By javascript hack TP-Link Router with the Poc and video-bug warning-the black bar safety net

2015-02-07T00:00:00
ID MYHACK58:62201558857
Type myhack58
Reporter 佚名
Modified 2015-02-07T00:00:00

Description

Recently read this post:“get_local_and_public_ip_addresses_in_javascript with javascript to get the local and public IP address”I began to think, this used to hack into WIFI router is a good idea Ah, I have just got a TP-LINK WR741N, then measured up the chant.

The collection of relevant information, I found an article“the Brazilian, U.S. Web Users Targeted by Router-Hacking Group the”Router-Hacking organization took aim at the Brazil, the United States, as well as another article very drag“4.5 million routers hacked in Brazil”Brazil is black out of the 4 5 0 million of the router is. Attack code for IE, then I thought,“Use javascript to get the local IP, it should not be so difficult?”, and then I'll start digging it.

I found amedium, then start it, huh?:) it. To find the IP, and then try with router dialogue.“ The same-origin policy”thieves suck, the whole was not directly to the router send XMLHttpRequests to. HTTP Basic authentication also the whole of the not by the dialog read version, read no header files, and so on.

But if the TP-Link?, you can use iframe or img tag. Encountered Chrome bad dish, so I can only test iceweasel. As I said, Can't send a GET/POST request, but you can use this login: <iframe src="http://admin:admin@192.168.1.1">.

On the bypass the same-origin policy the most interesting is simply not around, you can directly like I did with the iframe of the landing, including the img tags:

<http://www.tp-link.com/resources/simulator/TL-WR750N_V5.0/images/top1_1.jpg>

But there is a problem, if username/password does not match, the basic authentication dialog box will pop up, there is no way with javascript to turn off or hide it. It took several hours and I eventually bypassed by: setAttribute("id", Math. random());

[1] [2] [3] next