So I'll spare you the long backstory, but I've been blocked out of my own router.
The blocking is through the parental controls which makes me laugh since I'm a university student staying at home.
What I'd like to know how to do, is to hack into my router to disable parental controls at will. I have a live USB with Kali for my laptop. I'm not too experienced with Kali so I'm not sure what to do.
The other option I've thought is using the Keystroke Sniffer from the Security Oriented C tutorials and hoping I get lucky. I just don't want anti malware to detect anything.
The router is a Linksys EA4500 Smart Router. It has "Smart-WiFi" that has a login with a router password. Somewhere I feel the password is stored but I don't know where or how to really find it. From what I can gather, it's not stored directly on the desktop computer connected directly to the network. The issue is not the Wi-Fi password, but the router password to access the router settings. I'm basically trying to "recover" the router password rather than reset it since I don't want to tip anyone off.
Any help at all would be nice.
P.S. I'm writing this from phone so I'll upload pictures at a later date.
5 Responses
If it's a password you're trying to get then you could just brute-force it. I don't know enough on this to help you though.
That's what I've been trying to do. I've been trying to use JTR, Reaver, and Hydra. The issue is that they all try to use a wordlist, and a username. My router uses it's "Smart Wi-Fi" so the login page is actually found at http://192.168.1.1/ui/1.0.99.162351/dynamic/login.html rather than just straight up 192.168.1.1
This is making it hard for me to figure out how to brute force. Any ideas?
I've been doing some more experimenting with THC Hydra, but the issue I'm currently having is being unable to find and be able to pass the failed login message back to Hydra. I understand that I can use BurpSuite for this (there's a tutorial here on Null Byte), but my browser cannot connect to the login page with BurpSuite running. I think it may be because I have to install the CA Certification into Iceweasel for BurpSuite but I am unable to do that since burp.com isn't up anymore. I'll keep trying to figure it out, but if anyone finds anything, or happens to have their own Linksys Smart-Wifi Router.
Update on this: After messing around, since Hydra always wants a username, I tried the "online" login option rather than strictly the offline version which only wanted a router password. This time, I actually got back a response from the server which I feel I can pass to Hydra, but what I got looks like this:
{"session":{"account":{"username":"<username here>","password":"<password here>"}}}
I'm not sure how exactly to pass the brackets ({ }) as well as the extra quotation (" ") marks and colon( : ). If someone familiar with Hydra could inform me for this, I'd appreciate it.
Waiting for a solution too..Keep Working..!!
Share Your Thoughts