THREAD: [Tutorial] - Hacking a Router Log In Page -
  1. 01-13-2012, 12:29 AM
    MagicalMonkey's Avatar
    MagicalMonkey
    Little One
    MagicalMonkey's Avatar
    MagicalMonkey
    Little One
    260
    Posts
    1,924
    Reputation
    Oct 2011
    NextGenUpdate
    Hacking into a Password Protected Router Page

    Magical Monkey


    For what ever reason the day may come where you need access to someone's router page (Better known as the router set up page for Belkin users.), but it can be hard to do that when this router page has a password on it. So in this tutorial I will be showing you how to get that password and then crack the code in to a form that can be used so that you can log in.



    Important:

    • This was tested on a Belkin Router and has not been tested on different Routers.
      If you would like to confirm that it works on your router let me know.

    • You must absolutely as far as I know must be connected to the router in order for it to work.

    • I did find this by myself. I do not doubt that this has been found, but just remember who found it for you. Thank you.
      After some research this method turned out to be newer than I thought, so congrats to me for bringing original hacking methods to NGU. lol

    • If you do this on a router page other than yours you could get in serious trouble.

    • Some may argue this would not work because I have previously connected and successfully logged into my router page, but do not worry because I basically reset my web browser.





    How To
    (Belkin Guide)

    Specifications of Tested Router:
    Firmware Version - 5.00.12
    Boot Version - 1.18
    Hardware - F5D7234-4 v5 (01)



    Step 1
    Open your router page by putting your IP address in the address bar of your browser. (In this case I am using Google Chrome.) You should see your router page open. Click on log in for Belkin users.

    Step 2
    Then right click any where on the web page and select "Inspect Element". Then click on the tab named "Resources". After that find the file named "login.stm". Open it and go to line 82. (Exact line may vary depending on browser and actual router; see the photo below for more detailed information) On that line you will see a md5 hash code.

    Step 3
    Now take the code you found in step two and go to a website that will translate the code for you. In the example below the website used was You must login or register to view this content.

    Now that you have the password you can log in. If rednoize was not able to convert it for you try another website. Good luck.




    How to Find Your IP Address

    Thank you tokzikate for putting this small guide on finding your IP address together.

    1) Open cmd
    2) Type ipconfig
    3) Look for your default gateway


    Example of output:

    Windows IP Configuration

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . :*
    Link-local IPv6 Address . . . . . : fe80::3064:a541:92c:ef13%12
    IPv4 Address. . . . . . . . . . . : 192.168.0.122
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : fe80::222:b0ff:fed3:f452%12
    192.168.0.1

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :*

    Tunnel adapter isatap.{E5FB5FB8-435F-4F50-90E1-CA3CFB0EBBDF}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :*

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :*
    IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3809:d8e0:355b:39cd
    Link-local IPv6 Address . . . . . : fe80::3809:d8e0:355b:39cd%13
    Default Gateway . . . . . . . . . : ::

    Tunnel adapter isatap.{ED49328E-2BDB-4F52-9500-8FC467B3673F}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :*






    Screenshot Examples

    Here are some screen shots I took after first doing this.


    You must login or register to view this content.

    You must login or register to view this content.





    Video



    Coming Soon...







    Default Router Passwords and Usernames


    You can find a nice list of default passwords and user names for common routers You must login or register to view this content.



    There was supposed to be a nice FAQ section here, but I have not received enough questions yet. Please help fix this.


    I hope you guys have enjoyed this guide and look forward to my next tutorial that I will make soon enough.
    Last edited by MagicalMonkey ; 01-13-2012 at 05:20 AM.

  2. The Following 3 Users Say Thank You to MagicalMonkey For This Useful Post:

    , ,

  3. 12-19-2014, 12:29 AM
    Xavier Hidden's Avatar
    Xavier Hidden
    Are you high?
    Xavier Hidden's Avatar
    Xavier Hidden
    Are you high?
    429
    Posts
    689
    Reputation
    Dec 2012
    NextGenUpdate
    This inspect element exploits seams to not be available on other devices.
    How can I find the md5 on a CGN3ROG Login hitron login page. Really useful information. Too bad it's too limited. I forgot the password and can't manually reset it.
  4. 12-22-2014, 09:10 PM
    Pichu's Avatar
    Pichu
    RIP PICHU.
    Pichu's Avatar
    Pichu
    RIP PICHU.
    6,550
    Posts
    34,645
    Reputation
    Jan 2011
    NextGenUpdate
    This is practically useless and if you already have access w/ a password you can just go into "Network and Sharing Center", click on your connection name, WIFI properties, Security, then Show Characters.

    There you go, you have your password and since you already have the SSID, you can connect whenever.

    ----
    Now for the router part, most routers are left alone with their generic Username/Password. If by chance they are changed, you're assuming they use MD5, whereas others may be using SHA1 or SHA2. They may be using a salt with the hash as well.

    Many new routers as well don't allow you to just inspect the element.
    Last edited by Pichu ; 12-22-2014 at 09:13 PM.

  5. 12-23-2014, 09:58 PM
    Xavier Hidden's Avatar
    Xavier Hidden
    Are you high?
    Xavier Hidden's Avatar
    Xavier Hidden
    Are you high?
    429
    Posts
    689
    Reputation
    Dec 2012
    NextGenUpdate
    Originally Posted by Pichu View Post
    This is practically useless and if you already have access w/ a password you can just go into "Network and Sharing Center", click on your connection name, WIFI properties, Security, then Show Characters.

    There you go, you have your password and since you already have the SSID, you can connect whenever.

    ----
    Now for the router part, most routers are left alone with their generic Username/Password. If by chance they are changed, you're assuming they use MD5, whereas others may be using SHA1 or SHA2. They may be using a salt with the hash as well.

    Many new routers as well don't allow you to just inspect the element.


    I'll see if they use this so called sha1 or sha2. They have an unbeatable 15 kbps upload speed but on ps3 ports are closed to only 2 kbps. If I can open nat on ps3 I can catch host easily. Time to try inspecting element again.
  6. 12-24-2014, 02:17 AM
    Pichu's Avatar
    Pichu
    RIP PICHU.
    Pichu's Avatar
    Pichu
    RIP PICHU.
    6,550
    Posts
    34,645
    Reputation
    Jan 2011
    NextGenUpdate
    Originally Posted by Xavier View Post
    I'll see if they use this so called sha1 or sha2. They have an unbeatable 15 kbps upload speed but on ps3 ports are closed to only 2 kbps. If I can open nat on ps3 I can catch host easily. Time to try inspecting element again.


    So called SHA1 and SHA2 are hashing algorithms, the same as MD5 however the process the hash is created is different for each. MD5 for example is no longer secure due to collision detection so now the standard is to move over to SHA1, SHA256 or SHA512.

    The MD5 would just store the password out of plaintext and then when you went to enter your username/password, it would get the sum value of the password in MD5 and compare with the registered value on the router, if username and password match w/ the sum equaling another, you gain access.

    Basic login system.

    If you just need the password and are already connected, you just retrieve the password through what I stated.

    If you need to access the router and don't have the password, therefore not connected to a live network and only via the SSID, you'd need to figure out the domain for the router, commonly 196.182.0.1, 0.2, 2.1, 2.2, however there are other variants but you can still get it through other means.

    Once on, inspect element might work for older but newer ones, like my Belkin for example, does not expose anything. The handling of access is all done inside the router where all the info for passwords and such are stored which make hacking them harder.

    About the only thing I can do is walk over to it, plug in an ethernet cord and reset the entire thing back to factory w/ some software. Then just login with admin/password.
  7. 12-24-2014, 03:56 AM
    Xavier Hidden's Avatar
    Xavier Hidden
    Are you high?
    Xavier Hidden's Avatar
    Xavier Hidden
    Are you high?
    429
    Posts
    689
    Reputation
    Dec 2012
    NextGenUpdate
    Originally Posted by Pichu View Post
    ...

    finding the default gateway is easy you made it sound hard simply open cmd and use ipconfig.
    Last edited by Xavier Hidden ; 12-25-2014 at 07:35 PM.