Saturday, November 28, 2015

Hacking Router & other Web Forms.

Brute Force Attack on Password.

we have a user name, for example: admin ... then we try each of character combinations as a password using automated script (program).

for example:

user: admin password: 1 -- login fail
user: admin password: 2 -- login fail

... (many login attempts) ...

user: admin password: Z -- login fail
user: admin password: Z1 -- login fail
user: admin password: Z2 -- login fail

... (many login attempts) ...

user: admin password: T3h_s3cr3t -- login success.


Dictionary Attack on Password.

we have a user name, we have a dictionary of 'words' (character combinations), then we try each of the 'words' alone or concatenated (joined, glued together) into a longer password. again we use automation tool as script for example.

opinions vary whether a dictionary attack helps to crack passwords truly, but it has uses nevertheless.

often it's better to start with a dictionary, before trying brute force or other methods later.

all information we have about an individual we are trying to compromise is useful here, for forming a proper dictionary.

for a simplified example:

username: admin,
dictionary: 007, bond, eye, gold, golden, pistol, gun, beach, surf, cat, icecream, shake, martini, lemon, stir, _.

after using script we'd have following dictionary attack:

user: admin, password: 007 -- login fail
user: admin, password: bond -- login fail

... (many login attempts) ...

user: admin, password: 007007 -- login fail
user: admin, password: 007bond -- login fail
user: admin, password: 007eye -- login fail

... (many login attempts) ...

user: admin, password: 007_007 -- login fail
user: admin, password: 007_bond -- login success.


Hacking Router.

... tried this with my router (TL WR740N), with a success.


   

Attack on Router's Password with Brutus Software.




Words List,
a 'Dictionary' file.




Attack on Router's Password with THC-Hydra Software.


   

Login Success.



Other Use Cases.

perhaps this can be used with web applications as well, didn't have time to check this properly as of yet - but my Computer Sciences knowledge tells me that this can be done, not sure if with this versions of software ... if protections such as 'Captcha' won't interfere.

i read that THC-Hydra at least can be used to attack other protocols/software as the SSH for example.

there are protections as well,

there are other similar tools as well.


Hacking Tools' writing urge.

... something tells me i should learn HTTP, Telnet, SSL/TLS & SSH protocols properly, then write a tool similar to Brutus & Hydra.

it's best to know Your hacking tools, to write them from scratch, i think.


Router Firmware Upgrade.




The Router's Firmware Upgrade is possible.



this can be done as is seen on a image above,

there's the danger of turning a router into a spy-tool.

... a lot of low-level programming knowledge & effort is neccessary, i think ...

... probably certain hackers did that already, however, i think.

No comments:

Post a Comment