Exploiting Router Authentication through Web Interface

  • 7

Exploiting Router Authentication through Web Interface

Routers such as D-Link , Linksys etc. whose web interface uses CGI scripts. We can easily access and change these routers configuration bypassing authentication. CGI is one method by which a web server can obtain data from (or send data to) databases, documents, and other programs, and present that data to viewers via the web.

This vulnerability is powerful as anyone can change router configuration, such as changing passwords, resetting router etc. through any web browser independent of any Operating System. First we need the router IP, which is usually IPV4 Default Gateway IP. We can find this using ipconfig /all command from cmd or checking details of network adapter connected to network from Network and Sharing Center.

Most common default router IPs are 192.168.0.1, 192.168.1.1 etc. Suppose the router IP is 192.168.1.1, we change the URL format of any web page to ends with .cgi.

Ie, we change

http://192.168.1.1/password.html

to

http://192.168.1.1/password.cgi

Watch this video demonstration for more details. This video shows mainly:

  1. Accessing router configuration without username and password
  2. Finding usernames and passwords which are hidden in router

 

 

Watch video: https://youtu.be/8GZg1IuSfCs

Some other pages we can directly access like this are:

http://192.168.1.1/upload.cgi

http://192.168.1.1/resetrouter.cgi

http://192.168.1.1/pppoe.cgi

http://192.168.1.1/setup.cgi

http://192.168.1.1/setup.cgi?todo=reboot