ADSL routers also known as DSL modems is a device used to connect the computer to the DSL phone line for using Internet Services (broad band ).These ADSL routers have a serious vulnerability in them, which most of you are not aware off . In this post I will show you how to exploit this common vulnerability that lies in most ADSL routers so as to gain complete access to the router settings Hack Remote ADSL Routers ( DSL modems )
Every DSL modem (router) comes with a user name and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in the Default user name and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password. This makes it possible for the attackers to gain unauthorized access and modify the router settings using a common set of default user names and passwords. Here is how you can do it.
Things Required :-
1. IP Scanner - To scan IPs
2. Any Web Browser
Procedure :-
1. First Install and open IP Scanner, Enter the Ip Range that you want to scan, Being a broadband user, I prefer to scan my own IP range, you can find your Ip address by going to whatismyip.com
2. After Entering the Range , go to options and select options, check only open ports radio button as show , finally click OK button
3. Now go to options and click "select ports " Enter Port 80 as shown and click OK
4. Now click start scan , After a few minutes the scanner will show a list of Ips with port 80 open
5. Now copy one of the IPs from the list , and paste it in your browser and hit enter , You will be prompted for the login details , just enter admin for both the login name and password , If your lucky you shall gain access to the router settings page as shown
If you do not succeed to gain access, select another IP from the list and repeat the step-5. At least 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.
Exploitation
By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection
The attacker can also specify a fake DNS server for the victim router and could carry out phishing attacks. The attacker can change the ISP's DNS servers to his own controlled DNS server, thus making a redirection of DNS for phishing. This attack is believed to be one of the most stealth attack on this kind of scenario.
Counter Measures
If you are using an ADSL router to connect to the Internet, it is highly recommended that you change your default router password
Hope you enjoyed the post , For further doubts and clarifications please pass your comments
0 comments:
Post a Comment