Posted: 10/3/2012 7:17:53 AM EDT
|
I suppose it's understandable if I don't get help on this given the nature, but maybe someone could help shed some light on why I'm seeing what I'm seeing.
I forgot the admin username/password combination for one of my consumer Linksys/Cisco routers and I'd like to get into it. I could reset it to factory defaults, but I'd rather not loose all of the port forwarding and other settings I have in this router. The username (which it seems like I wasn't allowed to change) is probably one of about 7 or so possibilities and the password is probably one of a dozen or two. Problem is, if I try to log in via browser, by about the fourth combination or so I've forgotten which combinations I've already tried and I'm way to impatient to write all of it down and check them off one by one. These things use basic http authentication, so I wrote a little script that forms a URL with the user name, password and router address for every combination and makes a wget call for each combination with the output going to a file. All of the output from the wget calls show 401 unauthorized (even though I'm almost certain that one of these combinations must be the right one). The strange thing is, though, the Wireshark log that I took while running the program shows all of the http auth requests going out but I never see any 401 unauthorized packets coming back. I do, however, get a lot of TCP RST packets that I don't think I would normally see. Is there an obvious flaw that I'm missing in what I'm trying? Could some other kind of failure cause wget to show 401 even though I don't see 401 packets coming back from the router? |
| Do you see any packets coming back from the router? In wireshark I like to right click on a packet and hit "Follow TCP Stream" It will show client and server responses highlighted in red and blue. If you're only seeing one side of the connection your filter may be wrong. I'd hazard a guess that you're actually getting error 401 if thats what wget is reporting or theres a problem with the script. |
|
Quoted:
Do you see any packets coming back from the router? In wireshark I like to right click on a packet and hit "Follow TCP Stream" It will show client and server responses highlighted in red and blue. If you're only seeing one side of the connection your filter may be wrong. I'd hazard a guess that you're actually getting error 401 if thats what wget is reporting or theres a problem with the script. Thanks for the tip on "follow TCP stream", Foxxz. I haven't played with Wireshark much since Etheral days and even then I didn't explore the features too deeply. It does look like the router is indeed returning 401s, they just weren't showing up as clearly marked as they did when I do the login process through a web browser. They were showing up in TCP segments of reassembled PDU packets, where I glossed right over them. The "follow stream" thing showed it clear as a bell. I suppose this means that I just don't have the right usernames/passwords plugged in to the script to try. I probably thought I was being clever when I set the thing up and picked an odd password so it would be easy to remember. The changes I wanted to make weren't critical, so I guess I'll keep combing through my brain to see if I can find it before a hard reset becomes necessary. Thanks again. |
| What model router is it? Some of the newer cisco/linksys routers pulled this stupid shit where they automatically upgrade the firmware. In one of these automatic upgrades you now manage your router "from the cloud" by logging into cisco's website. Not even joking. And it takes away all but the most basic functionality that you can configure in the router itself. |
|
This one is a WRT120N, purchased around February. I don't recall updating the fw and if there was an option to allow it to happen automatically, I sure didn't choose it. Don't recall anything in the docs about that either.
I probably just forgot the login creds. I think I put this in shortly before leaving for a show and I'm wondering if I didn't choose some oddball password in case someone else had to get in to it while I was gone. |