Government Security
Network Security Resources

Jump to content

Photo

Get Password From Router

- - - - - router tools
  • Please log in to reply
24 replies to this topic

#1 goofy

goofy

    Private

  • Members
  • 11 posts

Posted 19 September 2003 - 02:08 PM

Hey, I hope one of you in her can help me, I have a little problem I need to get a password to a router on the net. I use telnet to connect the router and then the router ask me for a password, how can I get that password. Some one now any way ore tools I can use to get that password?

I relay hope some one can help me

Sorry for me bad English

#2 HalCon

HalCon

    Private First Class

  • Members
  • 20 posts

Posted 20 September 2003 - 12:13 AM

Um here ya go....
You can try default passwords because many dumb admins leave them as the default. Also you can freeze the router in which period the password will be temporarily reset to its default.The default depends on the type of router.

For example the default password for a cisco router may be "admin". While the router is frozen,connect to it and try the defaults.In v4.1 cisco software a HUGE password string is/was enough to freeze the router. Not sureif this bug is fixed. Also you can try other DoS attacks(much of which the router may filter ;-( anyways)...

Once the first password phase is cracked what lies next is getting the enable pass which I would not describe how to do in detail because it all depends onthe software running, type of router etc. Simply get the password file and crack it!


:ph34r:

#3 goofy

goofy

    Private

  • Members
  • 11 posts

Posted 20 September 2003 - 05:51 AM

Thanks fore you help. Its was very use full fore me :)

#4 Guest_wicked_*

Guest_wicked_*
  • Guests

Posted 16 November 2003 - 12:59 PM

Nice one Contempt ...

Wkd.

.../

#5 tolf

tolf

    Specialist

  • Members
  • 108 posts

Posted 16 November 2003 - 06:03 PM

Does it ask for a userid and password or just password??

If it has userid and pass that means AAA is used and you have to brute force with two factor, if just password try the defaults "cisco" admin etc, run this through a brute forcer as well..

Also if it has HTTP access this exploit will show you the config and line passwords striaght away...

http://cert.uni-stut...07/bin00001.bin

Enjoy

#6 Guest_wicked_*

Guest_wicked_*
  • Guests

Posted 17 November 2003 - 11:01 AM

Ahh this gets more intriquing by the minute.....

Perhaps someone could do us up a password / Combo file for Default User/Pass for all OS's ... now that would come in Handy with AD...

Wks..

.../

Enjoying Tolf..

:lol:

#7 Guest_Ipsec Espah_*

Guest_Ipsec Espah_*
  • Guests

Posted 01 December 2003 - 06:10 PM

Cisco routers don't have default passwords... And like was previously mentioned if it prompts you for a username i would just forget about it because after a few incorrect logins you will be locked out. :(

#8 Guest_Ipsec Espah_*

Guest_Ipsec Espah_*
  • Guests

Posted 01 December 2003 - 06:13 PM

Ahh this gets more intriquing by the minute.....

Perhaps someone could do us up a password / Combo file for Default User/Pass for all OS's ... now that would come in Handy with AD...

Wks..

.../

Enjoying Tolf..

:lol:

Just search google for:

wordlists "common passwords"

Theres also sites that keep a listing of default passwords for various hardware and software. http://www.phenoelit.de/dpl/dpl.html is one of em :)

#9 Guest_Hardcore_*

Guest_Hardcore_*
  • Guests

Posted 01 December 2003 - 10:26 PM

Ok...Wicked is funny...heh.

To the original question, you need to enumerate the router make/model before you go looking for some Universal Router Compromiser/Cracker application (available only from New Zealand).... ;)

Use an app that will grab the SNMP banner, or when you Telnet to it, see if it gives you a banner, see if you get a response on port 80 for it's banner (some admins have this enabled for some lame reason, remote admin for the noob or something). You never know.

Tools such as XSCAN 2.3 (www.xfocus.org), NMAP 3.48 (www.insecure.org), or Superscan4 (www.foundstone.com) will help you in this matter.

"When you pick up a tool..don't you think you should learn how to use it before hammering away at things?"..so keep asking questions...

Team effort!

-Hardcore

#10 Guest_ikkyu_*

Guest_ikkyu_*
  • Guests

Posted 10 December 2003 - 07:43 PM

you must know the make and model before you can procede, find that out then you can find an exploit and if necessary cracker

#11 Guest_Jay_*

Guest_Jay_*
  • Guests

Posted 11 December 2003 - 05:59 AM

Default Password List

#12 ST.

ST.

    Private First Class

  • Members
  • 94 posts

Posted 18 January 2004 - 04:14 PM

only hammering with bruteforce is possible

#13 tori

tori

    Private

  • Members
  • 18 posts

Posted 19 January 2004 - 08:27 PM

decryption MD5 is not easy task since most the router password is encrypted with MD5

#14 tolf

tolf

    Specialist

  • Members
  • 108 posts

Posted 19 January 2004 - 08:32 PM

only hammering with bruteforce is possible

Incorrect . There are many other ways to gain access:

(1) HTTP exploit previously mentioned (in the config ip http server) - if this enabled the majority of cisco devices are affected by this vulnerabilty(up until 12.1 or 2 IOS i think) and you can either execute system commands directly to the router, or obtain the configuration stright off, grab the type seven hash and break it in 1 second (if enable secret is enabled it will take longer). If acls are applied the confguration will show the IP address to spoof (us iterm to grab a connection)...

(2) Scan the device for port for SNMP - check for default or commonly used community strings(public for RO and private for RW). Again if RW SNMP is enabled then you have access to the router to make configuration changes. Use solarwinds SNMP thingy to download and upload the confg.

(3) Scan the device for tftp - if the feature is enabled you can upload a config to the device with no authnetication what so ever.

(4) Many other vulnerabilities inherent to the devices IOS version and type.. ie what does the banner say when you telnet to it? Search on the web for those vulnerabilites.

Go forth young one..

#15 gman24

gman24

    Specialist

  • Sergeant Major
  • 643 posts

Posted 06 February 2004 - 01:05 PM

If you can, sniff between someone who has access to the router and the router. When they log on, crack the hash (or if its plaintext, you got it).





Also tagged with one or more of these keywords: router, tools