我最近因为“hack”进入我的路由器而遭到挑战,因为我的意思是已经连接到互联网,但攻击了本地IP。所以基本上绕过了登录界面。路由器是一个Livebox。我已经尝试查看源代码,但密码似乎是隐藏的。
Here's a picture of the login screen.
如果你能提供帮助而不是非常感谢你。
哦顺便说一句,这是源代码:
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<script language="JavaScript">
var remote_clt=0;
var sipp_proxy_flag=1;
var pcp_gui_enable=1;
var nat_from_upnp=1;
var my_auto_detect_fxo=0;
var my_isolate_wlan=1;
var X02_pf=1;
var adsl_para_page=0;
var my_ddns=1;
var my_wlan_mac=0;
var my_snmp=0;
var my_dialup=0;
var my_printer=0;
var my_bridge=0;
var my_8021x=0;
var my_tiny=0;
var my_vpn=0;
var my_upnp=1;
var my_usb=1;
var my_usb_storage=1;
var my_usb_printer=1;
var operation_func=10;
var my_wps=1;
var my_wcn=1;
var my_ralink_ver=0;
var feature_func=1;
var product_code=1024020;
var my_file_share=1;
var my_umts=0;
var vlan_func_enable=1;
var vlan_ip="";
var vlan_mask="";
var my_qos=2;
var my_isdn=0;
var my_voip=1;
var FXS_Num=8;
var my_voip_h323=0;
var my_voip_sip=1;
var ipsec_func=0;
var pptp_func=0;
var br_dhcpd_func=0;
var iptv_func=0;
var static_rt_func=0;
var my_upnpIgd=1;
var my_upnpAv=1;
var PM="DSL Router";
var BACKUP_LOG_NAME="dsl_log.log";
var BACKUP_CONFIG_NAME="config_dsl.bin";
var resetButton=0;
var hasUpgrade=0;
var ftpcRun=0;
var dhcpd_fixip_func=1;
var vendor_code=6;
var my_http_redir=0;
var arcor_umtsPin=0;
var my_ncidd=0;
var ipv6_service=1;
var ipv6_enable=1;
var hyper_link="<a href='http://www.arcadyan.com' target='_blank'>";
var urlname="www.arcadyan.com";
var product_name="Arcadyan ARV7519";
var vendor_name="DSL-EasyBox";
var company="Arcadyan Inc.";
var mouseover="'#FF6600'";
var mouseout="'#FFFFFF'";
var wizardbg="'#FFFFFF'";
var menu_link="<td height='0' align='left' bgColor='#FFFFFF' valign='middle'>";
var vendor_no=2;
var helplink="<p></p>";
var logo_fn="logo.gif";
var help_hyper_link="<a href='http://www.arcadyan.com/802' target='_blank'>";
var help_urlname="www.arcadyan.com/802";
var fw_hyper_link="<a href='http://www.arcadyan.com' target='_blank'>";
var fw_urlname="www.arcadyan.com";
var product_pic_fn="product_zz.gif";
var firmware_ver='00.96.806B';
if (parent.location.href != window.location.href)
parent.location.href = window.location.href;
function evaltF() {
document.tF.submit();
}
function kDown(e)
{
var key = 0 ;
if(window.event) key = window.event.keyCode;
else if(e) key = e.which ;
if(key==13) document.tF.submit();
//if (navigator.appName =='Netscape'&&(e.which ==3||e.which ==2|| e.which ==13))
// document.tF.submit();
//else if (navigator.appName == 'Microsoft Internet Explorer' &&(event.keyCode == 13))
// document.tF.submit();
}
document.onkeypress=kDown;
if (document.layers) window.captureEvents(Event.KEYDOWN);
//window.onkeypress=kDown;
function init()
{
var f=document.tF;
f.pws.focus();
if(remote_clt==1)
f.user.readOnly=false;
}
</script>
<link rel="stylesheet" type="text/css" href="fonts.css">
<link rel="stylesheet" type="text/css" href="page.css">
<link rel="stylesheet" type="text/css" href="menu.css">
<link rel="stylesheet" type="text/css" href="header.css">
<link rel="stylesheet" type="text/css" href="contener.css">
<link rel="stylesheet" type="text/css" href="subcontener.css">
<link rel="stylesheet" type="text/css" href="array.css">
<link rel="stylesheet" type="text/css" href="hardware.css">
<link rel="stylesheet" type="text/css" href="button.css">
<link rel="stylesheet" type="text/css" href="lbpopup.css">
<link rel="stylesheet" type="text/css" href="progressbar.css">
<link rel="stylesheet" type="text/css" href="styles.css">
<style type="text/css">
.style1 {
text-align: right;
}
</style>
</head>
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table border="0" cellpadding="0" cellspacing="0" width="97%" height="83">
<tr height="55">
<form ACTION="/cgi-bin/changef.exe" method="post" name="tFF">
<input type="hidden" name="language_flag" value="0">
<input type="hidden" name="menupage" value="/login.stm">
<td class="header" width="313"><div id="header"><h4>livebox</h4></div></td>
<td class="style1">
<img src="/images/language_en_gray.gif" width="70" height="29" border="0">
<input type="image" src="/images/language_es.gif" width="70" height="29" border="0">
</td>
</form>
</tr>
<tr>
<td class= bgstripe height="28" colspan="2"> </td>
</tr>
</table>
<form action="/cgi-bin/login.exe" method="post" name="tF">
<div id="menu" style="margin-left: 40%; margin-top: 60px;">
<table>
<tr>
<td class="topleft"></td>
<td class="top"></td>
<td class="topright"></td>
</tr>
<tr>
<td class="left"></td>
<td>
<div class="info_accueil">
<table class="info_accueil">
<tr>
<td class="info_pref"><img src="images/preferencesbutton.gif">Authentication</td>
</tr>
<tr>
<td class="info_label">Login:</td>
</tr>
<tr>
<td class="info_field"><input type="text" name="user" value="admin" class="login" readonly></td>
</tr>
<tr>
<td class="info_label">Password:</td>
</tr>
<tr>
<td class="info_field"><input type="password" maxlength="12" size="32" name="pws" class="password"></td>
</tr>
<tr>
<td class="info_statusnok"> </td>
</tr>
</table>
</div>
</td>
<td class="right"></td>
</tr>
<tr>
<td class="sepleftbig"></td>
<td class="sepactbig">
Click here to validate <a href="javascript:void(0)" onclick="evaltF(); return false;" class="button60l"><img src="images/nextbutton.gif" border="0"></a></td>
<td class="right"></td>
</tr>
<tr>
<td class="bottomleft"></td>
<td class="bottom"></td>
<td class="bottomright"></td>
</tr>
<tr><td colspan=3></td></tr>
<tr><td colspan=3></td></tr>
</table>
</div>
</form>
<br><br><br>
<p>
<style type="text/css">
p { text-align:center;
font-size:20;
color: #FF6600;
}
a {
color: #FF6600;
font-weight: bold;
text-decoration: underline;
}
A:link {text-decoration: underline color: #FF6600;}
A:visited {text-decoration: underline color: #FF6600;}
A:active {text-decoration: underline color: #FF6600;}
A:hover {text-decoration: underline; color: #FF6600;}
</style>
<a href="http://www.orange.es/livebox/apps">
Here please download the Livebox Apps for your Smartphone
</a>
</p>
<p>
<a href="http://www.orange.es/livebox/apps">
<img src="/images/QR_code.png">
</a>
</p>
<script language="JavaScript">
init();
</script>
</body>
</html>
答案 0 :(得分:0)
我认为这link会帮助您了解蛮力如何运作,我希望它能以正确的方式指导您
答案 1 :(得分:-1)
据我所知(我可能错了),当您登录路由器时,就像远程登录计算机一样。
这意味着您可以自动跨越XSS,MySQL注入以及任何其他形式的网络黑客攻击。可能有一个脚本,您可以直接插入路由器的USB端口,以有效地破解它或只是强行进入。
我不是一个黑客,所以你在这里读到的任何东西都只是有根据的猜测。
希望我帮助过。