EvilZone
Hacking and Security => Hacking and Security => : LinuxSTAIN February 05, 2014, 07:50:42 PM
-
Hello EZ!!
Currently ATT uses the Motorola NVG510 modem/router for their dsl in residential setups. I have retrieved one of these for test purposes.. Now I know about earlz exploit on rooting the box but this requires physical access. On the side of the box itself is a "Device Access Code", like so:
(http://forums.att.com/legacyfs/online/1370_pastedImage_1.png)
Heres The source for the login page... I am assuming that this is a type of HTTP Digest Authentication.. Notice the "nonce"? and it changes on every 401 response..
Attached is the Source HTML because I could not get it to work right on here with {code}
Now, having dealt with a lot of these I can tell you that the codes are all 10 digit integers, by default.
I want to figure out how to run a bruteforce attack against this http-form-input using a pw list of all the possible combinations of 0-9. I am just not sure how to use this input format into hydra seeing that there is no input for a username. I have tried everything that i know how.. Thanks for the help!
Here is the python script that will tell you all the combinations of a 10 digit integer to use for these kind pw list generating.
import itertools
file = open('out.txt', 'w')
variations = itertools.product('0123456789', repeat=10)
for variations in variations:
variation_string = ""
for letter in variations:
variation_string += letter
file.write("\n")
file.write(variation_string)
file.close()
-
Please excuse the mishaps on this post.. I copy and pasted this from my post on hackhound and it didnt turn out the way i expected and now my batteries are dying on my wireless mouse so i am not able to edit this right now. I will be home shortly to edit/redo it.. Thanks again for all of your advise!
-
I stilL havnt figured this one out.. Any ideas??