Most of the routers used either in homes and offices left as they came with their default settings. Most importantly people often don't change username and password because they think all they need to secure their network is to change WPA passphrase and set the security to
WPA-2 maximum which is a totally wrong concept.
What are Routers?(Acc. To Wikipedia)
👉 Routers are intelligent devices that utilize algorithms to define the best route for the transmission of data. For more on Router:
Many Vendors are still producing these devices with default username/passwords. However many famous companies now configured their routers to set up a new password on its initial start and some companies put a randomly generated passcode at the back of device on a white sticker. But the actual fact is thousands of these devices are still vulnerable.
Routers are the part of the Internet. Hence, they can be scanned just like any other device which has an IP address or connected to the Internet. All you have to do is to put a scan range in your port scanner and find a vulnerable device with port 80 left opened. I'll use NMAP port scanner. Because NMAP likely provides the best results as compared to other scanners. Also, it is a hacker-friendly tool. Let's see the practical way.
METHOD
- Download NMAP
- Generate an IP Range or You can use Shodan
- Scan Your Target with a port scanner
- Login to Router
STEP 1
DOWNLOAD AND START NMAP
Download and Install NMAP from official website:
NMAP. NMAP stands for network mapper and comes with various scan techniques including stealth scan and Connectionless scan.
If you are using Kali, NMAP is already installed. You can start it from Applications -> Vulnerability Analysis -> nmap . We will use Zenmap, the graphical interface of nmap. After starting, its first look will be this:
STEP 2
SCAN FOR A TARGET
Now you can select your own range for scanning or you can generate one from browserling . Enter the range and click Generate.
If i say personally, this could take a lot of time to find out routers with open ports. You can use
shodan search engine. If you are not familiar with shodan. I encourage you to read this first:
Shodan link here
STEP 3
SCAN THE TARGETS
Open Zenmap and scan the targets. Enter the range in the target field with this format:
e.g. 244.137.150.10-233
Now Note down those IP addresses that have port 80 opened. These are the routers which we can access from our browser.
STEP 4
LOG IN
Open your favorite browser and type the IP address in the Omni and press [Enter]. After some time, you will see the router login page. Try the default credentials from the Vendor. In 60% cases, default credentials are used Or you can Crack the password with dictionary attack through Hydra. These are some of the Vendors with Router default username/password:
Dlink : admin/[blank]
Netgear: admin/password
Linksys : admin/admin
Tp-Link : admin/admin
Belkin: [blank]/[blank]
With a bit knowledge of default passwords, hacker could able to login to admin settings.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.