Not much of a hack - At&t tried to use "security through obscurity" - in the URL.
At a cafe, I was talking to Zake and wanted to switch from my broadband VPN to open wifi to save a few bucks on the phone bill.
I connect to the wifi network - the owner even set a password to use the public network - the phone number of the location (this is common - so try it when presented with a password prompt).
The network was buggy, it failed to connect twice. The third time I connected, got online. then lost internet connection.
The problem is - the network presented me with an error message about 'loss connectivity' (BTW the quick fix I explained to the owner was to 'turn off' network notifications)
http://gateway.2wire.net/xslt?PAGE=HURL00" onclick="window.open(this.href);return false;
I looked at the URL and saw it was being presented by the network device - the router called 'gateway'.
so I simply cut the URL back to
http://gateway.2wire.net/xslt?PAGE=" onclick="window.open(this.href);return false;
(BTW - you can also try http://192.168.1.254.2wire.net/xslt?PAGE=" onclick="window.open(this.href);return false;)
and I was presented with the admin page to change settings and view who is on the network!
"Home Network
Computers:
192.168.1.76
Amy-Js-Ipod
android_445c89da63e8a396
iPhone
RobertPascoe-PC
HP689148
iPhone
Allens-iPhone
android_81ef304fd938a0d3
Zachs-iPod
192.168.1.123
Chris-iPhone-2
DigitalNomad"
You can guess which one was me....
In settings - the system password - you'll need a password "maybe the damn phone number again?" you might be able to dictionary or brute force this page - with no limit.
(funny - it turns out it was the same password he used for the public login)
You have access to upgrade - and options - here I might be able to 'brick and run' - upload malware to the 'gateway' to backdoor myself next time.
with the list of users, you could setup a fake AP, and DOS them off the original network, and log on to your fake network - easy since you can 'spearphish' with a computer name now.
Later...
DNR
At&t 2wire wifi admin page hack
At&t 2wire wifi admin page hack
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: At&t 2wire wifi admin page hack
trying google dorking
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: At&t 2wire wifi admin page hack
http://www.supportshots.com/two_wire/md ... XTPAGE=J21" onclick="window.open(this.href);return false;
this is a fake admin console - so you can see what you can get when you succeed with admin priviledges.
After checking out the demo console - I go to the admin page for this cafe's wifi - and be damned - it has a password HINT! WTF!
I hit the hint and it says "phone" --- oh gee, same login as the public network!
Glad to be back...
DNR
this is a fake admin console - so you can see what you can get when you succeed with admin priviledges.
After checking out the demo console - I go to the admin page for this cafe's wifi - and be damned - it has a password HINT! WTF!
I hit the hint and it says "phone" --- oh gee, same login as the public network!
Glad to be back...
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: At&t 2wire wifi admin page hack
While the router/gateway admin console says you can set your own IP range. The default is sadly 192.168.1.254 - parked at the end of the IP range of the standard 'non-public routable IP'. (newbies - 192.168.1.xxx cannot be accessed via the internet - you have to be associated with the network to see this IP range)
So typically that means any 2wire wifi running default -
1. only have to crack password, not user/pass
2. It has a hint feature, that could leak the password choice
3. it does have security for attacks, but traffic related - might be vulnerable to brute forcing/dictionary attack on the console itself. (an experiment would be to use the URL to feed passwords to the console - in effort to pass the 'external traffic logs' ie http://192.168.1.254/2wire.net/xslt?PASS=123456" onclick="window.open(this.href);return false; and so on)
4. Brick and Run is a possibility, as with any device that allows updating of the firmware
without password - you can at least view all the computer's names that are using the network, settings/config of the router and network.
It was noted many android and Iphones were using the network.
This is an example of the fun you can get into when sitting in a cafe peeking at someone's wifi.
Hacking Pays : owner comped my $10 breakfast!
DNR
So typically that means any 2wire wifi running default -
1. only have to crack password, not user/pass
2. It has a hint feature, that could leak the password choice
3. it does have security for attacks, but traffic related - might be vulnerable to brute forcing/dictionary attack on the console itself. (an experiment would be to use the URL to feed passwords to the console - in effort to pass the 'external traffic logs' ie http://192.168.1.254/2wire.net/xslt?PASS=123456" onclick="window.open(this.href);return false; and so on)
4. Brick and Run is a possibility, as with any device that allows updating of the firmware
without password - you can at least view all the computer's names that are using the network, settings/config of the router and network.
It was noted many android and Iphones were using the network.
This is an example of the fun you can get into when sitting in a cafe peeking at someone's wifi.
Hacking Pays : owner comped my $10 breakfast!
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
Re: At&t 2wire wifi admin page hack
Great read, you would also be surprised at how many other businesses jump on the free for all bandwagon too that are within distance.
The devil can cite Scripture for his purpose.
-- William Shakespeare, "The Merchant of Venice"
https://tshirt-memes.com
-- William Shakespeare, "The Merchant of Venice"
https://tshirt-memes.com