Pwning Home Router - Linksys WRT54G

A couple of days ago, I was looking for a certain cable in one of my drawers where suddenly I stumbled upon a router that was laying around. Immediately I wondered…Could I hack it?

It worked well for me because I was just looking for a new project to pick up on, and I had no prior experience in tinkering with such devices and I thought it could be an interesting challenge.

I connected the router to my computer and right away jumped onto the research. I started off with a good ol’ port scan in order to get a good grasp of the router’s interfaces and my potential attack vectors.

Browsing to the router’s website presents a login prompt, to which I authenticate with the default credentials, and shortly afterwards I’m introduced to the following control and management page.

I thought it could be a good place to apply the oldest blackbox technique in the book - Shell Injection. Unfortunately, client-side validation was applied.

Leave a Comment