Follow these instructions to get started:
- Let us first connect to our access point Wireless Lab. We see that the access point model is D-Link DIR-615 as shown in the following screenshot:
- From the manufacturer's website, we find the default account credentials for Admin is blank that is, no password. We try this on the login page and we succeed in logging in. This shows how easy it is to break into accounts with default credentials. We would highly encourage you to obtain the router's user manual online. This will allow you to understand what you are dealing with during the penetration test and give you an insight into other configuration flaws you could check for.
We verified that at times default credentials are never changed on the access point, and this could lead to a full system compromise. Also, even if the default credentials are changed, it should not be something which is easy to guess or run a simple dictionary-based attack on.
In the previous exercise, change the password to something hard to guess or find in a dictionary and see if you can crack it using a Bruteforce approach. Limit the length and characters in the password, so that you can succeed at some point. One of the most common tools used to crack HTTP authentication is called Hydra available on BackTrack.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.