Hey, I hope one of you in her can help me, I have a little problem I need to get a password to a router on the net. I use telnet to connect the router and then the router ask me for a password, how can I get that password. Some one now any way ore tools I can use to get that password?
I relay hope some one can help me
Sorry for me bad English
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Get Password From Router
Started by
goofy
, Sep 19 2003 02:08 PM
24 replies to this topic
#2
HalCon
-
- Members
-
- 20 posts
Private First Class
Posted 20 September 2003 - 12:13 AM
Um here ya go....
You can try default passwords because many dumb admins leave them as the default. Also you can freeze the router in which period the password will be temporarily reset to its default.The default depends on the type of router.
For example the default password for a cisco router may be "admin". While the router is frozen,connect to it and try the defaults.In v4.1 cisco software a HUGE password string is/was enough to freeze the router. Not sureif this bug is fixed. Also you can try other DoS attacks(much of which the router may filter ;-( anyways)...
Once the first password phase is cracked what lies next is getting the enable pass which I would not describe how to do in detail because it all depends onthe software running, type of router etc. Simply get the password file and crack it!
You can try default passwords because many dumb admins leave them as the default. Also you can freeze the router in which period the password will be temporarily reset to its default.The default depends on the type of router.
For example the default password for a cisco router may be "admin". While the router is frozen,connect to it and try the defaults.In v4.1 cisco software a HUGE password string is/was enough to freeze the router. Not sureif this bug is fixed. Also you can try other DoS attacks(much of which the router may filter ;-( anyways)...
Once the first password phase is cracked what lies next is getting the enable pass which I would not describe how to do in detail because it all depends onthe software running, type of router etc. Simply get the password file and crack it!
#3
goofy
-
- Members
-
- 11 posts
Private
Posted 20 September 2003 - 05:51 AM
Thanks fore you help. Its was very use full fore me 
#4 Guest_wicked_*
Guest_wicked_*
-
- Guests
Posted 16 November 2003 - 12:59 PM
Nice one Contempt ...
Wkd.
.../
Wkd.
.../
#5
tolf
-
- Members
-
- 108 posts
Specialist
Posted 16 November 2003 - 06:03 PM
Does it ask for a userid and password or just password??
If it has userid and pass that means AAA is used and you have to brute force with two factor, if just password try the defaults "cisco" admin etc, run this through a brute forcer as well..
Also if it has HTTP access this exploit will show you the config and line passwords striaght away...
http://cert.uni-stut...07/bin00001.bin
Enjoy
If it has userid and pass that means AAA is used and you have to brute force with two factor, if just password try the defaults "cisco" admin etc, run this through a brute forcer as well..
Also if it has HTTP access this exploit will show you the config and line passwords striaght away...
http://cert.uni-stut...07/bin00001.bin
Enjoy
#6 Guest_wicked_*
Guest_wicked_*
-
- Guests
Posted 17 November 2003 - 11:01 AM
Ahh this gets more intriquing by the minute.....
Perhaps someone could do us up a password / Combo file for Default User/Pass for all OS's ... now that would come in Handy with AD...
Wks..
.../
Enjoying Tolf..
Perhaps someone could do us up a password / Combo file for Default User/Pass for all OS's ... now that would come in Handy with AD...
Wks..
.../
Enjoying Tolf..
#7 Guest_Ipsec Espah_*
Guest_Ipsec Espah_*
-
- Guests
Posted 01 December 2003 - 06:10 PM
Cisco routers don't have default passwords... And like was previously mentioned if it prompts you for a username i would just forget about it because after a few incorrect logins you will be locked out. 
#8 Guest_Ipsec Espah_*
Guest_Ipsec Espah_*
-
- Guests
Posted 01 December 2003 - 06:13 PM
Just search google for:Ahh this gets more intriquing by the minute.....
Perhaps someone could do us up a password / Combo file for Default User/Pass for all OS's ... now that would come in Handy with AD...
Wks..
.../
Enjoying Tolf..
wordlists "common passwords"
Theres also sites that keep a listing of default passwords for various hardware and software. http://www.phenoelit.de/dpl/dpl.html is one of em
#9 Guest_Hardcore_*
Guest_Hardcore_*
-
- Guests
Posted 01 December 2003 - 10:26 PM
Ok...Wicked is funny...heh.
To the original question, you need to enumerate the router make/model before you go looking for some Universal Router Compromiser/Cracker application (available only from New Zealand)....
Use an app that will grab the SNMP banner, or when you Telnet to it, see if it gives you a banner, see if you get a response on port 80 for it's banner (some admins have this enabled for some lame reason, remote admin for the noob or something). You never know.
Tools such as XSCAN 2.3 (www.xfocus.org), NMAP 3.48 (www.insecure.org), or Superscan4 (www.foundstone.com) will help you in this matter.
"When you pick up a tool..don't you think you should learn how to use it before hammering away at things?"..so keep asking questions...
Team effort!
-Hardcore
To the original question, you need to enumerate the router make/model before you go looking for some Universal Router Compromiser/Cracker application (available only from New Zealand)....
Use an app that will grab the SNMP banner, or when you Telnet to it, see if it gives you a banner, see if you get a response on port 80 for it's banner (some admins have this enabled for some lame reason, remote admin for the noob or something). You never know.
Tools such as XSCAN 2.3 (www.xfocus.org), NMAP 3.48 (www.insecure.org), or Superscan4 (www.foundstone.com) will help you in this matter.
"When you pick up a tool..don't you think you should learn how to use it before hammering away at things?"..so keep asking questions...
Team effort!
-Hardcore
#10 Guest_ikkyu_*
Guest_ikkyu_*
-
- Guests
Posted 10 December 2003 - 07:43 PM
you must know the make and model before you can procede, find that out then you can find an exploit and if necessary cracker
#12
ST.
-
- Members
-
- 94 posts
Private First Class
Posted 18 January 2004 - 04:14 PM
only hammering with bruteforce is possible
#13
tori
-
- Members
-
- 18 posts
Private
Posted 19 January 2004 - 08:27 PM
decryption MD5 is not easy task since most the router password is encrypted with MD5
#14
tolf
-
- Members
-
- 108 posts
Specialist
Posted 19 January 2004 - 08:32 PM
Incorrect . There are many other ways to gain access:only hammering with bruteforce is possible
(1) HTTP exploit previously mentioned (in the config ip http server) - if this enabled the majority of cisco devices are affected by this vulnerabilty(up until 12.1 or 2 IOS i think) and you can either execute system commands directly to the router, or obtain the configuration stright off, grab the type seven hash and break it in 1 second (if enable secret is enabled it will take longer). If acls are applied the confguration will show the IP address to spoof (us iterm to grab a connection)...
(2) Scan the device for port for SNMP - check for default or commonly used community strings(public for RO and private for RW). Again if RW SNMP is enabled then you have access to the router to make configuration changes. Use solarwinds SNMP thingy to download and upload the confg.
(3) Scan the device for tftp - if the feature is enabled you can upload a config to the device with no authnetication what so ever.
(4) Many other vulnerabilities inherent to the devices IOS version and type.. ie what does the banner say when you telnet to it? Search on the web for those vulnerabilites.
Go forth young one..
#15
gman24
-
- Sergeant Major
-
- 643 posts
Specialist
Posted 06 February 2004 - 01:05 PM
If you can, sniff between someone who has access to the router and the router. When they log on, crack the hash (or if its plaintext, you got it).
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
