to provide unfiltered WiFi. Edited August 26, 2014 by Sitwon Link to comment Share on other sites More sharing options...
cooper Posted August 26, 2014 Share Posted August 26, 2014 Did you try chatting up the girl behind the desk? You'd be amazed what's possible with a bit of TLC. Link to comment Share on other sites More sharing options...
eternaltruth Posted August 26, 2014 Author Share Posted August 26, 2014 Thanks Shitwon. Which software would you recommend for brute-force? Windows, Linux anything. Is there any other way to crack password? Link to comment Share on other sites More sharing options...
triphazard Posted August 28, 2014 Share Posted August 28, 2014 There is no need to start bruteforcing yet....have you checked for vulnerabilities for that model/version/firmware? I mean....accepting unauthenticated commands, password disclosure, etc...Before I go too far into this, why are you trying to get onto a network with mac address filtering? And why don't you want to reset it? Link to comment Share on other sites More sharing options...
eternaltruth Posted August 28, 2014 Author Share Posted August 28, 2014 Some people enable Mac filtering which they are unauthorized to do. And hostel owner do not understand anything about router. If I reset, they will again reset the router as their room is close by to router. Link to comment Share on other sites More sharing options...
Mr-Protocol Posted August 28, 2014 Share Posted August 28, 2014 This isn't exactly legal breaking into a system you do not own. Link to comment Share on other sites More sharing options...
eternaltruth Posted August 28, 2014 Author Share Posted August 28, 2014 Yes. But I am doing this because the hostel owner himself told me to do so. Link to comment Share on other sites More sharing options...
Mr-Protocol Posted August 28, 2014 Share Posted August 28, 2014 Then he should have the password, or be able to compel the person managing it to make the change. Or just do the reset button as previously mentioned. There is one other way, but it would include taking apart the router, mapping the Serial TTL taps, soldering up some wires, and getting the password from NVRAM. Link to comment Share on other sites More sharing options...
hwally Posted September 21, 2014 Share Posted September 21, 2014 Seems strange that the owner would want you to hack the router. Like Mr Protocol says: have him give you the password. Why the reluctance to reset the router? Link to comment Share on other sites More sharing options...
hwally Posted September 21, 2014 Share Posted September 21, 2014 If you reset the router you could put in a very difficult password which would, at least, slow down the Mac filter troll. Do you know any martial arts? Link to comment Share on other sites More sharing options...
3mrgnc3 Posted September 23, 2014 Share Posted September 23, 2014 If this Troll is repeatedly going in and configuring mac filtering following each reset. I assume they are the only ones that have the administration password for some reason. Or, are able to break in each time themselves. (Following resets the default administration password is being changed to a complex one right?) Failing the above, you could leave airodump-ng running on a device close to the AP on the same channel and with the bssid options set and write it to troll.cap. Then as soon as the filtering is re-enabled you should have captured whatever the troll does, and any other passwords they have used. They it's just a case of looking through the file in wires hark to find the http login info for the Web interface of the router. Peace. Link to comment Share on other sites More sharing options...
eternaltruth Posted September 23, 2014 Author Share Posted September 23, 2014 There. That's what I wanted. Thanks 3mrgnc3 Link to comment Share on other sites More sharing options...
3mrgnc3 Posted September 23, 2014 Share Posted September 23, 2014 Your welcome feel free to give me a plus 1 ? Link to comment Share on other sites More sharing options...
musketteams Posted November 15, 2014 Share Posted November 15, 2014 1. If you know the mac address that is being filtered just spoof your mac to that address. 2. If you do not know the address try using mdk3 f to brute force the mac(even author says it only works on some routers) 3. Monitor the AP with airodump-ng and see what mac has access then spoof your mac to that address 4. Try loging onto the router with the default password. 5 If the router is TP-Link there may be a rom-0 backdoor. Go to kali linux forums search TP-LINK routers the thread and how is there.. 6. Brute force the user/password pair with hydra If you get to many false positives then 5. Use Burpsuite. Try and find the pro version. Link to comment Share on other sites More sharing options...
seniorkoa Posted February 9, 2015 Share Posted February 9, 2015 Please thanks for this post. may God bless you. my problem is that if someone is able to login to the routers admin control panel remotely can that person who has no physical access nor no wireless link to the router use the internet from the router remotely? Please if possible, by what means. Thanks for your respose. Link to comment Share on other sites More sharing options...
digip Posted February 10, 2015 Share Posted February 10, 2015 Please thanks for this post. may God bless you. my problem is that if someone is able to login to the routers admin control panel remotely can that person who has no physical access nor no wireless link to the router use the internet from the router remotely? Please if possible, by what means. Thanks for your respose. way to bring a thread back from the dead...(looks at calender, Walking Dead new season was past Sunday? Needs to go find episode..) If the router is setup properly, remote administration should be disabled. That said, many routers ship with administration enabled for both lan and wan, which if they didn't change the password, there are plenty of default router password sites that would allow someone to try and login remotely. If remote login is disabled, then a DNS rebinding attack or some other manner of attack would need to be done to get a user behind the router to click a malicious link, giving you access inside their network. In any case, without permission, logging into a router you don't own is more than likely breaking the law depending on where you live, but yes, it can be done, depending on how the router it setup or if design flaws exist which there are many that are still vulnerable to attack even if changing passwords and disabling wan administration. Google first, ask questions if you need something explained in detail and send links to what you're reading for reference. It helps us to explain what you are trying to understand. Link to comment Share on other sites More sharing options...
officialxian Posted February 10, 2015 Share Posted February 10, 2015 Whelp since it was bumped today anyways, I may as well ask my question here. I have an Arris router that doesn't use BASIC for authentication, how can I hack the password? I know it's a simple word, or words, I just can't recall it and would rather not go through setting up the router again. Are there any known Arris security flaws? Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 10, 2015 Share Posted February 10, 2015 This thread is not for "How to hack a router". Read any suggested replies. Laziness is no excuse (lame one at that) to not just reset the router and re configure. Locked. Link to comment Share on other sites More sharing options...
Recommended Posts