Disclaimer :
This story that I am about to share is completely fictitious and should be only interpreted for fun and educational purposes only
Story Time :
So It was 2019 when I had a gap year in college and I decided to invest myself in a course Python and Artificial Intelligence course.
So me and brother named XYZ were looking for good places to stay in Jaipur near the place where we are planning to study the AI and Python course…
Finally, we’ve got a great PG to stay and we were super happy about it as it had nearby quality gyms pubs etc
Lets get straight into the story
There was a common WIFI for everybody that stays along with us in the PG and thats where the problem started.
Since most of them staying along with us use the internet just like us the plan that they ( PG MANAGERS ) set up for us is very very cheap plan and has limited SPEED
I’ve tried to explain why their wifi speeds needs to be upgraded as we have lot of people in the using that WIFI and they dont seem to give a F about it ( yes Internet is like Oxygen for us Cyber Security Professionals )
Game Plan Time
Let’s think…..
What I did in Step 1 was check their complete WIFI Name where they didn't change to their name it was named after the default WIFI ROUTER model name
so It is named after it’s own model link .
What is Exploit-DB?
The Exploit Database is a non-profit project that is provided as a public service by OffSec. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.
So I’ve searched was there any vulnerabilities available for that specific router and its history.
Similar to this
Yes, I’ve seen and understood the vulnerability.
Now the GAME IS ON
Tools that I needed :
Google Chrome + Burp Suite
You all know what is Google Chrome for sure!
So What is Burp Suite? ( https://portswigger.net/burp )
Burp Suite is a software security application used for penetration testing of web applications. Both a free and a paid version of the software are available. The software is developed by the company PortSwigger
Two FOUNDATIONS for This ATTACK
What is a WIFI Password?
The one everybody uses to get access to the wifi service. I am sure you all guys know this
What is Router ID and Password :
This one will be managed by the MODEM Configurator or The PG OWNER where you can have all the details about the routers to whom to give access to wifi password changing, website blocking etc, etc
So when you have router ID and Password you own every access to the router’s abilities
POC ( PROOF OF CONCEPT ) :
- Go to http://192.168.1.1/
- It will prompt you a page like this
3. Here’s the most important step that I did is give any password randomly even though they might have the most secured password ( that takes millions years to crack using brute force ) Here’s the step you give a username ADMIN and password ( anything you want like abcdfgicanhackyou ) haha and start intercepting the traffic and you gotta remove certain security parameters thats responsible for checking authentication and then pass the response back to the website.
Here’s an image illustrated the same below ( BURP SUITE 101 ) :
4. Once you’ve intercepted and sent the response to the web server BOOM you got access to the entire PORTAL from controlling their WIFI password all the way to having their MAC address….
5. What to do next?
I’ve changed the password of the PG’s WIFI Router to “ YOU CANT FIND ME” haha from then on nobody could get connected to the WIFI , only me and my brother XYZ had access to the entire speed
STEPS HOW YOU CAN PREVENT IT:
- Update you WIFI MODEM’s firmware regularly
- Dont Keep your WIFI Router’s name in a default model name
- If you are a PG Owner , Hotel Owner please give the clients the best internet possible
Thats all for today’s blog post . See you soon on other blog?
If you want more blogs and stories like this . Consider Sharing and follow me on Twitter ( Vjk @vjkhere ) .
