haicen Posted February 13, 2016 Share Posted February 13, 2016 I have a Belkin N150 router, which has a few known vulnerabilities. https://www.exploit-db.com/exploits/38840/ Based on the vulnerabilities listed, the best option seems to be the root telnet access. The method works, and a root shell is obtained. I am able to view directories and execute commands. The router itself runs a version of busybox. I understand everything up to this point, but I'm not sure where to go from here. I would like to be able to either obtain the admin page password or be able to reset the password to the default. I am at an utter loss as to how to accomplish this task. The admin web app relies heavily on javascript and a cgi-bin script. I think the cgi-bin script handles all of the authentication through a JSON string. My attempts to recover the password so far have been attempting to decompile the cgi-bin script using recstudio, but i can only get what looks like assembly code, which i can't read. I have also tried using hydra to brute force the password, but I can't seem to get the parameters correct. I don't know if hydra will even work on this web page since the http-get parameters are encoded in base64 and sent directly to the cgi script. I don't see any shell scripts or commands that could be used to reset the password via telnet. Any help or suggestions are very appreciated. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 14, 2016 Share Posted February 14, 2016 How about the reset button on the router? Quote Link to comment Share on other sites More sharing options...
cooper Posted February 15, 2016 Share Posted February 15, 2016 I don't quite understand what it is you're trying to achieve. You're root. Reset the password to something you want using passwd and be done with it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.