How to hack router

The following is for educational purposes only. I the author will not be held responsible for any misuse of this information.


I am posting this as a guide for those who have to enumerate routers in "hacker wargames" and not for malicious purposes.


Before you start I believe you know the following:

1. IP (internet protocol )address

2. ISP (INternet Service Provider)

3. TCP/IP packet

4. IP Spoofing

5. Telnet

6. HyperTerminal

7. Pinging

8. TraceRoute (tracert command)

9. Proxy Server


Now if you don't know this, here is an excerpt from a manual written by Cyvamp. Please google it to find out more. The following is just brushing through the basics, But you need to know more....

-------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------

Written by Cyvamp
(with a few notes added by Raven)
July 2000

http://blacksun.box.sk
---------------------------------------------------
What is an IP address?

IP stands for Internet Protocol, IP addresses are used by other computers to identify computers that connect to
them. This is how you can be banned from IRC, and how they can find your ISP. IP addresses are easily obtained, they
can be retrieved through the following methods:

-you go to a website, your IP is logged

-on IRC, anyone can get your IP

-on ICQ, people can get your IP, even if you have the option set "do not show ip"
they can still get it

-if you are connected to someone, they can type "systat", and see who is connected to them

-if someone sends you an email with IP-logging java, they can also get your IP address

There are many more ways of obtaining IP addresses, including using back-door programs such as Sub7 or NetBus.

------------------------------------

What is an ISP?

ISP stands for Internet Service Provider, they are the ones that give you the internet. You connect to one everytime
you dial-up and make a connection. People can find your ISP simply by running a traceroute on you (traceroute is
later explained). It will look something like this:

tracert 222.222.22.22

Tracing route to [221.223.24.54]
over a maximum of 30 hops.
1 147ms 122ms 132ms your.isp [222.222.22.21]
2 122ms 143ms 123ms isp.firewall [222.222.22.20]
3 156ms 142MS 122ms aol.com [207.22.44.33]
4 * * * Request timed out
5 101ms 102ms 133ms cisco.router [194.33.44.33]
6 233ms 143ms 102ms something.ip [111.11.11.11]
7 222ms 123ms 213ms netcom.com [122.11.21.21]
8 152ms 211ms 212ms blahblah.tts.net [121.21.21.33]
9 122ms 223ms 243ms altavista.34.com [121.22.32.43] <<< target's isp 10 101ms 122ms 132ms 221.223.24.54.altavista.34.com [221.223.24.54] Trace complete. -----------------------------------

What is a TCP/IP packet?

TCP/IP stands for Transmission Control Protocol and Internet Protocol, a TCP/IP packet is a block of data which is compressed, then a header is put on it and it is sent to another computer. This is how ALL internet transfers occur, by sending packets. The header in a packet contains the IP address of the one who originally sent the packet. You can re-write a packet and make it seem like it came from anyone!! You can use this to gain access to lots of systems and you will not get caught. You will need to be running Linux or have a program which will let you do this. This tutorial does not tell you to use this, but it does come in handy when hacking any system. If something goes wrong when you try to hack a system, you can always try this... ------------------------------------
How to spoof your IP:

Find a program like Genius 2 or DC IS, which will let you run IdentD. This will let you change part of your computer's identity at will! Use this when you get banned from some IRC chat room.... you can get right back in! You can also use it when you are accessing another system, so it logs the wrong id...
------------------------------------
How to use telnet:

You can open telnet simply by going to your Start Menu, then to Run, and typing in "telnet". Once you have opened telnet, you may want to change some features. Click on Terminal>Preferences. Here you can
change the buffer size, font, and other things. You can also turn on/off "local echo", if you turn local echo on,
your computer will show you everything you type, and the other computer you are connected to will show you aswell.
So you may get something like this;

You type "hello", and you get
hhelelollo

This is because the information has bounced back and got scrambled with what you typed. The only reason I would use
this is if the machine does NOT return what you are typing.

By default, telnet will connect to a system on the telnet port, which is port 23. Now you will not always want to
connect to port 23, so when you go to connect, you can change the port to maybe 25, which is the port for mail
servers. Or maybe port 21, for FTP. There are thousands of ports, so make sure you pick the right one!

----------------------------------

How to use HyperTerminal:

HyperTerminal allows you to open a "server" on any port of your computer to listen for incoming information from
specified computers. To use this, go to
Start>Programs>Accessories>Communications>HyperTerminal. First you will need to select the connection, pick "TCP/IP
Winsock", and then put in the computer to communicate with, and the port #. You can tell it to listen for input by
going to Call>Wait for Call. Now the other computer can connect to you on that port, and you can chat and transfer
files.

----------------------------------

How to use Ping:

Ping is easy, just open the MS-DOS prompt, and type "ping ip.address", by default it will ping 3 times, but you can
type

"ping ip.address -t"

Which will make it ping forever. To change the ping size do this:

"ping -l (size) ip.address"

What ping does is send a packet of data to a computer, then sees how long it takes to be returned, which determines
the computer's connection speed, and the time that it takes for a packet to go back and forth (this is called the
"trip time"). Ping can also be used to slow down or even crash a system if the system is overloaded by ping floods.
Windows 98 crashes after one minute of pingflooding (it's connections buffer is overflown - too many connections are
registered, and so Windows decides to take a little vacation).
A ping flood attack takes a lot of bandwidth from you, and you must have more bandwidth than your target (unless
the target is a Windows 98 box and you have an average modem, that way you'll knock it down after approximately a
single minute of ping flooding). Ping flooding isn't effective against stronger targets, unless you have quite a few
evil lines to yourself, and you have control over a few bandwidth-saavy hosts that can ping flood your target as
well.
Note: DOS's -t option doesn't do a ping flood, it just pings the target continously, with intervals from one ping to
another. In every Unix or Linux distribution, you can use ping -f to do a real pingflood. Actually ping -f is
required if you want your distribution to be POSIX-compliant (POSIX - Portable Operating System Interface based on
uniX), otherwise it's not a real Unix/Linux distribution, so if you have an OS that calls itself either Unix or
Linux, it has the -f switch.

----------------------------------

How to use TraceRoute:

To trace your connection (and see all the computer's between you and a target), just open the MS-DOS prompt, and
type "tracert ip.address" and you will see a list of computers, which are between you and the target computer.

You can use this to determine if there are firewalls blocking anything. And will also allow you to determine
someone's ISP (internet service provider).

To determine the ISP, simple look at the IP address before the last one, this should be one of the ISP's routers.

Basically, this is how traceroute works - a TCP/IP packet has a value in it's header (it's in the IP header. If you
don't know what this means, then ignore it and continue reading, it's not that crucial) called TTL, which stands
for Time To Live. Whenever a packet hops (travels through a router) it's TTL value is decreased by one. This is just
a countermeasure against the possibility that something would go wrong and a packet would ricochet all around the
net, thus wasting bandwidth.
So when a packet's TTL reaches zero, it dies and an ICMP error is sent back to the sender.
Now, traceroute first sends a packet with a TTL value of 1. The packet quickly returns, and by looking at the
sender's address in the ICMP error's header, the traceroute knows where the packet has been in it's first hop. Then
it sends a packet with a TTL value of 2, and it returns after the second hop, revealing it's identity. This goes on
until the packet reaches it's destination.

Now isn't that fun? :-)

----------------------------------

How to use a proxy server:

Do a search on the web for a proxy server which runs on the port of your choice. Once you find one, connect to it
with either telnet or hyperterminal and then connect to another computer through the proxy server. This way the
computer at the other end will not know your IP address.
======================================================================================================
-------------------------------------------------------------------------------------------------------------------------------------------------

Keeping in mind all that you know lets start .......... BEGIN !!!!


STEPS
1. Fist step is to set up your proxy server.


2. Next step is to find a router to hack. This is very simple and will be given in the rules of the wargame or can be done via traceroute.

3. Then connect to the router on port 23.

4. If it asks you for a password only .... Then you are at the router. But if it asks you both password and username, Then you are at the firewall. Try to find a router without a firewall as bypassing/hacking firewalls is not a basis of this manual.

5. Then at the password field type in a HUGE password. Something as such will do:

112281988923744ghgcdbdhgcdbgwbwdfqwertyuioplokmjhgfdsazsxcvbnm,kiuytr3456789iu7yhgbvghf

6. The router will reboot, in which case you can't hack it because it is offline. But it'll probablu freeze up for which you have around 2 minutes. So do quick.

Alternative
the following command will do the same:
ping -l 56550 router.ip -t

7. While it is frozen, open up another connection to it from some other proxy, and put the password as "admin", the reason for this is because by default, this is the router's password, and while it is temporarily disabled, it will revert to it's default state.


8. Now that you have gained acess to the router, You must aquire the password file. It is the file that contains the password (non- default) of the router in encrypted form. Different routers run different softwares , but most of them will have "htl-textil" prompt or something like that. Or you can even enter "?" (without the quotes) for a list of commands. Somewhere in there you will find a transfer command. Use that to get the password file of admin (which is
the current user) and send it to your own IP address on port 23. But before you do that you have to set up "hyper terminal" to wait for a call from the router. When you send the file, Hyper terminal will ask you if you want to recieve the file. Click on YES.

9. Now you will have downloaded the password file. All you have to do is crack the password file so that you can have unlimited access to the router. To do this you can run a software like John the Ripper or any thing else and crack the password.

10. And thats it. Now you will have unlimited access to the router. Use a proxy just for safety. Now you can connect to the router using the password and telnet. Now you have a to delete the history before you start using the router, So that no one will see what you are doing online on the router. To do this type in "terminal history size 0". Now what you do will be hidden. Enter"?" to see a list of commands you can use.