Follow these instructions to get started:
- Let's first connect to our access point Wireless Lab and attempt to navigate to the HTTP management interface. We see that the access point model is TP-Link WR841N, as shown in the following screenshot:
- From the manufacturer's website, we find the default account credentials for
adminare admin. We try this on the login page and we succeed in logging in. This shows how easy it is to break into accounts with default credentials. We highly encourage you to obtain the router's user manual online. This will allow you to understand what you are dealing with during the penetration test and gives you an insight into other configuration flaws you could check for:
We verified that the default credentials were never changed on this access point, and this could lead to a full network compromise. Also, even if the default credentials are changed, the result should not be something that is easy to guess or run a simple dictionary-based attack on.
In the previous exercise, change the password to something that is hard to guess or find in a dictionary and see whether you can crack it using a brute-force approach. Limit the length and characters in the password so that you can succeed at some point. One of the most common tools used to crack HTTP authentication is called Hydra and is available on Kali.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.