My experience with my router

  • Hey guys, I'm posting this because I haven't seen a new article be submitted for a while and so took it upon myself to post this and I haven't seen an article on this anywhere on the net, and I needed to do it and figured it out and then thought I may as well let people know what I discovered... Basically what I'll be telling you is how to reset the admin password on a router that's already been configured without resetting the whole thing.
    
    Contents:
    -------------------
    1: Introduction  
    2: Reasons        
    3: Step-by-step-story
    4: Ups and Downs
    -------------------
    
              1: Introduction
             -------------------
    Hi, I'm SaMTHG, fellow member, and have generally been around these kind of sites for a couple of years (I forget how long exactly...I think the first site I went to was HTS.. Not sure though) Umm I love computers, and the security (especially the breaching of it ;) ) and recently I started to try to learn to program properly, I had a good but rough idea of JS and HTML before, now I'm learning Python, I've got quite a good grasp on JS and I've dappled with PHP, and can understand what's going on when I look at a script.. Umm I'm 15, and other interests include Physics and Maths mainly.
    
           2: Reasons
         ----------------
    I'm writing this (like I said in the pre-intro) because I haven't seen anything like it before, and thought I should let people know just in case they run into the same problem.
    Little background is that my dad set up the router, and left the password as default, so I changed it... Dilemma =  I forgot what I changed it to.
    
         3: Step-by-step-story
        -------------------------
    
    So this is what I did:
    
    After browsing many, many websites in the hope to find an article or tutorial on how to reset the admin password on routers without resetting the router itself. 
    
    With no luck I started thinking there must be another way.
    I tried flooding it with information in the hope something would f**k up and let me in, I tried resetting it, but luckily couldn't quite get to reset properly, I tried connecting to it another way, but couldn't.. Nothing was working.
    
    So, grudgingly I went back to trawling the web for answers... Then something rather interesting took hold of me.. I'm not sure about most routers but with mine when you go to 192.168.1.1 it has a login page, username and password and the username is only readable.. but the thing I briefly read didn't make sense if this were true.. It said something along the lines of "Blah.. defaul login.. blah.. admin.. blah ... username: user..blah" The user part interested me, and I knew my dad didn't know about it, since the username field was only readable and when he was searching on the config stuff nothing came up.. And then realised "Hang on a moment, the user field is only readable :(" Then it happened, a stroke of ingenuity, I opened have Firefox and had a little play with the addon WebDeveloper. Under the section for Forms there's a little option "Make all fields writeable" I clicked it... it worked, I could get rid of that 'admin' username, so I did and replaced it with "user", as you've probably worked out, if default admin username has admin as a password, I tried the default user username with user as the password.... I was in :D
    
    And for me there was no difference in privs even though I was "user" so I went to the reset admin password page.... And then I saw something.. not so nice... "Current Password" field :( I tried 'admin' nothing. I tried 'user' nothing.. I tried giving it too many characters... Nothing. I thought I was stumped.. Angry at myself that I could even hack MY OWN ROUTER! I was thinking along the lines of" It's like it's google, or facebook or....." Then I thought "No.. It's not like those.. They have a server with PHP authentication stuff and MySQL databases.. This can't be connected to anything.. "
    I had a little cheeky peek at the source code and saw something rather like treasure to a poor family.. An embed link 'password.htm' and I navigated to it, and it was exactly the same as the normal  change pssword page, with the 'current password' field an everything.. I had another little cheeky peek at the source....
    
        LOW AND BEHOLD!! IT WAS JAVASCRIPT!!!
    
    It was a basic authentication technique used in maybe Javascript 2 or 3 on hacking challenge sites.. So of course I could see my old password, that.. I'm not going to tell, just in case, and I saw the user login and there's another one called 'supporter' with the password... You guessed it.. 'supporter' and so I changed my password to something I can remember using my newly found old password, and it worked, everything was fine and dandy, so that's how I did it folks! A good 6 months or so of not being able to logon to my router for whatever reasons, rid of in about 20 minutes.. 
    
         4: Ups and Downs
         -----------------------
    Ups and downs, life has both.
    After I'd completed this, I was rather chuffed, but it got me thinking "There must be away to exploit this" then I remembered a worm that had been released (I think from Australia) that tried to brute force routers' logins and infect it, and I think it recorded data, not sure though, now, I was completely new to these new default logins, and reasoned that it would be possible to create a worm that logs in by using the other lesser-known default login, it could then navigate to the appropriate page, download the source and use RegEx or something to find the password for the admin and then infect the router and change the admin password.. Because as far as I can remember the worm I talked about tried to brute force the admin login.. So yeah, that might be a down-side... 
    
    Just as a quick wrap-up, I hope you enjoyed this, and I hope you learnt something new. Um.. Rate it, well, badly, comment it constructively or not, basically, do what you want with it.... Except plagiarise..and I hope it can be helpful maybe someday in the future.. Oh and by the way, my router is D-Link, it may vary for others Umm.. That's about it really. 
    Laters
    -SaMTHG