Linksys WRT54G Hacked...

Discussion in 'Networking & Security' started by Cybiker, Dec 16, 2005.

  1. Cybiker

    Cybiker n00b

    Messages:
    61
    Joined:
    Nov 1, 2004
    I set up a Linksys WRT54G for my neighbors, but I left the default password and username (Thought both were blank default, or atleast user=administrator)...Well i guess someone hacked into the router or whatnot and changed the wep...and possibly username/pass...is my only option to hard reset the router? What are the default user/pass for the wrt54g? Thanks
     
  2. Qwertyman

    Qwertyman 2[H]4U

    Messages:
    2,747
    Joined:
    Mar 4, 2004
    totally wrong forum, but its admin for password nothing for user name. If they changed the WEP you probably need to hard reset the router. I'm getting pissed that all my damn neighbors have their routers with no passwords or anything, I think i'm gonna go in and change their SSID to PUTAPASSWORDON! or something.
     
  3. mmv

    mmv Limp Gawd

    Messages:
    169
    Joined:
    Oct 16, 2004
    hard reset FTW!!1

    iblockormove
     
  4. Cybiker

    Cybiker n00b

    Messages:
    61
    Joined:
    Nov 1, 2004
    I definately posted this in the networking forum....but thanks guys...still no good though...gotta head over there tommorrow and hard reset
     
  5. Lethal

    Lethal ViragoAdmin Emeritus Staff Member

    Messages:
    28,976
    Joined:
    May 27, 2000
    No, you posted this in [H]ot|DEALS and I moved it for ya after someone reported it. ;)
     
  6. morningreis

    morningreis [H]ard|Gawd

    Messages:
    1,575
    Joined:
    Aug 10, 2005
    If you can still login, just connect your laptop to the router with a CAT5 cable and change the stuff back. This will bypass WEP, but it's useless unless if you don't know the login details. You are better off just resetting the router.

    Next time just change the SSID AND login details. You can use WEP too, but I think WEP sucks ass, so I use a MAC adress filter. Much simpler, much more secure.
     
  7. versello

    versello 2[H]4U

    Messages:
    2,062
    Joined:
    Nov 19, 2003
    /me raises an eyebrow
     
  8. BBowermaster

    BBowermaster Gawd

    Messages:
    992
    Joined:
    Sep 14, 2004
    That simply prevents unauthorized access to your router, it doesn't encrypt content sent over the wireless. Have fun when a packet sniffer steals your credit card number/identity.
     
  9. XOR != OR

    XOR != OR [H]ardForum Junkie

    Messages:
    11,566
    Joined:
    Jun 17, 2003
    Further, MACs can be sniffed right along with the data in the packets.

    Takes all of a few seconds to fire up the proper tools and gain access.
     
  10. killa62

    killa62 Banned Abortion Poster Child '07

    Messages:
    2,697
    Joined:
    Mar 21, 2005
    TOTALLY BS
    THIS INFORMATION IS JUST PLAIN WRONG,
    mac address filters are easy to bypass, anyone with half a brain and a packet sniffer and google and a mac address changingtool can easly bypass mac addy filters
     
  11. Erasmus354

    Erasmus354 [H]ardForum Junkie

    Messages:
    9,461
    Joined:
    Mar 12, 2004
    There are definitely way too many people who do not do enough to secure their wireless networks. A friend of mine was at his aunts and was trying to get into her wireless network...instead of asking her how he called me. I asked him what model the router was and I was able to give him access to the network and the router from 200 miles away :rolleyes: I will be the first person to admit I know jack shit about routers and networking, but I was still able to get into their network without even being there.

    I told my friend to change the router password and add WEP....his aunt, while I was on the phone with him, told him that she didn't want any password on it at all. She just didn't care how insecure her network was. I tried to explain to her...but she would have nothing of it :eek: That is someone who deserves to get their machine and network hijacked.


    On the plus side, there are so many completely unsecured networks that those of use who have moderately secure networks are that much more safe. Why would somebody bother spending 30 minutes breaking into my network when they could break into any of my 5 neighbors completely insecure networks :)


    If it helps the default IP for the linksys router is 192.168.1.1, user : linksys, password: admin
     
  12. NulloModo

    NulloModo [H]ardness Supreme

    Messages:
    4,602
    Joined:
    Dec 16, 2002
    It is really their choice if they want to leave it open or not isn't it?

    I admire people who are generous enough to leave wireless connections open. Hey, some people are willing to share, some aren't...
     
  13. beowulf7

    beowulf7 [H]ardForum Junkie

    Messages:
    10,484
    Joined:
    Jun 30, 2005
    This reminds me ... in a graduate level wireless security class I recently took, one of my classmates mentioned that one of his neighbors had an open, unsecured wireless router. So my classmate took the liberty of a.) upgrading that router's firmware and b.) changed the default password. :D Technically, what he did was illegal, but he made his neighbor's router a little more secure. ;)
     
  14. drizzt81

    drizzt81 [H]ardForum Junkie

    Messages:
    12,375
    Joined:
    Jan 21, 2004
    Not just techincally illegal, it is illegal. So you left your car unlocked overnight. I took the liberty to change your engine and interior. If you knew who I was you'd sure as heck sue me, wouldn't you?
     
  15. RushFan

    RushFan Gawd

    Messages:
    631
    Joined:
    Nov 3, 2005

    I don't know about you but I don't send credit card information over an insecure browser session. When my credit card info gets sent anywhere it's encrypted using the browser (https), so WEP just double encrypts it.

    True, MAC address filtering isn't totally secure but it will keep most people out. And if someone is smart enough to use MAC spoofing to get into your network, they're going to know how to crack your WEP key and get it anyway.
     
  16. Z(+)DIAC

    Z(+)DIAC 2[H]4U

    Messages:
    3,231
    Joined:
    Dec 12, 2004
    Can anyone point me in a direction where I will be able to know how to encrypt my network?
     
  17. Qwertyman

    Qwertyman 2[H]4U

    Messages:
    2,747
    Joined:
    Mar 4, 2004
    well if i was them i wouldn't want a person stealing my bandwith. I mean people connect to their network and they don't even know that they are connected to it, since everyone had the same SSID.

    It still goes back to having a new car, parking it in a bad neighbor with the window open and the keys in the ignition.
     
  18. drizzt81

    drizzt81 [H]ardForum Junkie

    Messages:
    12,375
    Joined:
    Jan 21, 2004
    Mac spoofing is significantly easier than WEP cracking. To be honest, I would know how to spoof a MAC easily. Cracking WEP would take some time for me to research. However, I get you point that you just need to be more secure than your neighbors.

    On the topic of CC information being stolen in transit: It is very unlikely. Considering that an attacker would have to be sniffing your connection for hours on end in order to get a decent chance of getting any useful information (especially if you post a lot on the [H] :D ) I do not know of a single case where information was stolen in transit.
    If you consider that hacking Newegg or someplace will get me a couple of 100,000 CC numbers, it is much less effort per credit card number than sniffing Joe Doe's WLAN connection.

    During the security class that I attended a couple of times this fall our professor mentioned that he doesn't even know of a single case where people stole someone's CC while it was in-transit (i.e. submitted through a web form or similar).

    The bottom line is that the value of sniffing most people's wireless traffic is close to zero and that there are other ways to get information which require less work per amount of information.
     
  19. drizzt81

    drizzt81 [H]ardForum Junkie

    Messages:
    12,375
    Joined:
    Jan 21, 2004
    Frankly, it is not their choice to make. Most ISPs have a clause in their contracts against theft of service.

    http://www.comcast.net/terms/subscriber.jsp
    http://www.cox.com/policy/#aup_1
    So, by not securing their networks and allowing anyone/ someone to access the internet (even free of charge) their are in violation of their ISP's TOS.
     
  20. petvirus

    petvirus n00b

    Messages:
    47
    Joined:
    Apr 8, 2005
    Whats really annoying is that the current router i use for some odd reason does not support WEP. I was kinda pissed when i connected it, but i got it for free, and beggers cant be choosers.

    by the way, the router in question has a nice BIOS hack that extends its range. google it
     
  21. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Hello fellow Nutmegger. (Mystic/Stonington here)
    Default user/pass for Linksys's home market product is...
    username:leave blank
    password:admin

    Make sure you change it.....so many people never change the default admin password for their routers, and kids have fun driving around screwing with other people's WLANs when they find it open like this.
     
  22. beowulf7

    beowulf7 [H]ardForum Junkie

    Messages:
    10,484
    Joined:
    Jun 30, 2005
    Don't get me wrong, I agree it's illegal.
     
  23. goodcooper

    goodcooper [H]ardForum Junkie

    Messages:
    9,803
    Joined:
    Nov 4, 2005
    WPA-PSK, a radius server, or VPN

    most modern cards/routers can at least be flashed to support WPA-PSK

    WEP/mac addy filter/disabled dhcp for the casual surfer...

    disabled dhcp and change the default gateway address, that'll throw 'em for a loop :D

    WEP aren't necissarily easy to crack, i've done it and had a hard time (maybe there are easier tools out there nowadays) but i had to use whoppix live CD and get it working with my IBM laptop netgear G card, and that was the easiest way i could think of to get it...

    not necissarily easy, but if you've got the tools... very fast...

    most malicious wireless hacking isn't to steal CC #s and SS #s, but to pollute signals, in which case, 1 your house isn't a very big target, and 2 it seems some people are too paranoid for thier own good
     
  24. Outback2k1

    Outback2k1 Limp Gawd

    Messages:
    355
    Joined:
    Dec 24, 2002
    If it's been compromised, I wouldn't stop at anything LESS than a hard reset.
     
  25. movax

    movax 2[H]4U

    Messages:
    3,676
    Joined:
    Aug 12, 2005
    True...the WRT54G firmware was GPL'd, who knows if there are variants with backdoors in existence? They could have flashed it with that...but a hard reset wouldn't affect firmware.