Hello friends here I show you a default password vulnerability.
I know that many of you are aware of this issue but still for the sake of spreading awareness I am writing
In India many of the Internet users are using BSNL broadband. Though reliable it has a
DEFAULT PASSWORD vulnerability which can be easily exploited. In fact all the routers suffers from
the same vulnerability until their default password are changed. Here I show you how it can be exploited.
Tthis article is just to show you vulnerability and I don`t encourage you to make mischief out of it.
1) Download Angry Ip Scanner. Click here to download
2) Go to www.whatismyip.com and get your IP address from that site. Usually it starts from 59.X.X.X for
BSNL. I dont know for other networks. Note your IP address in notepad or (gedit on linux)
3) Open Angry IP scanner.
4) Go to Tools->Preferences->Ports , as shown below.
5) Under port selection text area, enter 80 as your port number.
(* Remember all web request are handled on port 80 by default.)
6) Under display tab click on to the Host with open port only and click OK. (Shown below)
7) Now I`ve told you to note down your ip address. Suppose it is like this 126.96.36.199.
So now you have to select a range of IP let us take 188.8.131.52 to 184.108.40.206
(255 is end of ip subnet).
8) Enter this range in the IP RANGE in textbox provided and HIT Start…
9) With in few minutes it give you a bunch of IP addresses.
You can easily right click on any address and copy to the browser`s url add bar.
10) A pop-up opens asking for user name and password.
11) YEAH, you guessed right , default BSNL username/password is admin/password.
12) Enter it and you`re done.
This will give you the Router Configuration page which is supposed to be on port 80
(Default port on the web HTTP)
If the router config page does n`t come then you can try with other ip address present
on IP SCANNER tool.
13) Once you are in you can change any configuration you like.
Although this Vulnerability is now a days known to most of us but still when I scan BSNL ip range
many of Router configuration pages opens up representing the Vulnerability of default password.
Not even in routers but BIOS passwords can also be unlocked by simply entering default passwords.
You can easily find default password by clicking this link and this link.