But how can this be used exploit a router in real life ?

Question

But how can this be used exploit a router in real life ?

minanagehsalalma opened this issue 6 years ago · 28 comments

Let's say that the pass and username are admin.admin
How will the DNS rebinding connect to the router page and enable the remote access .. Send us the WiFi password ..etc
Is There a video- tutorial that a one can follow ?!

Answer 1 · 2019-04-03T21:21:25.000Z

By making a request to the router that enables the remote access. Obviously depends on the router model.

…

On Wed, Apr 3, 2019, 20:25 mina nageh salama ***@***.***> wrote: Let's say that the pass and username are admin.admin How will the DNS rebinding connect to the router page and enable the remote access .. Send us the WiFi password ..etc Is There a video- tutorial that a one can follow ?! — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#1>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AD18kgyI7WwBB8m68FuNcqIpsT1qqwWrks5vdPIHgaJpZM4cbJvO> .

Answer 2 · 2019-04-04T12:58:32.000Z

@h43z
the router model is ZXHN H108N V2.5
"By making a request to the router that enables the remote access"
can't we just get the wifi password back in some sort of response messages ?
...
any way here is the remote access html page ...... the router login page

...

ZXHN H108N V2.5.zip

Answer 3 · 2019-04-05T01:47:58.000Z

Dns rebinding is only needed if you need to bypass SEO and read the content of a response.
You may be able to create the appropriate requests to bruteforce, login or activate some feature of the router without SEO bypass and simply create XMLHttpRequest from javascript.

Reading the wifi password from the html or some kind of api will require you to bypass SOP.

Answer 4 · 2019-04-05T12:15:33.000Z

@h43z "Reading the wifi password from the html or some kind of api will require you to bypass SEO."
can you provide more info please ?
i sent you the html file ... what's know required to enable the remote access ?

Answer 5 · 2019-04-05T12:46:17.000Z

sorry i meant SOP https://en.wikipedia.org/wiki/Same-origin_policy

Answer 6 · 2019-04-05T13:15:08.000Z

@h43z so how do you think i can bypass SOP to get the remote access enabled ? on that router ?

Answer 7 · 2019-04-05T13:17:00.000Z

@h43z do you think this would help ?
https://github.com/mpgn/ByP-SOP

Answer 8 · 2019-04-05T13:24:01.000Z

yup that's dns rebinding. (same like this repo)

Answer 9 · 2019-04-05T13:27:32.000Z

But with SOP bypass .... You still didn't Answer me .. What are the steps to achieve this ?

…

On Fri, Apr 5, 2019, 3:24 PM h43z ***@***.***> wrote: yup that's dns rebinding. (same like this repo) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ATmEThHmgfuJtLEPNz0yvZLR5JNysWcBks5vd05xgaJpZM4cbJvO> .

Answer 10 · 2019-04-05T13:43:11.000Z

You'll have to find out the request the router sends to activate it..

Answer 11 · 2019-04-05T13:46:35.000Z

Let's say I found the request using brubsute or fiddler/wireshark .. Then what should I do with the request ?! Doesn't it needs to login in router page before sending such requests ?

…

On Fri, Apr 5, 2019, 3:43 PM h43z ***@***.***> wrote: You'll have to find out the request the router sends to activate it.. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ATmETvLq5Wfiu8JsljT-S1297F_6qYJIks5vd1LvgaJpZM4cbJvO> .

Answer 12 · 2019-04-05T14:01:42.000Z

I hope it does. You'll have to send those request before.

Answer 13 · 2019-04-05T15:46:12.000Z

@h43z "You'll have to send those request before."

Before what ?
Why are you talking in an unclear way !!!?
Can you explain more details and steps please ?

Answer 14 · 2019-04-05T18:30:44.000Z

before the request to activate the remote access.

Answer 15 · 2019-04-05T19:18:13.000Z

This the question how can I send them using DNS rebinding ?

Answer 16 · 2019-04-07T02:02:07.000Z

the same way like without

Answer 17 · 2019-04-07T08:26:27.000Z

How ??????

Why are you giving me very short and not enough answers !!!

Pls give me your email

Answer 18 · 2019-04-07T08:52:48.000Z

There we go researchonyourown@gmail.com. I'm available 24/7 just for you. If you like I can remote connect and do all your work?

Answer 19 · 2019-04-07T09:19:17.000Z

Fine I am gonna text you later today ...

…

On Sun, Apr 7, 2019, 10:52 AM h43z ***@***.***> wrote: There we go ***@***.*** I'm available 24/7 just for you. If you like I can remote connect and do all your work? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ATmETg-BbenxP6h8b1YiL-DfdsUVpU8Oks5vebHggaJpZM4cbJvO> .

Answer 20 · 2019-04-07T22:35:46.000Z

@h43z i have texted you !! But you still didn't answer !

Answer 21 · 2019-04-08T11:10:28.000Z

Check the mail address again.

Answer 22 · 2019-04-08T13:02:33.000Z

@h43z did again !

Answer 23 · 2019-04-08T13:04:38.000Z

@h43z lol it seems that you are kidding me !!!!!!!!!!
research on your own ..

poor one not funny at all

Answer 24 · 2019-04-08T13:46:33.000Z

@h43z as you like ...
you make a project on github and refuse to help any one that Inquires about it !

and you just have closed your very first issue .
and i think it's the last one too as it seems that no one cares about your project

and you are not nice at all 👎
enjoy your 24/7 .

Answer 25 · 2019-04-08T14:02:01.000Z

Dude. You are fucking out of your mind.
You seem to have no idea what are talking about and simply want answers, tutorial videos and my email address so I can explain you step by step how to hack your neighbors router.
Then your tone of writing is like a spoiled lunatic.
You are an aggressive and annoying script kiddy that does not want to learn or take advice.

Answer 26 · 2019-04-08T14:25:46.000Z

You are fucking out of your mind.

Thank you for your good morals 👎

tone of writing is like a spoiled lunatic

English isn't my mother tongue ....

tutorial videos and my email address so I can explain you step by step how to hack your neighbors router

i didn't say step by step i said more details and steps ..

"that does not want to learn or take advice"

have you offered me any reference or links to read and i said no ?!

Answer 27 · 2019-04-11T16:24:16.000Z

@h43z dude i found it but i am stuck

curl "http://192.168.1.1/" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Referer: http://192.168.1.1/" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" --data "frashnum=^&action=login^&Frm_Logintoken=9^&Username=admin^&Password=admin" --compressed
what ever i do i get the same wrong response
https://superuser.com/questions/1424328/why-i-cant-login-to-my-router-using-curl-d-option

Answer 28 · 2019-04-11T21:37:17.000Z

i found it i found it !!!!!!!!!!!!!!