Obtain the ADSL account and password stored in the vro.

I tested it with my own vro yesterday and it was very practical. The main reason is that the PPPoE command for establishing Ros is a little longer.

I. Principles
ADSL users use the PAP protocol or CHAP protocol in the PPP protocol for identity authentication. Because the PAP protocol uses plaintext transmission of key information, the information-ADSL account and password can be obtained through monitoring. For more information about the PPP and PPPoE protocols, see other relevant documents.

II. General ideas
Establish a PPPoE server and use the PAP protocol for authentication. When the vro communicates with this server, it can listen and obtain the ADSL account and password stored in the vro.

Iii. Test process
1. Create a PPPoE Server
A combination of VMware Workstation (6.5.2) and RouterOS (3.20) allows you to quickly build a PPPoE server that meets the test requirements. The following is a diagram of some key steps:
Figure (1): Guest operating system (Other), Version (Other)


Figure (2): Network connection (Use bridged networking)


Figure (3): Host Virtual Network Mapping

This setting belongs to the global setting of VMware Workstation, which is in the main menu Edit-> Virtual Network Editor. VMnet0 is associated with the physical Nic because it is used to connect the WAN port of the router.
Figure (4): VMnet0 status. VMnet1 and VMnet8 are installed by default on VMware Workstation.


Figure (5): Virtual Machine Settings-> Hardware-> Network Adapter-> Network connection-> Custom: Specific virtual network (VMnet0)


This setting specifies the network adapter of the Virtual System (RouterOS) as VMnet0. In this way, the NIC in RouterOS will be associated with the physical Nic, as shown in figure (3.
In this interface, set the optical drive to directly specify the mikrotik-3.20.iso, By The Way to delete some useless hardware, such as: Sound Card, soft drive.
Figure (6): run the Virtual Machine and install RouterOS. Only system and ppp are installed. Press the arrow key to select a space.


Figure (7): Create a PPPoE Server


Enter RouterOS with the username admin and the password blank. Then run the following commands in sequence:

/Interface print
/Interface pppoe-server add interface = ether1 service-name = Fake-PPPoE-Server authentication = pap
/Interface pppoe-server print
/Interface pppoe-server enable 0
/Interface pppoe-server print

2. Use Wireshark to monitor the ADSL account and password
Figure (8): configure a vro

The WAN port connection type is PPPoE. Enter the Internet account and password. The connection mode is automatic connection. Purpose: After the vro is powered on, it will automatically connect to the PPPoE server to facilitate monitoring. After the configuration is complete, turn off the vro power.

Pop Note: This step can be omitted for password cracking, because vrouters that can access the Internet are all set up.

Connect the physical network card to the WAN port of the router using a network cable, run Wireshark, listen to the local physical network card, and then power on the router.
Figure (9): PPPoE Server-Fake-PPPoE-Server Found


Figure (10): ADSL account and password discovered



Iv. Related tips
1. If a remote router cannot establish a physical connection with its WAN port, you can save the configuration information by using the "backup and load configuration" function provided by some routers, find a vro with the same model, load the configuration file, and obtain the password.
2, pop found TP-link, D-Link seems to be a lot of can, but do not think that all the routers are like D-Link launched by the DI-504M, store the ADSL account and password in the configuration file in plain text. Therefore, whether the password can be obtained or not is lucky.

5. Download related software

RouterOS (3.20)
Http://www.mikrotik.com/download/mikrotik-3.20.iso

Wireshark (Ethereal) v1.1.3
Http://www.crsky.com/soft/5357.html