What can a router do after it is rubbed against the net?

in today's network era, rub net believe many friends are not unfamiliar. But have you ever thought of such a problem: routers are hackers rub the net, the user will have what harm? Will he threaten the owner, or will he be able to hack me? or the router is connected by a malicious stranger, what can they do? Today we are going to talk about what the router is rubbed against the network, after being rubbed against the net, What can hackers do?

What is the harm of the router being rubbed against the net?

A lot of people's gossip heart is still very strong, strong enough to let people fear. So many people like to read gossip articles, such as: How to look at others in a graceful way? Usually such articles are easy to fire up, because many people like to see and never tire of watching.

The recent routing security uproar, routers are rubbed on the net, what can hackers do? In order to satisfy the people's desire, I wrote a story, the following everyone carefully pondering over the net, we can do something?

Statement: This is a fictional story, the pictures are all evil mosaic.

Memory next door is a pretty good sister, that day Z came to me when happened to meet, came into the house and ran to my ear and said: "Next door that sister you can not to the micro-letter, I think it is very good ~ ~" So three vulgar scene unexpectedly happened to my side, I said two days I give you news.

First, the entrance

Since it is the young people living next door, the inevitable is the router, so I intend to start this journey from the router as a portal, the WiFi opened after the discovery of three signals, I first choose this name is very unique route: * * Love * *

Wifi

According to the name * * Love * * can probably see two names, should be boyfriend, think of this heart for z June cool half.

Find the location of the other side of the entrance to say it, turn out the MINIDWEP (a Linux cracked wifi password tool) to import some password dictionary, start blasting. Because the other side uses the WPA2 encryption method, therefore only uses the brute force to break the way to enter, the WEP can now directly crack the password, therefore the crack WPA2 encryption Way's route basically depends on the hacker hand dictionary size.

After a cup of coffee came back, found that the password has been out: 198707**, so happy to join in.

Rub Net

Second, difficulties

After successfully connecting to the other route, all I need to do is connect the routed Web management interface (you can then tamper with routing DNS, view DHCP client connection devices, and various features after entering the Web routing management Interface).

Crack password

After viewing the network segment began to access the router Web management interface, found that the goddess unexpectedly clever modified the default login account password.

Router Login Interface

Tp-link w89841n, by routing device vulnerabilities into failure, it must be only the use of violence aesthetics.

By crawling the login router request, and then traversing the account password send request to see the return packet size to determine whether the login success, caught GET request as follows:

Router password cracking

Where: Authorization:basic ywrtaw46ywrtaw4= for logged in account password

Use Base64 to decrypt open view content: Admin:admin

So I wrote a Python script that combines the password in the dictionary with "admin:" and then base64 and encrypts it. The 11-point bell rang and found that the password had been successfully exploded and successfully logged in:

Router Setup Interface

View the list of device connections and find that only a lone self, it seems, the goddess has already rested, waiting for the time.

Third, the opportunity

The next day after dinner, login to the routing management interface, there are already several devices, the time has come:

Client Name

android-b459ce5294bd721f

android-44688379be6b9139

Iphone

-ipad

-pc

I counted the equipment for two Android devices, an iphone, an ipad, and a personal PC.

From the name of IPHONEIPADPC, I began to speculate is true, * * is indeed the name of the route owner, intuition tells me very large possible this route is the owner of Z's favorite goddess.

First Test two Taian equipment, found that one of the open port a lot of faint feeling is a millet box or Baidu Shadow stick this product, so things become interesting, because the control of television can have the opportunity.

Using ARP to sniff an Android open port for more devices, it sure is a movie box:

Finally, the basics: Television use of video boxes, Iphone,ipad and a personal computer.