router configuration

since it is very common for people with wireless routers in their homes never to change the default user/pass, it can be very easy to get access to their router configurations (192.168…etc).

I was just wondering what kind of vulnerabilities this exposes the computers on the network to. what could someone potentially do with the configuration to gain further access, etc.

Thanks for any responses.

if they have shares on their computer, you can access their files (not sure how well this relates to your post, sorry) :)

most remote programs (remote desktop, remote shutdown, same for this, i keep thinking of something else)

telnet might work, not sure, ive never used it

change any settings on the router, including kicking them off the network, so the only way to fix it is to reset the router manually with the button on the router itself.

lots more, i see it all the time, i just never really took the time to take advantage of it, google for it

^not sure how accurate i am, like i said, ive never taken advantage of it so those would be my guesses

thanks for the reply. i was thinking of something more than just the obvious changes that can be made to the settings such as setting a password to get on and doing something like using port forwarding and finding some ways to exploit services running on computers on the network, if that makes sense. i will look into that also. thanks.

Well by opening ports on the router you have a better chance at scanning their comp with … lets use nmap … and finding programs using certain ports. But if it is using that port after opening them all, it probably was using it before and didn't need to do much with the router. The previous reply to yours that stated remote desktop is something you could set up on their computer remotely and by having access to the router you could open the ports needed. Not sure if that's along the lines of what your looking for or not. Given once your into the router there's a lot of things you could do; but the main question is what do you WANT to do? I don't really understand what your looking at doing. Maybe if you explain your objective with a little more detail, I or others here might be able to help you more with your problem.

A lot of SOHO routers have the ability to ping a target built into the web interface; you could use that to enumerate machines on the internal network. Also, a lot of them allow you to set rules for directing certain types of traffic to a particular destination; you could try a MITM attack from outside their network, although I'm not sure how successful it would be. Other than that, just open the ports that host the services you want to exploit to the outside world… and go to it.

First off, I have no idea why you quoted me :P I'm quite lost on that. Anyways!

MITM. Just thinking. If it is a nice sized network, given router PLUS a computer inside the network admin credentials, you could perform this. Either by using windows built in Remote Desktop Connection service or remotely installing your own, open the needed ports with router, connect to the computer and perform the MITM from there. Now as to only using the router I'm sure there is a way.

Just wondering… Is there a way to connect to a router with an external IP but make the router read as though your coming from an internal computer and assign you an internal IP? Sorry, just thought of it while posting… Might have to look into that some.

But I believe somebody said you can make a router redirect the user somewhere else when given a certain request? I think I got that right. So… if you make it redirect to your computer then have your computer take the request they wanted and send them to where they wanted to go… It might make the MITM attack work. But then I guess the question arises if you would receive the information that is sent from the target computer to the router of where they wanted to go. And if not, how would you go about that? Because logically if the router is the one changing where the user wants to go, it wouldn't send that information out for the MITM person to receive… would it?

Zenrith wrote: First off, I have no idea why you quoted me :P I'm quite lost on that.

Yeah, it slipped. I always push "quote" so I can remember what I'm writing a reply to. I tend to read multiple threads at once. Just forgot to remove the quote before I posted, then fixed it immediately after. :)

<snip>MITM speculation…</snip>

But I believe somebody said you can make a router redirect the user somewhere else when given a certain request? I think I got that right. So… if you make it redirect to your computer then have your computer take the request they wanted and send them to where they wanted to go… It might make the MITM attack work. But then I guess the question arises if you would receive the information that is sent from the target computer to the router of where they wanted to go. And if not, how would you go about that? Because logically if the router is the one changing where the user wants to go, it wouldn't send that information out for the MITM person to receive… would it?

Yeah, I was the "somebody". :) As for the questions, it depends on if the router distinguishes between an internal and external target. If it only forwards to internal targets, then you would have to "set up camp" on the internal network. If it forwards to both, then you just have to be able to modify the packets as they come and go. As for making sure the reply gets back to the original computer, the internal IP is preserved in the original packet, along with the router's external IP.

Not having tried it, though, I can't say for sure whether this would work or not. Would be good to have a practical test.

Thanks for all the replies guys. As to your question, i dont really have anything in particular in mind, just messing around and exploring for the fun of it. I will look more into the stuff you guys are talking about, although its a little over my head.