Forum Thread: Router Login Page Hack

Hi,

I am trying to get access to a router login page without user name and password, I know the method of bruteforcing by Hydra but it is too time taking. So, I goggled and found to hack it by deleting a certain HTML part, but I am confused. I don't know which part of HTML I have to remove as I don't have enough command. So can you help me. I will be grateful.

Below is the HTML.

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Hack login page</title>
<script src="util.js"></script>
<style>
body { margin:0px; padding:0px; font:12px/2 tahoma,arial,"Times New Roman"; color:#000; }
#login{ margin-top:100px;}
table {border-collapse: collapse;border-spacing: 0; background-color:#eee;}
.ct_text { width:160px; border:1px #87a6c3 solid; background:#fff; }
.buttonX { width:60px; padding:5px; border: 1px solid #BACFEB; background-color: #CADAF4; cursor:pointer;}

.buttonX_over { width:60px; padding:5px; color: #fff; border: 1px solid #90B1DF; background-color: #A3C0E8; cursor:pointer; }

.masthead .brand { float: left; width: 980px; height: 90px; background: url(logo.gif) no-repeat 0 0; }

.main-content {width: 700px; margin: 0px auto 0; padding: 2px 26px 0 20px; background-color: #f2f2f2; position:relative; top: 30px; }

.masthead {
background: url(logoright.gif) repeat-x;
top: 0;
right: 0;
left: 0;
height: 90px;
min-width: 1000px;
z-index: 1000;
}
.container {
width:980px;
margin-right: auto;
margin-left: 0;
/ For ie7 /
*zoom: 1;
}
</style>
<script>
var SessionKey = '211370081';
window.onload = function (s) {
var cooks = document.cookie,
cookArr = cooks != "" ? document.cookie.split("; ") : ,
i = 0, temp;
if (top.window != window) {
top.location.href = "login.html";
}
document.forms1.user.focus();
for (; i < cookArr.length; i++) {
CookieUtil.unset(cookArri.split("=")0);
}
}

function onlogin() {
var doc = document,
obj = doc.forms0,
f = doc.forms1;

if (f.username.value == "") {
alert("Please enter username!");
return false;
}
obj.username.value = encodeURIComponent(encodeMD5(f.username.value));
obj.password.value = encodeURIComponent(encodeMD5(f.password.value));
obj.sessionKey.value = SessionKey;
obj.submit();
}

function myKeyDown(event) {
var key = event.keyCode || event.which;
if (key == 13) {
onlogin();
return true;
}
return false;
}
</script>
</head>
<body onKeyDown="myKeyDown(event)">
<div class="masthead">
<div class="container">
<a class="brand" href="#"></a>
<div class="easy-logo"></div>
</div>
</div>

<!--<div style="background-color:#ed7020; width:100%; height:85px; margin-bottom:100px"><img src="logo_corp.gif" style="width:314px; height:85px; float:left"></div>-->

<form method="POST" action="login.cgi" >
<input type="hidden" name="username">
<input type="hidden" name="password">
<input type="hidden" name="sessionKey">
</form>
<form id="login">
<table width="400" height="230" align="center">
<tr>

<td colspan="2" height="65" style="background-color:#C0D451; font-size:24px; color:#fff; padding-left:20px">Login</td>

</tr>
<tr>
<td width="35%" align="center">Username:</td>
<td><input type="text" name="username" id="username" class="ct_text" maxlength="55" autofocus/></td>
</tr>
<tr>
<td align="center">Password:</td>
<td><input type="password" name="password" id="password" class="ct_text" maxlength="88"/></td>
</tr>
<tr>

<td colspan="2" align="center"><input name="button" id="loginBtn" type="button" onClick="onlogin()" value="Login" class="buttonX" onMouseOver="this.className='buttonX_over';" onMouseOut="this.className='buttonX'"/>

<input class="buttonX" id="rewBtn" type="reset" value="Cancel" onMouseOver="this.className='buttonX_over';" onMouseOut="this.className='buttonX'"/></td>

</tr>
</table>
</form>
</body>
</html>

If you have any other ways then please tell me (except brute forcing).

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active