-
October 12th, 2007, 08:58 PM
#1
Getting Around HTTP basic auth...
Hello, I was wondering if there was a way around http basic authentification that doesn't involve packet sniffing?
Lets say I want to get into the web browser menu for a router so I can change (remove) a network key phrase and get access to a simple wep "secured" network...
I dont want to be just another script kiddie if at all possible, and was wondering if there was a way to write a C based program to do such things.
I am really new to this and know how to get around it using air snort tools and *nix but my laptop came with a built in intel based wireless network card (which isn't supported by any tool lol) and dont want to spend money on a usb wireless setup.
maybe I am overlooking something that is very simple, any help would be great thanks.
-
October 13th, 2007, 05:27 AM
#2
Yeah, you're overlooking asking the admin for permission to access the network, and the key.
If you're too cheap to spend even $40 on a wifi card... too bad.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 13th, 2007, 05:41 AM
#3
oh hey your right... even know its my wireless router (linksys wrt54g)
I know the password and the user name...
(its not admin, admin)
I was looking for another way around it, not for a smart a$$ comment...
but hey thanks for your "help"
-
October 13th, 2007, 04:15 PM
#4
You didn't say that it was your router. That changes a things a bit since you have physical access to the router. I didn't consider my answer to be a smart ass comment, either. It was a legit response to your question. Even if you didn't want to hear it.
You could press the reset button on the back of the router to default the password. Custom firmware, such as the dd-wrt firmware has an option to disable this reset button. Although, you can typically short out two pins on the mainboard of the router to trigger the reset button.
Or, you could add a serial port to the wrt54g. Log in via "console". It's just a linux OS running on that thing. Then edit the password file.
http://www.rwhitby.net/projects/wrt54gs/
The wrt54g has had vulnerabilities in the past that would allow configuration changes via a post request issued to the router without authentication.
http://www.securityfocus.com/bid/19347
Actually, goto securityfocus.com and look for the wrt54g vulnerabilities. There is no shortage of them. Keep in mind that there are at least 6 physical versions of that router... and dozens of firmware versions for all of them.
Last edited by phishphreek; October 13th, 2007 at 04:21 PM.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 13th, 2007, 05:40 PM
#5
Sorry, it was around 2 in the morning and I was a lil cranky considering i had like 50 views and no responses....
Thank you though, this info is very useful! I was wondering if I could get around it without physical access though
I guess what I am trying to ask is does anyone think that a C based program could be written to "get around" the http (basic auth) on a web browser, I just started learning the language and know advanced http, java, and a few other languages... I was just looking for a project, and wanted to know if its even plausable.
-
October 13th, 2007, 09:59 PM
#6
If you want, you can download the firmware source code (GPL) and inspect it for vulnerabilities. Then maybe you can create some C based program to exploit that vulnerability (if you find one). Or, maybe you can modify the firmware to include the http auth bypass backdoor for your router, compile the code and update your router with the backdoored firmware. I can't imagine why you'd actually want to do this though...
Keep in mind that there are many different versions of these wrt54g routers. They are up to version 8 now. They each have different firmware versions becase they have different hardware implementations. Some of the newer routers don't look like they are using the GPL'd code... but I only looked quickly. I have several of them, but mine are all version 2 or 2.2.
http://www.linksys.com/servlet/Satel...VisitorWrapper
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 15th, 2007, 01:51 AM
#7
It really depends on the rev. of the router... What is it?
Similar Threads
-
By ThePreacher in forum Miscellaneous Security Discussions
Replies: 17
Last Post: December 14th, 2006, 09:37 PM
-
By phishphreek in forum Other Tutorials Forum
Replies: 0
Last Post: May 25th, 2004, 04:30 AM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By hatebreed2000 in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: March 14th, 2003, 06:36 AM
-
By blow in forum Other Tutorials Forum
Replies: 2
Last Post: June 24th, 2002, 06:44 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|