Thursday 7 April 2011

Simple Router Bypassing

This tutorial is going to explain how to gain access to a live router and what can be done to help prevent such access. The only tools you'll need for this will be an IP scanner; for this tutorial I'm using Angry Ip Scanner as it does exactly what I need and the GUI helps speed up the process a little bit but use what your comfortable with! This tool can be found at: http://www.angryip.org/w/Download

For this kind of hack you need a starting address which I usually use as my own so head to http://www.whatismyip.com/ and copy your IP address. Then load up your scanner and scan in the range from this address to this address but changing one of the octets to a different number. Perhaps start with changing the fourth and working your way down if your results show no alive hosts after each search. It is important to note here that you only want hosts that have port 80 or 8080 open. In Angry IP Scanner you can do this by going to Options -> Select Ports... -> and adding the two ports.

This would be a good point for an explanation on why we're doing this and kills some time whilst you're waiting for your search to finish. Every router has a web interface which is login secured that admins can use to alter the settings; hence why we're scanning ports 80 and 8080. Although other ports can be used for http these are the most common among average users. This is what we're trying to access and enter.

Once you've found an alive host copy the IP address and paste it to the address bar in your browser. There are times when the connection may timeout or get actively refused so just skip onto your next alive host. When you finally get a host that responds you should get taken to either a web page with a login area or be prompted to login straight away. This is where a bit of common sense is needed. Somewhere on the page you are visiting should be some form of information regarding the type of router. A simple Google of the product name or manufacture and keywords such as "router", "default" etc should reveal the vital information you need. For example, the first page returned whilst searching "netgear default router password" is: http://kb.netgear.com/app/answers/detail/a_id/1148/~/default-password-for-netgear-devices

And within the first couple of lines we are told that the default username and password are "admin" and "password" respectively; "1234" as the password on older models. Inputting this data into the fields should give you access to the router, however this is not guaranteed as all of this is based on the possiblilty that the owner of this router is not a techy.

There are two main reasons that this hack is possible:
  • Product manufactures who are supplying equipment that will be used in almost every home are relying on the user themselves to deal with security issues.
  • Most product manufactures are using defaults therefore users are not prompted to changed the username/password straight away and so are not aware that such a problem exists.
Some simple precautions that can be taken to prevent this kind of unauthorized access:
  •   Change the defaults when setting up your router initially to a username/password that you can easily remember and that is not common.
  • Enable MAC address filtering so that only computers who have been cleared to use the device are able to access the web interface. It must also be noted that this is not a complete prevention and there are ways around MAC address filtering but it is outside the scope of this tutorial to explain them.

2 comments: