Exploiting Router Authentication through Web Interface

Exploiting Router Authentication through Web Interface

The “iBall Baton 150M Wireless Router Authentication Bypass Vulnerability” is the one I found when I was studying in the college. I was simply browsing the router pages to see if there is any way to get authorized page without username/password. Somehow I noticed a web request is sending to a .cgi page. I guessed there is some page in cgi extension instead of html. So I tried an existing known page password.html with password.cgi. Luckily I got the authentication bypassed and showed password reset page. Later I identified all existing pages can be accessed in this way without username/password. While checking the source code of password reset page, I found the passwords of each login accounts in clear text! Clearly it is a critical vulnerability iBall router.

Routers such as D-Link , Linksys etc. whose web interface uses CGI scripts. We can easily access and change these routers configuration bypassing authentication. CGI is one method by which a web server can obtain data from (or send data to) databases, documents, and other programs, and present that data to viewers via the web. The authentication bypass vulnerability is powerful as anyone can change router configuration, such as changing passwords, resetting router etc. through any web browser. The steps are mentioned below:

First we need the router IP, which is usually IPV4 Default Gateway IP. We can find this using ipconfig /all command from cmd or checking details of network adapter connected to network from Network and Sharing Center.

Most common default router IPs are 192.168.0.1, 192.168.1.1 etc. Suppose the router IP is 192.168.1.1, we change the URL format of any web page to ends with .cgi.

Ie, we change

http://192.168.1.1/password.html

to

http://192.168.1.1/password.cgi

Watch this video demonstration for more details. This video shows mainly:

  1. Accessing router configuration without username and password
  2. Finding usernames and passwords which are hidden inside page source

Watch video: https://youtu.be/8GZg1IuSfCs

Some other pages we can directly access like this are:

http://192.168.1.1/upload.cgi

http://192.168.1.1/resetrouter.cgi

http://192.168.1.1/pppoe.cgi

http://192.168.1.1/info.cgi

Identified and Reported by
Gem George


Simple trick to use web browsers as Text editor

We all use notepad as the simple text editor. Here is a simple and interesting trick to use your web browser as a text editor.  You can use Google Chrome or Mozilla Firefox as a simple text editor like notepad and this trick works on all web browsers.

Once your web browser changed to a text editor, you can bookmark the page just like any web pages. At anytime when you use web browser, you can simply open this bookmark in a new tab and start typing.

How To Do ?

1 Copy below code in browser Url Section

data:text/html, <html contenteditable>

2. Now Press Enter.
3. Now you can type anything as would do on any other text editor like Notepad.

4. To save your text file Press Ctrl + S and save it as anything.txt (.txt is must).

You are done!


Enable Right click and copy text from a right-click disabled web page

You might have seen some website is right click protected and disabled copying its contents. Copy-pasting some body else work is very common. Though, very few people actually give the credit link or mention about the source. Specially, in Blogging people copy each other content and increase plagiarism. Apart from all Auto-blogging tool, most common form of copying a page is by selecting text > mouse right-click and copy the content. In WordPress, we can easily disable this by using disable right click WordPress plugin.

Many websites disable CTRL +C options to ensure better security from hackers and malicious sites. Its quite annoying, you don’t realize just how much you use right-click until you can’t use it! There are a lot of useful features in the short menu that it opens up. While most are also available in the main browser menu, it’s often much quicker to use the right-click menu — this is usually the closest menu you have available. By simply disabling your browser java script temporarily, you can remove these protections. Follow these steps according to your browser.


Internet Explorer Browser:

Goto Tools>Internet options>Security

Now Click on Custom Level

Now find Scripting Section it will be around the end.

Now disable Active Scripting.This will disable JavaScript and vbscript in your browser.

Click on OK.

Now restart your browser

Mozilla Firefox Browser:

Goto Tools>Options>Content

Uncheck the box Enable JavaScript

Click Ok

Open the website that have blocked your right click.

Google Chrome Browser:

Click on the Wrench Icon on the top right side on your browser.

Click on Options

Click on Show advanced seettings…

Click on Content Settings and then on JavaScript

Disable java script and open the website.

There are a many other tricks to disable blocked right click. I have shown the most basic trick that you can use anywhere without any special software.