Skip to main content

How to Hack an Ethernet ADSL Router

By
Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in the Default username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later.
This makes it possible for the attackers to gain unauthorized access to the router and modify its settings using a common set of default usernames and passwords. Here is how you can do it. Before you proceed, you need the following tool in the process:

Hacking the ADSL Router:

Here is a detailed information on how to exploit the vulnerability of an ADSL router:
  1. Go to whatismyipaddress.com. Once the page is loaded, you will find your IP address. Note it down.
  2. Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for.
    3. Suppose your IP is 117.192.195.101, you can set the range something as 117.192.194.0 to 117.192.200.255so that there exists at least 200-300 IP addresses in the range.
  3. Go to Tools->Preferences and select the Ports tab. Under Port selection enter 80 (we need to scan for port 80). Now switch to the Display tab, select the option “Hosts with open ports only” and click on OK.
    4. IP Scanner Settings
    I have used Angry IP Scanner v3.0 beta-4. If you are using a different version, you need to Go to Optionsinstead of Tools
  4. Now click on Start. After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image:
    5. Angry IP Scanner
  5. Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers the default username-passwordpair will be admin-admin or admin-password.
Just enter the username-password as specified above and hit enter. If you are lucky you should gain access to the router settings page where you can modify any of the router settings. The settings page can vary from router to router. A sample router settings page is shown below:
Router Settings Page Hacked!
If you do not succeed to gain access, select another IP from the list and repeat the step-5. At least 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.

What can a Hacker do by Gaining Access to the Router Settings?

By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or even hijack the DNS by pointing it at a rouge DNS server. If this happens, the victim will have to reconfigure/reset the router settings in order to bring it back to normal.

The Verdict:

If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack.
Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model.
Labels:

Comments

Post a Comment

share your thoughts ....

Popular posts from this blog

13 websites to register your free domain

By
Register your Free Domain Now!! 1)  .tk Dot TK is a FREE domain registry for websites on the Internet. It has exactly the same power as other domain extensions, but it’s free! Because it’s free, millions of others have been using .TK domains since 2001 – which makes .TK powerful and very recognizable.  Your website will be like www.yourdomainname.tk . It is free for 1 year. It’s a ccTLD domain whixh having the abbreviation  Tokelau. To create a .tk domain, Visit   www.dot.tk 2) co.cc Co.cc is completely free domain which is mostly used by blogspot bloggers because of it’s easy to use DNS system. Creating a co.cc for blogger is simple ( for instructions- “click here”). Your website will be like www.yourdomainname.co.cc . To create a .co.cc domain, visit www.co.cc 3)   co.nr co.nr is too like co.cc. Your website will be like  www.yourdomainname.co.nr . You can add it for blogger also.. To create a .co.cc domain, vi...
Post a Comment
Read more

How to Put Google Adsense Below Post Title in Blogger?

By
Adsense is used by majority of expert bloggers for their website monetization because it is a cookie based contextual advertising system that shows targeted ads relevant to the content and reader. As bloggers are paid on per click basis, they try various ad placements on the blog to  increase the revenue  and get maximum clicks on the ad units. Well, on some blogs, you might have seen Adsense ad units placed below the post title. Do you know why? It is because the area just below the post title gets the most exposure and is the best place to put AdSense ad units to increase  Click Through Rate (CTR). Even though ads below post title work like a charm but this doesn’t mean that it will work for you as well. If you want to find out the best AdSense ads placement for your blog, try experimenting by placing ads at various locations such as header, sidebar, footer, etc. You can try other  blog monetization methods  as well to effectively monetize y...
Post a Comment
Read more

Binary Search Tree in C++( dynamic memory based )

By
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 #include<bits/stdc++.h> using namespace std; struct bst { int val; bst * left, * right; }; bst * root = nullptr; void srch ( int num,bst * head) { if (head == nullptr){ cout << " \n Number is not present \a " << endl; return ; } if (head -> val == num) { cout << " \n Number is present \n\a " ; return ; } else { if (num < head -> val) srch(num,head -> left); else srch(num,head -> right); ...
6 comments
Read more

[solution] Motorola moto G5S plus | xt1804|Sanders Magisk error 1 : cannot mount /vendor

By
Error: mainly all error 1 errors. can not mount /vendors... Cause : Since your current TWRP is not treble supported ,You need a Treble supported Recovery. Solution : Simpally download this file and then flash it .  this recovery is treble supported 1. VIA TWRP boot to twrp recovery  goto install .  touch on install image and then select this downloaded file (.img)  select recovery  then flash it 2. Using fastboot fastboot flash recovery <(downloaded.img)> NOW YOU CAN FLASH MAGISK zip file via recovery LINK : TWRP_SANDERS_r22_BY_GENETIC ENGINEER
6 comments
Read more

crack .zip .rar files

By
Download: Win32 version rarcrack 0.2 (1.28M) Using RarCrack: rarcrack your_encrypted_archive.ext [--threads thread_num] [--type rar|zip|7z] Everything in [] are optional, rarcrack default crack two threads and autodetect the archive type. If the detection wrong you can specify the correct file type with the type parameter. RarCrack currently crack maximum in 12 threads. After the cracking started RarCrack will print the current status of cracking and save it’s to a status file. If you want more specific password character set, you need to run RarCrack to create the XML status file (3 sec). 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ uU This is a sample XML file, and you see there is a character set. If you want, you can modify this file and when you start RarCrack again the program will be use new variables. Warning: Take care when you changing this file, make sure the current password don’t have characters outside the abc[character set]!
Post a Comment
Read more

Java API call Example using GSON, org.json.json and Jackson [ Simple Get Call] and parsing result as JSON

By
import com.fasterxml.jackson.databind.JsonNode ; import com.fasterxml.jackson.databind.ObjectMapper ; import com.google.gson.* ; import org.json.JSONArray ; import org.json.JSONObject ; import java.io.* ; import java.net.HttpURLConnection ; import java.net.URL ; public class APICALL { public static void main (String[] args) throws IOException { // String url="https://mocki.io/v1/19a50724-c2e5-46a1-b457-543462cdfde2"; String url= "https://jsonplaceholder.typicode.com/users" ; String line ; StringBuilder resp= new StringBuilder() ; System. out .println(url) ; HttpURLConnection con= (HttpURLConnection) new URL(url).openConnection() ; con.setRequestMethod( "GET" ) ; con.setRequestProperty( "Accept" , "application/json" ) ; System. out .println(con.getResponseMessage()) ; System. out .println(con.getContentType()) ; InputStream inputStream=con.getInput...
Post a Comment
Read more

python program to Print Starting Series OF Indian Mobile Number for a State or operator or both

By
import requests import urllib.request import time from bs4 import BeautifulSoup as bs import re url = ' https://en.wikipedia.org/wiki/Mobile_telephone_numbering_in_India' state_to_extract = "UE" #if set to None all state is considered telecom_to_extracted = None #if set to none all operator from particular city is extracted response = requests . get(url) print (response) soup = bs(response . text, "html.parser" ) one_a_tag = soup . findAll( 'tr' )[ 35 :] lst = [] for k in one_a_tag: s = k . findAll( 'td' ) limit = len (s) i = 0 while True : if i == limit: break no = s[i] . text i += 1 if i == limit: break operator = s[i] . text i += 1 if i == limit: break state = s[i] . text i += 1 if i == limit: break res = f "{no} {operator} {state}" if state_to_extract is None : if telecom_to_extracted is None : lst . append(no) elif telecom_to_e...
2 comments
Read more

Python program to find Sexy primes

By
a,b=input("Enter the Range Seprated by space ->" ).split(' ') primes=list() for i in range(int(a),int(int(b)+1)):     flag=1     for j in range(2,i):         if i%j==0:             flag=0             break     if flag==1:         primes.append(i) count=0 for j in primes:     if j+6 in primes:         count+=1 print(count). example: 4 40 output 7
Post a Comment
Read more

Interesting Thing In Yahoo Logo

By
If you press "!" in the Yahoo logo on Yahoo.com Home page. You can hear group of girls saying "Yahooooo" !!! NOTE it doesnt work in yahoo india it works in yahoo US , type us.yahoo.com and try it
Post a Comment
Read more