Identify the parameters: It's important to identify where the dynamic parameters (i.e., username and password) are stored in the request as some login forms handle authentication differently.Capture a login request: A single login attempt is captured in Burp to analyze the request.I'll show a kind of general procedure to follow when performing such attacks. Not all router gateways handle authentication the same.
#Medialink router login how to#
To demonstrate, I'm going to show how to use Patator against two popular consumer routers found on Amazon. My favorite feature of Patator is the raw_request module that allows penetration testers to brute-force HTTP logins much like Burp's Intruder module. The developers have tried to make it more reliable and flexible than its predecessors. Patator, like Hydra and Medusa, is a command-line brute-forcing tool.
Don't Miss: Map Networks & Connect to Discovered Devices Using Your Phone.Assuming the gateway isn't using default credentials, the attacker will try to exploit a vulnerability in the router or perform a brute-force attack.
Brute-Forcing Router Logins with PatatorĪfter hacking a Wi-Fi router with tools like Aircrack, Wifiphisher, and Wifite2, there are several avenues an attacker may explore to further compromise the network. With unfettered access to these privileged configurations, an attacker on a compromised Wi-Fi network can perform a wide variety of advanced attacks. Afghanistan, Albania, Algeria, American Samoa, Andorra, Angola, Anguilla, Argentina, Armenia, Azerbaijan Republic, Bahrain, Belarus, Benin, Bhutan, Bosnia and Herzegovina, Botswana, British Virgin Islands, Burkina Faso, Burundi, Cameroon, Cape Verde Islands, Central African Republic, Chad, China, Comoros, Congo, Democratic Republic of the, Congo, Republic of the, Cook Islands, Costa Rica, Côte d'Ivoire (Ivory Coast), Djibouti, Dominican Republic, El Salvador, Equatorial Guinea, Eritrea, Ethiopia, Falkland Islands (Islas Malvinas), Fiji, French Polynesia, Gabon Republic, Gambia, Georgia, Ghana, Greenland, Guam, Guatemala, Guinea, Guinea-Bissau, Guyana, Haiti, Honduras, Hong Kong, India, Iraq, Jamaica, Kazakhstan, Kenya, Kiribati, Kuwait, Kyrgyzstan, Laos, Lebanon, Lesotho, Liberia, Libya, Macedonia, Madagascar, Malawi, Malaysia, Mali, Marshall Islands, Mauritania, Mauritius, Mayotte, Micronesia, Moldova, Mongolia, Montenegro, Morocco, Mozambique, Namibia, Nauru, Nepal, Netherlands Antilles, New Caledonia, Niger, Nigeria, Niue, Palau, Panama, Papua New Guinea, Puerto Rico, Qatar, Russian Federation, Rwanda, Saint Helena, Saint Pierre and Miquelon, Saint Vincent and the Grenadines, San Marino, Saudi Arabia, Senegal, Serbia, Seychelles, Sierra Leone, Solomon Islands, Somalia, Suriname, Svalbard and Jan Mayen, Swaziland, Tajikistan, Tanzania, Togo, Tonga, Trinidad and Tobago, Tunisia, Turkey, Turkmenistan, Tuvalu, Uganda, Ukraine, United Arab Emirates, Uzbekistan, Vanuatu, Vatican City State, Venezuela, Virgin Islands (U.S.Router gateways are responsible for protecting every aspect of a network's configuration.