Easy access to company master router control permission note

Easy access to company master router control permission note

Let's talk about the background first.

The company where the blogger is located is an advertising company, which was recently relocated. In order to save costs, I pulled a 50 m Unicom optical fiber. As for stability and other bloggers, I will not comment on it. In fact, the Internet is still very good. Generally, the company has about 80 machines online. In addition, the company mainly focuses on businesses and communicates with customers through emails. Therefore, many attachments need to be uploaded and downloaded every day. In addition, sales basically do not have any security awareness, and are often hit by phishing emails. There are various strange Trojans and viruses on the computer. The company's design department needs to download a large number of material files every day, which are all large PSD files. The key is that there is no reasonable CIDR Block division between departments and they are working in the same CIDR block.

This network environment directly leads to frequent ARP attacks and extremely powerful network cards. Therefore, the network management has deployed a traffic control system to control traffic and prevent P2P uploads and downloads.

In fact, I still can understand this practice. After all, the network bandwidth is limited. However, what makes the blogger uncomfortable is that streaming media is disabled. If you say that watching videos will affect the speed of the network, I will endure it, but it is hard for the bloggers to understand it. Writing a program originally requires a relatively closed environment. Since the company has limited conditions, I can understand that I have been arranged to work with sales and business personnel, it's a big deal to bring on your earphones and make a little louder. You can imagine that a group of sales staff keep talking, and the phone will ring for a while. What else do you think about writing programs and listening to them chatting.

At the beginning, the blogger insisted on downloading music from home to mp3 every day and bringing it to the company. After the bloggers moved, broadband migration was not so fast, and the music had been circulating for a week, but it was too greasy. I wonder if I can modify the company's route settings myself.

If you do what you need, the blogger's own office machine is kali linux (the blogger is not secure, and the blogger is a front-end dog, just used to Linux ). First, my idea is to solve the most direct web Management of routers.

Bettercap sniffers some of the above artifacts, the results are too dynamic, the company network is too slow, and no useful information is obtained, discard it. If not, try another method.

So I plan to scan port 80. As a result, we opened masscan. Of course, using masscan here is really a small use. The blogger refused at the beginning, but because of the vulnerability that had been scanned by masscan a few days ago, it was easy. However, it's so easy to beat it. The -- rate parameter is directly set to 20 W. Then... the IP address is blocked.

Alas, you can't eat hot tofu in a hurry. No, the company didn't bind a MAC. I changed the MAC to get the IP address again. In order to prevent being blocked again, the blogger opened the xp Virtual Machine and the bridge Nic offered the iisputplugin. Directly scan the current segment and then scan port 80. In a short time, we will scan several IP addresses that are open to 80.

Open one by one and find that there is no Router web, depressing.

Speaking of the time later, the blogger's mind was shining. Generally, traffic control routes have ssh remote logon management. Continue to scan port 22

Intuition tells me that this is a router. I want to log on via ssh.

1 2 root @ kali :~ # Ssh 192.168.65.2 Password for root @ panabit:

Sure enough, you only need to enter the password. What is the password? The omnipotent Internet tells me that the default password is panaos.

Logging On directly to bingo

Good luck. By the way, the blogger found the relevant information of the panabit traffic control system and found that the web management password can be obtained directly after logging on via ssh.

Haha, the blogger laughed three times. By the way, panabit is actually a FreeBSD-based software. So after logging in through ssh, it will be the same as operating Linux. Follow the instructions on the Internet to directly obtain the web management password.

The password is located:

/Usr/panabit/admin/. htpasswd (BSD8.0)

/Usr/system/admin/. htpasswd (BSD9.2)

Direct cat.

1 2 3 4 5 panaos # cat/usr/system/admin/. htpasswd admin: hackedbykali guest: guest pppoeman: panabit panaos #

After obtaining the password, you can directly manage it on the web.

Now the question is, where is the web? I just discovered that the IP address of the router is 192.168.65.2, and the web address should be the same. What's strange is that the IP address was not scanned during the scan of 80.

No, try to access 80 of 192.168.65.2 directly. Inaccessible. No.

At this time, the blogger suddenly remembered that it was necessary to use https when looking for panabit materials, so it was feasible to Use https. View the web interface

 

Okay, use the user name and password obtained above to log on directly, and disable the streaming media restrictions.

Of course, in order to facilitate access to the latest password, the blogger directly adds a password-free logon over ssh, which is deeply rooted in the power and name.