How to Use PPPOE authentication to obtain the bandwidth account and password in the router, pppoe Router

How to Use PPPOE authentication to obtain the bandwidth account and password in the router, pppoe Router

Preface

When I got home, I bought a polar route to replace the old Alibaba router at home. I want to go to the backend and check the bandwidth account and password. Why ??? What is the background password ???

I am immersed in meditation. The routers in my home are generally pppoe dialing, and after the routers negotiate the authentication method with the pppoe authentication server through LCP, it is very likely that the broadband account and password will be transmitted in plaintext, can we set up a pppoe authentication server locally and connect the wan port of the router to the local Nic? Can wireshark capture the bandwidth account password? Just do what you say.

How pppoe works

The PPPoE protocol workflow consists of two phases: discovery and session. The discovery phase is stateless to obtain the Ethernet MAC address of the PPPoE end (on the local ADSL device, create a unique PPPoE SESSION-ID. After the discovery stage ends, it enters the standard PPP session stage.

When a host wants to start a PPPoE SESSION, it must first perform the discovery phase to identify the local Ethernet MAC address and create a PPPoE SESSION-ID. In the discovery phase, the host can discover Multiple Access Concentrator based on the network topology, and then allow the user to select one. When the discovery phase is completed successfully, both the host and the selected Access Concentrator have their information for establishing PPP connections over Ethernet. Until the PPP session is established, the discovery phase keeps the stateless Client/Server (customer/Server) mode. Once a PPP session is established, both the host and the Access Concentrator must allocate resources to the PPP Virtual Interface.

Key Authentication phase:

Both parties pass the LCP authentication method. If the authentication is successful, the network-layer IPCP negotiation can be conducted. The authentication process is completed after the link negotiation LCP ends. In this case, you can capture the bandwidth account password.

Build pppoe authentication server on Router OS

Use RouterOS to implement the functions of the PPPOE server. Download the ios image and install it on the vmwarevm.

Of course, you can also use Ubuntu or windows.

Vmware Configuration

The most important step in the installation process is to change the network connection mode to the Bridge Mode.

Because we use the wan port of the router to connect to a computer with a limited network card, we set the bridging network card as a wired network card in the virtual network editor.

Install the PPPOE Authentication Server

Start the VM and install the pppoe server. Select system and ppp with spaces. Press I to enter the installation process. Select y for all the following options.

After the account is restarted, the admin password is blank and you can log on to the system,

Configure PPPOE Server

Run the following command to configure the PPPOE Server:

/Interface pppoe-server add interface = ether1 service-name = Fake-PPPoE-Server authentication = pap

/Interface pppoe-server enable 0

Get PPPOE account password

Use wireshark to monitor local connections, plug the wan port network cable of the dial-up router into the network port of the computer, disconnect the route power supply, and re-plug the power supply. wireshark will capture the entire PPPOE authentication process, find the Authenticate-Request in the ppp pap protocol, which is the bandwidth account password, transmitted in plaintext.