1
00:00:00,660 --> 00:00:01,350
Welcome back.

2
00:00:01,830 --> 00:00:05,650
Time to check out the default credentials vulnerability on your router.

3
00:00:06,090 --> 00:00:12,180
Now, this tutorial is something that you cannot follow because this is going to be different for every

4
00:00:12,180 --> 00:00:13,810
type of router that someone has.

5
00:00:14,400 --> 00:00:20,070
I could just show you the process of how I went in, discovered the default credentials, and you can

6
00:00:20,070 --> 00:00:24,480
try to do the same thing in order to see whether you can gain access to your router.

7
00:00:25,510 --> 00:00:32,140
So the first thing that I did is I typed Netz that Desch and R to check out the IP address of my gateway,

8
00:00:32,560 --> 00:00:35,000
which is most likely going to be the IP address of your router.

9
00:00:35,500 --> 00:00:39,910
Then I went to Google Chrome and visited that IP address.

10
00:00:40,420 --> 00:00:45,430
If you do the same for your router, it will most likely lead you to some type of a login page where

11
00:00:45,430 --> 00:00:48,280
it will ask you for the username and password.

12
00:00:48,880 --> 00:00:54,730
Once you type the username and password, you will have access to the router settings and you will be

13
00:00:54,730 --> 00:01:00,520
able to change a few things here and there from setting up a wireless port forwarding and similar settings

14
00:01:00,520 --> 00:01:00,950
like that.

15
00:01:01,690 --> 00:01:06,490
Now, if you haven't changed the default password for your router, you will most likely be able to

16
00:01:06,490 --> 00:01:09,160
find it on the Internet, which I did.

17
00:01:09,160 --> 00:01:11,710
I just search the name of the router that I have right here.

18
00:01:11,870 --> 00:01:16,750
And they found the username to be telecom and password to be telecom.

19
00:01:17,890 --> 00:01:20,140
Nobody changed this username and password.

20
00:01:20,140 --> 00:01:22,270
Therefore they are exactly the same.

21
00:01:22,270 --> 00:01:23,590
And we even get this warning.

22
00:01:23,590 --> 00:01:27,430
This says A data breach on a site or app exposed your passwords.

23
00:01:28,120 --> 00:01:31,460
Chrom recommends changing your password for this IP address.

24
00:01:31,540 --> 00:01:34,330
Now we're going to click on OK.

25
00:01:34,330 --> 00:01:38,260
And pretty much we already gained access to the router settings.

26
00:01:38,620 --> 00:01:41,530
We can set up the firewall VLAN settings.

27
00:01:41,560 --> 00:01:44,260
We can check out different settings that we have right here.

28
00:01:44,650 --> 00:01:46,720
We have some security settings right here.

29
00:01:46,960 --> 00:01:50,050
We also get the port forwarding, which we can perform.

30
00:01:50,620 --> 00:01:53,650
And this is something that they tested on multiple home routers.

31
00:01:53,650 --> 00:01:59,710
And many of them appear to have default credentials where it allows you to log in to the router and

32
00:01:59,710 --> 00:02:01,300
change these type of settings.

33
00:02:01,930 --> 00:02:05,440
But these are not the only default credentials that you can find.

34
00:02:06,250 --> 00:02:13,630
For example, if I go right here and I run and maps, can we just comment on my router IP address?

35
00:02:14,470 --> 00:02:17,350
I've also discovered that it has some ports open.

36
00:02:17,560 --> 00:02:20,800
For example, it has this telnet port open.

37
00:02:22,060 --> 00:02:27,250
We already know how we can connect to the Internet, we can type the command telnet and then the IP

38
00:02:27,250 --> 00:02:29,430
address of the target, it want to connect it.

39
00:02:29,860 --> 00:02:33,970
If I press enter, we will get another login screen.

40
00:02:34,720 --> 00:02:41,080
So if we type something like telecom once again, it will tell me that the password is incorrect.

41
00:02:41,680 --> 00:02:42,000
Hmm.

42
00:02:43,010 --> 00:02:52,370
So after three attempts, it simply just closes the connection to the Rothert and I figured, well,

43
00:02:52,370 --> 00:02:59,030
if the Volter default credentials were changed, then probably I can find it telnet credentials as well

44
00:02:59,180 --> 00:03:00,110
on the Internet.

45
00:03:00,620 --> 00:03:07,310
And after a few minutes of Googling, I ran across this website where I scrolled a little bit down and

46
00:03:07,310 --> 00:03:10,270
I found this post that was posted by someone.

47
00:03:10,790 --> 00:03:13,160
It says my router name, which is this one.

48
00:03:13,160 --> 00:03:14,750
And we can compare it right here.

49
00:03:14,930 --> 00:03:16,070
It is the same name.

50
00:03:16,850 --> 00:03:19,960
And we get the username and password.

51
00:03:20,420 --> 00:03:24,120
We also get how we can enable the shell inside of that router.

52
00:03:24,680 --> 00:03:26,090
So let's give it a try.

53
00:03:26,210 --> 00:03:29,240
The user name is admin and the password is this.

54
00:03:30,020 --> 00:03:32,330
Let's go and run telnet once again.

55
00:03:35,120 --> 00:03:40,610
Type user name to be admin and password to be zeti and piqué.

56
00:03:41,840 --> 00:03:43,010
And here it is.

57
00:03:43,010 --> 00:03:44,760
We're inside of a key ally.

58
00:03:45,500 --> 00:03:49,250
Now the next thing that this person does is it types enable.

59
00:03:49,760 --> 00:03:53,980
Then it enters the password of C.P.E. and then it enables Shell.

60
00:03:54,380 --> 00:04:00,790
Let's give it a try if I type enable type Qiqi and then Shell.

61
00:04:01,970 --> 00:04:02,190
Hmm.

62
00:04:02,430 --> 00:04:04,300
Another login attempt.

63
00:04:04,730 --> 00:04:09,430
But luckily this person also provided us with username and password for that.

64
00:04:10,160 --> 00:04:14,600
This is something that we will most likely never be able to brute force in case we didn't know, because

65
00:04:14,600 --> 00:04:17,530
this is a really strong username and strong password.

66
00:04:18,290 --> 00:04:24,610
However, it is default one and this is something that we can find on the Internet for your router.

67
00:04:24,620 --> 00:04:29,600
Of course, this will not be the same, but you can go through the same process of searching for the

68
00:04:29,600 --> 00:04:30,650
default credentials.

69
00:04:30,890 --> 00:04:36,880
Just figure out the name of your router, type it in Google and try to find some default credentials.

70
00:04:37,460 --> 00:04:42,290
For example, we notice that I have open Port S.H. Internet.

71
00:04:42,290 --> 00:04:48,710
You might be able to target S.H. and not telnet or you might be able to target some different port.

72
00:04:49,280 --> 00:04:51,170
It could all depend on your router.

73
00:04:51,860 --> 00:04:58,370
However, now I'm targeting Telnet and let's go and type in the username and password that this person

74
00:04:58,370 --> 00:04:58,970
sent us.

75
00:04:59,420 --> 00:05:09,080
So I have it written on my left screen and I will type F and and as the three C X, H and H one six

76
00:05:09,080 --> 00:05:11,540
eight and the three one.

77
00:05:13,270 --> 00:05:15,880
For some reason, it says bad username.

78
00:05:15,920 --> 00:05:25,180
Let's try once again, maybe we typed something incorrectly, so let's go admin password, let's enable

79
00:05:25,330 --> 00:05:29,170
the password and let's go into Shell here.

80
00:05:29,170 --> 00:05:38,170
We want to type fan and as the three x, H and H one six eight and V three one, which is the login

81
00:05:38,170 --> 00:05:44,950
and the password is C, X, H and H one six eight and V three one.

82
00:05:46,080 --> 00:05:52,620
And here we are, we are inside of the shell, if I type, unless we're going to be able to see the

83
00:05:52,620 --> 00:05:59,340
files on our router, I can type the command to be able to see all of the interfaces that our router

84
00:05:59,340 --> 00:06:00,570
has here.

85
00:06:00,570 --> 00:06:05,610
The first interface has the IP address of one or two of the 168 that wanted one and done here.

86
00:06:05,620 --> 00:06:10,050
We're also going to be able to find the public IP address, which is right here.

87
00:06:11,240 --> 00:06:17,780
OK, great, we have gained access to the router, we can also go and change directories for different

88
00:06:17,780 --> 00:06:19,130
directories if we want to.

89
00:06:20,300 --> 00:06:25,160
We can run different commands that you can usually run from your terminal, and that's how you can gain

90
00:06:25,160 --> 00:06:28,190
access to your outer with default credentials.

91
00:06:28,760 --> 00:06:30,740
Now give it a try on your own router.

92
00:06:30,740 --> 00:06:33,290
Try searching the name of the router first.

93
00:06:33,290 --> 00:06:38,780
Try logging into this page right here, which will grant you an access to some of the router settings.

94
00:06:39,380 --> 00:06:43,820
And even if you don't manage to do that, Trist Kanagaratnam with and map.

95
00:06:43,820 --> 00:06:50,330
Figure out whether it has some interesting ports open and then target those ports with default credentials

96
00:06:50,330 --> 00:06:54,140
that you might manage to find online, just like I did right here.

97
00:06:55,120 --> 00:06:59,780
OK, now that we've covered this, we're ready to continue with our exploitation section.

98
00:07:00,340 --> 00:07:01,270
See you in the next video.