How to Hack Home Routers
In this quick tutorial we are going to see how black hats can hack random routers over the Internet and access remote desktop connections using default or “easy to guess” credentials.
Disclaimer: Before I go over the steps to do this I’d like to note that attacking someone’s network, computer or website without their permission is illegal in the United States and in most countries. In the U.S. it is technically only illegal when used with malicious intent, hence testing this on your OWN device or on someone’s who has ALLOWED you is perfectly acceptable and legal. Because of the potential unethical uses, many popular attackers (Anonymous) have either been or currently are in Federal prison. Do not be unethical.
*Windows or Linux
*Angry IP Scanner, Router Scan by Stas’M
*A target router
Download and install Angry IP scanner.
After you download and install this tool you will get a GUI interface. You need to set this tool up for scanning. There are several options to be set up. First, you will give an IP range to this scan. The range will be depending on your public IP. Say XXX.XXX.XXX. to XXX.XXX.XXX.255. The host name will be dependent on your target.
Be sure to add ports which you want to scan. The option to set ports are in the settings (gear icon) under the ‘ports” tab.
When you find an open port, copy that particular IP and open it in a new browser tab
With a little bit of searching, you can find the default usernames and passwords for various routers. Usually it’s a combination between admin/root. Once gaining access, just as with your own equipment, you will be able to change the router’s default password(s) and any other configurations allowed by the manufacturer and ISP.
After downloading and running Router Scan, you’re going to want to leave the settings at default however you will need to provide an IP address or range. For this tutorial I will be using the following.
Hit the ‘Scan’ button and watch as the almost endless list of vulnerable and poorly set up routers flood the sceen.
Simply select a router of your choosing. You can right click and copy any of the IP addresses to check them out. If you want to gain admin access, the program will have had to successfully logged in. It will tell you this by filling the Authorization tab with blocks that say either ‘root:*username*’ or ‘admin:*username*’. The password will be provided in the Key tab.
To finally gain access, I’d recommend not going directly to the IP and attempting to input the login information as it might not work and can take longer. You will need to right click on the IP block (Key block to be safe) and select ‘Open in browser’. You now should have complete administrative access to the equipment. You may not be a top of the line hacker yet, but you damn sure have the power to ruin someone’s day. Hallelujah…