Results 1 to 7 of 7

Thread: Getting Around HTTP basic auth...

  1. #1
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268

    Getting Around HTTP basic auth...

    Hello, I was wondering if there was a way around http basic authentification that doesn't involve packet sniffing?

    Lets say I want to get into the web browser menu for a router so I can change (remove) a network key phrase and get access to a simple wep "secured" network...

    I dont want to be just another script kiddie if at all possible, and was wondering if there was a way to write a C based program to do such things.

    I am really new to this and know how to get around it using air snort tools and *nix but my laptop came with a built in intel based wireless network card (which isn't supported by any tool lol) and dont want to spend money on a usb wireless setup.

    maybe I am overlooking something that is very simple, any help would be great thanks.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Yeah, you're overlooking asking the admin for permission to access the network, and the key.

    If you're too cheap to spend even $40 on a wifi card... too bad.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    oh hey your right... even know its my wireless router (linksys wrt54g)

    I know the password and the user name...
    (its not admin, admin)

    I was looking for another way around it, not for a smart a$$ comment...
    but hey thanks for your "help"

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    You didn't say that it was your router. That changes a things a bit since you have physical access to the router. I didn't consider my answer to be a smart ass comment, either. It was a legit response to your question. Even if you didn't want to hear it.

    You could press the reset button on the back of the router to default the password. Custom firmware, such as the dd-wrt firmware has an option to disable this reset button. Although, you can typically short out two pins on the mainboard of the router to trigger the reset button.

    Or, you could add a serial port to the wrt54g. Log in via "console". It's just a linux OS running on that thing. Then edit the password file.

    http://www.rwhitby.net/projects/wrt54gs/

    The wrt54g has had vulnerabilities in the past that would allow configuration changes via a post request issued to the router without authentication.

    http://www.securityfocus.com/bid/19347

    Actually, goto securityfocus.com and look for the wrt54g vulnerabilities. There is no shortage of them. Keep in mind that there are at least 6 physical versions of that router... and dozens of firmware versions for all of them.
    Last edited by phishphreek; October 13th, 2007 at 04:21 PM.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    Sorry, it was around 2 in the morning and I was a lil cranky considering i had like 50 views and no responses....

    Thank you though, this info is very useful! I was wondering if I could get around it without physical access though

    I guess what I am trying to ask is does anyone think that a C based program could be written to "get around" the http (basic auth) on a web browser, I just started learning the language and know advanced http, java, and a few other languages... I was just looking for a project, and wanted to know if its even plausable.

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    If you want, you can download the firmware source code (GPL) and inspect it for vulnerabilities. Then maybe you can create some C based program to exploit that vulnerability (if you find one). Or, maybe you can modify the firmware to include the http auth bypass backdoor for your router, compile the code and update your router with the backdoored firmware. I can't imagine why you'd actually want to do this though...

    Keep in mind that there are many different versions of these wrt54g routers. They are up to version 8 now. They each have different firmware versions becase they have different hardware implementations. Some of the newer routers don't look like they are using the GPL'd code... but I only looked quickly. I have several of them, but mine are all version 2 or 2.2.

    http://www.linksys.com/servlet/Satel...VisitorWrapper
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    It really depends on the rev. of the router... What is it?

Similar Threads

  1. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  2. Update Cisco CRWS via TFTP
    By phishphreek in forum Other Tutorials Forum
    Replies: 0
    Last Post: May 25th, 2004, 04:30 AM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. ports
    By hatebreed2000 in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: March 14th, 2003, 06:36 AM
  5. VISUAL BASIC for beginners
    By blow in forum Other Tutorials Forum
    Replies: 2
    Last Post: June 24th, 2002, 06:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •