Gain hands-on experience in wireless route Password Attack and Defense

With the rapid development of network technology, more and more Routing Switching devices began to abandon the use of command line configuration interface and turn to the graphical settings interface. However, this transformation brings opportunities to intruders. Attacks and intrusions on the traditional command line interface are relatively difficult because the services and ports opened on the command line interface are limited, in the graphical interface, both logon and management modes are quite different from the command line interface. Next, I will introduce the attack and defense strategy of Route passwords from my own experience.

In this case, I used a wireless network to scan wireless signals in the current environment, after scanning, connect directly to the target network and crack the route password of the device. The Administrator account name and password of the target vro are found. I will list the entire process of this attack and share it with IT168 readers.

Step 1: Use the T400 notebook to scan wireless network signals in the current environment. If there are signals around and there is no encrypted verification, we can easily connect to the network. (1)

 

 

Step 2: of course, a good wireless network signal management tool can be provided for intruders to better scan the wireless signals around them and obtain the corresponding band from the scanned signals, select a wireless network with good signal and no encryption verification enabled for connection. (2)

Step 3: after connecting to the corresponding wireless network, you can use the ipconfig command in the command line window to view the IP address and other information obtained by the local system. After the execution, I found that my IP address is 192.168.1.102 and the gateway is 192.168.1.1. Then we can access the external network to test the speed, such as browsing www.it168.com to see if the page content can be displayed smoothly. (3)

Step 4: after obtaining the gateway address, we will know the management address of the destination network router. Then, if you access http: // 192.168.1.1 through the IE browser, you will see the router logon interface. From the access information, we can see that the model of the target device is wrt54g, which is published by linksys. (4)

Step 5: Next we will try to use the default Management username and password to log on. Generally, you can search for the wrt54g default password information from the Internet and use the default account admin or root for access, the password is also admin or root. You can also enter an empty password and common numbers 123,123456, 111111 to guess. If the recipient does not change the default password, we can smoothly enter the destination network router.

Step 6: Of course, the default account information of the router connected by the author has been modified by the user. In this case, we can only use the brute force method to crack and restore the password information. First, determine the user name. Generally, few users modify the Login User Name of the vro, so we only need to guess the password. In my experience, the user name is similar to admin and root, so we can lock the user name information.

Step 7: we can use a dedicated brute force password cracking tool to guess the actual password. The author uses webcracker 4.0 to guess the Logon account on the page. You only need to start the program and set the username file and username dictionary file used for brute-force cracking in the options. Select account information in the user name file. We can create a text file and save it with a user name in one line. For example

Admin

Root

Step 8: Similarly, the user name dictionary file is the password file, and each password field is one line. Enter the management address of the router to be cracked in the URL, for example, 192.168.1.1 in this example. After the setting is complete, click the start button on the top to crack the attack. (5)

 

 

Step 9: If no password dictionary is available, we can also use a dedicated dictionary generation tool to create corresponding files, for example, the author uses the MONSTER dictionary 3.0 to generate dictionary files with different digits and different contents based on actual needs. After the program is started, select the type of dictionary content to be generated on the left. For example, I guess the target router may use pure numbers. In fact, most users use pure numbers and passwords, in addition, the number of vro passwords is six. Therefore, we set the starting position of the number dictionary to 100000, the ending position to 999999, and the step size to 1. In this way, a dictionary file from 100000 is generated and handed to 999999 in sequence. (6)

 

Step 10: Click the generate button to generate a digital dictionary under the dictionary directory. Open the text file and we will see that the content in it is incremented from 100000 to 999999 in sequence, this is the dictionary file we need. (7)

 

Step 2: Use this dictionary to achieve brute-force cracking. If the target vro uses a pure number of passwords, the word FOUND appears during the brute-force cracking process, the user name and password found are displayed in the "result" tab. For example, in this example, the user name is admin and the password is 1XXX29. (8)

　

Step 2: After brute-force cracking, We can smoothly access the target network's wireless router with the user information and password, in this way, network setting parameters and even internet account information are stolen. Of course, this example only tells you how to do this. We should not use this method to do bad things. (9)

Summary

For vrouters with graphical interfaces, many users know that they should use brute-force cracking methods for intrusion. However, in actual use, it is difficult to find suitable brute-force cracking tools, the two software described in this article can help us solve the above problems. We can use the MONSTER dictionary 3.0 to generate a dictionary tool suitable for ourselves, and then use webcracker 4.0 to complete brute force cracking. Note that, in my personal experience, the wireless router user name is basically locked to the root and admin, and the corresponding password 80% or more is in the form of six pure numbers. All the related software mentioned in this Article will be delivered as an attachment. All software is a green version and does not need to be installed or written to the system directory.