Exploiting Router Authentication through Web Interface

Exploiting Router Authentication through Web Interface

The “iBall Baton 150M Wireless Router Authentication Bypass Vulnerability” is the one I found when I was studying in the college. I was simply browsing the router pages to see if there is any way to get authorized page without username/password. Somehow I noticed a web request is sending to a .cgi page. I guessed there is some page in cgi extension instead of html. So I tried an existing known page password.html with password.cgi. Luckily I got the authentication bypassed and showed password reset page. Later I identified all existing pages can be accessed in this way without username/password. While checking the source code of password reset page, I found the passwords of each login accounts in clear text! Clearly it is a critical vulnerability iBall router.

Routers such as D-Link , Linksys etc. whose web interface uses CGI scripts. We can easily access and change these routers configuration bypassing authentication. CGI is one method by which a web server can obtain data from (or send data to) databases, documents, and other programs, and present that data to viewers via the web. The authentication bypass vulnerability is powerful as anyone can change router configuration, such as changing passwords, resetting router etc. through any web browser. The steps are mentioned below:

First we need the router IP, which is usually IPV4 Default Gateway IP. We can find this using ipconfig /all command from cmd or checking details of network adapter connected to network from Network and Sharing Center.

Most common default router IPs are 192.168.0.1, 192.168.1.1 etc. Suppose the router IP is 192.168.1.1, we change the URL format of any web page to ends with .cgi.

Ie, we change

http://192.168.1.1/password.html

to

http://192.168.1.1/password.cgi

Watch this video demonstration for more details. This video shows mainly:

  1. Accessing router configuration without username and password
  2. Finding usernames and passwords which are hidden inside page source

Watch video: https://youtu.be/8GZg1IuSfCs

Some other pages we can directly access like this are:

http://192.168.1.1/upload.cgi

http://192.168.1.1/resetrouter.cgi

http://192.168.1.1/pppoe.cgi

http://192.168.1.1/info.cgi

Identified and Reported by
Gem George


Hack Software Trial Period and Run Forever

Most of us are familiar with many software programs that run only for a specified period of time in the trial mode. Once the trial period is expired, these programs stop functioning and demand for a purchase. However, there is a way to run the software programs so that they function beyond the trial period.

When the software programs are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc. After the installation, every time you run the program, it compares the current system date and time with the installed date and time. With this, it can make out whether the trial period is expired or not.
So, with this being the case, just manually changing the system date to an earlier date will not solve the problem. For this purpose there is a small tool known as RunAsDate.
RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date and time of your computer, but it only injects the date/time that you specify into the desired application.

You can run multiple applications simultaneously, each application works with different date and time, while the real date/time of your system continues to run normally.
RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify.
You can download RunAsDate from here: Download RunAsDate

 

Steps:

You will have to follow these tips carefully to successfully hack a software and make it run in the trial mode forever:
Note down the date and time, when you install the software for the first time.
Once the trial period expires, you must always run the software using RunAsDate.
After the trial period is expired, do not run the software(program) directly. If you run the software directly even once, this hack may no longer work.
It is better and safe to inject the date of the last day in the trial period.
For example, if the trial period expires on jan 30 2013, always inject the date as jan 29 2013 in the RunAsDate.

 

Alternative method 1: Using Crack Lock Software

Download Crack Lock from Here And follow the steps given below
Step 1: Always note down the date and time, when you install a trial software for the first time.

Step 2: Once the trial period expires, never open it
Step 3: Now open Crack Lock which we downloaded earlier and select add program
Step 4: Now navigate and select the trial software which you want to use it forever and Inject the date of the last day in the trial period.
eg: If the trial period expires on December 30 , always inject the date as December 29

Step 5: Follow the same steps to use any Trail version programs for ever
Note :- Once the trial period of the program expires never open it directly always open the program using crack lock.

 

Alternative method: Step 2: Manually Bypassing Software’s Trial Period>/u>

This trick generally works for most of the 3rd party applications, here we won’t use any kind of time stopper or lame stuff like that. What we will do is clear tracks so that app doesn’t realize we used the software before uninstalling it and are reinstalling it.

Step 1: First thing to do is uninstall the application.
Step 2: Go to Start Type “Regedit”.
Step 3: Go to HK Local Machine -> Software -> Your Software name. Delete the Key.
Do this for HK Current user if there exists a key of that software.
Step 4: Go to run type “%temp%. Delete all files. Well they are just temporary files so it won’t matter, it will only clean up ur pc little bit if not anything else.
Step 5: Go to Users -> Username -> Appdata Check all 3 directories that is “Local”, “LocalLow”, “Roaming” for your software entry. Delete that.
Step 6: Reinstall application and enjoy the next trial. Just perform this every time trial expires.

Done!