Hacking broadband on Linux

cool_penguin_smallPrerequisites

1. To check my actual network IP address: http://www.whatismyip.com
2. A dictionary of common router passwords: http://www.routerpasswords.com
3. nmap and whois tools available in Linux. [Try “nmap –help” for quick description of the switches available. whois is self-explanatory.]

Procedure

If users do not take necessary precautions, it’s too easy to reach the router settings of broadband users.

First I checked my actual IP address @ http://www.whatismyip.com
I found that it is 117.192.11.xxx

So I ran nmap on this range on port 80:

$ nmap 117.192.11.1-255 -p80 > scanres

I opened the file scanres in vi and searched for “open”. I found the following entries:

portscan_comp

In order to check some more information like who the IP belongs to, I used:

$ whois 117.192.11.xxx

Now I have got a vulnerable IP with port 80 open. I tried opening it in Firefox and it asked for the username and pwd:

auth_comp

I tried out default usernames and pwds for some common routers in India from www.routerpasswords.com and I could hack into the router in 4/5 tries. [Sometimes the authentication string shows the make of the router. For example TD-W8901G means a TP-Link router, IB-xxxxx means an IBall router. Some manufacturers must be real dumb to do it!] I entered the Interface Setup and could find the PPPoE username. And an 8-dot password almost always means “password”. As users have no way of changing it, the “password” is as good as hard-coded.

router-page_comp

Finding a weak router will take around 40 seconds for a seasoned hacker who will reduce the IP range +/-25 his own IP as the nmap scan range.

DISCLAIMER: THIS IS STRICTLY A DEMONSTRATION OF ETHICAL HACKING AND TO ALERT PEOPLE SO THEY CAN GUARD THEMSELVES AGAINST SUCH VULNERABILITIES. PLEASE DO NOT USE THIS INFORMATION FOR DATA THEFT. THAT’S NOT MY INTENTION.