Gaining access to internal network via router

Grell · 09-24-2012, 03:08 AM

Hey, I have written a program a little while back that allows one to scan random ip addresses to see if there is a specified port open. I have found it very useful especially for telnet and finding insecure routers. I would say that a somewhat small but significant percentage of all the ips discovered belong to routers with default passwords in use, i.e. admin/admin or root/root, etc... Now, these are routers being discovered and cracked into. I want to now if it is possible (I'm sure it is) and how to gain access to the internal network these routers are connected to once I am able to gain access to inside the routers.

Here is a link to my program for those interested: thrip.c

unknownAttacker · 10-01-2012, 10:03 AM

there are various ways to attack the router's LAN after gaining access to the router itself. I think that what you want to do is either to use SSH tunneling/VPN or to create a bridge. bridging is unfortunately quite complicated so if you're not doing a really big hack it will be more work than gains. setting up SSH tunnel or VPN is easy and fun but most of original router firmwares don't support it so you'll need to find routers with custom one. that's not a big problem as I've personally hacked some DD-WRT routers. unfortunately, you can't really modify firmware remotely as you need physical access to router for flashing.

you can also get an access to the network without becoming a part of it with a good old bind shell - it'll make you enter the router the same way you'd enter a hacked computer through bind shell. check out Router Post-Exploitation Framework for this. you won't be a part of LAN but you'll control something that is a part of LAN, which allows for similar lulz. Metasploit will be useful too.

also, there are many other attacks you can do with a hacked router. you can redirect traffic through DNS poisoning. you can turn the router's firewall of. you can cause a temporary denial of service by changing credentials or other settings. believe me, attacking routers (and many other online devices for that matter) gives you nearly endless attack vectors.

kaptaan · 10-07-2012, 11:32 AM

thnxx for sharing.............

placebophd · 10-08-2012, 01:15 PM

In order to hack a router, first i have to authenticate with the router ?

unknownAttacker · 10-08-2012, 05:50 PM

(10-08-2012, 01:15 PM)placebophd Wrote: In order to hack a router, first i have to authenticate with the router ?

there are attacks on some routers that let you skip authentication (google router hacking to find out) but still, many people (and companies!) leave default username and pass. so you just need to know the defaults

chmod · 10-08-2012, 07:08 PM

couple of useful links related to this

routerpwn
routerpasswords