Anonymous Plans To Take Down Facebook on November 5,2011

Anonymous has declared war on Facebook, ostensibly in the name of user privacy.  According to Anonymous, Facebook will go down on November 5, i.e. Guy Fawkes Day.

Operation Facebook has a user-editable post on PiratePad, with which some are urging Anonymous-affiliated hacktivists not to go through with the attack. Others are discussing potential vulnerabilities in Facebook's core, or attack opportunities through weaknesses in third-party FB applications.

Operation Facebook's Twitter account mentions "the Lulz Boat", but LulzSec isn't mentioned in the YouTube warning video (see below).

The riots are underway. It is not a battle over the future of privacy and publicity. It is a battle for choice and informed consent. It's unfolding because people are being raped, tickled, molested, and confused into doing things where they don't understand the consequences. Facebook keeps saying that it gives users choices, but that is completely false. It gives users the illusion of and hides the details away from them "for their own good" while they then make millions off of you. When a service is "free," it really means they're making money off of you and your information.

Source: youtube.com

While Facebook has a very casual attitude towards user privacy (and, arguably UX overall), Mark Zuckerberg may want to ask for a quick security review. Anonymous-affiliated hackers have quite a track record of breaking into government databases, while Facebook can barely get photos to display uniformly.

Our prediction: if Anonymous gets it into its collective head to take down Facebook, it can probably pull it off. This isn't to say that FB would be down permanently (or even for more than an hour), but other questions are raised: who, precisely, will be in control of your account data, and how will that data be used?

Read More

Packet Sniffer For Android Phones - Hacking Tools

Android packet sniffer is an app which allows to capture and display WIFI, and Bluetooth traffic

on the android phone.

This APP is for ROOTED PHONES ONLY.

You have to be root on your phone, and have the "su" command installed.

App Install process:

  

This app is based on the tcpdump package therefor it have to be installed manually.

1. Download and Install PacketSniffer App from the market or from the following direct link.

2. Copy the precompiled TCPDUMP file to the "/data"  library on your phone:    

            -    first make sure your "/data" library has READ and WRITE privileges. if not use:  "chmod 777 data" 

            -    in order to copy use the following command if you have ADB :"adb push c:\locationOfTheTcpdumpFile /data"

            -    in case you don't have ADB you can copy the tcpdump file to the SD card and do:  "cat /sdcard/tcpdump > /data/tcpdump 

3. Give the tcpdump file Read Write and Exec privileges :    "chmod 777 /data/tcpdump"

Thats it you are ready to go.

                                                        

The main layout of the app allows you to initiate a Wifi or a Bluetooth wireless traffic capture service.

It means that you can close the app and the capture will still continue, until you deactivate it.

Before you start to capture you can pick weather to save the captured data on a local SQL DB on the device

or on to a file on the SD card.

When you had enough data captured, you can use the Statistic Analysis or the Statistic Advanced layouts

to analyse the data you have captured by performing various searches on the packets.

  

Here are few examples of packets captured by the application:

Read More

Web Surgery v0.6 Web Testing Suite Released - Hacking Tools

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), Brute force for login forms, identification of firewall-filtered rules, DOS Attacks and WEB Proxy to analyze, intercept and manipulate the traffic between your browser and the target web application. 


Download Here:

Read More

How To Download Free Files From PayPal - PayPal Hacking

How to hack PayPal sites or how to download applications free from PayPal sites....U just need to know a bit of HTML anyone want to download any application from da sites which r containing PayPal order page & a link to start...

First off all u need to hide ur ip-address use a proxy server otherwise ur ip address will be recorded in some sites click here to hide ur ip-address.

1) Rightclick your mouse (ctrl+click) viewsource and open the source of the site in an a texteditor
2) Search for the word "return"
3) Next to it you can find the url for the thank you page
4) Copy the url and paste it in your browser and you will see the download link

This works only if you can download instantly after payment, it will not work if the link needs to be emailed to you.


You can try it here to start with:
http://www.ramphelp.com/halfpipe.html


About half way down the page you will find:< type="hidden" name="return" value="http://www.ramphelp.com/65984523/thanks/68912hp654/26865thankyouhp08363215423.html ">

Copy the link into your browser and download.

Read More

Free Download CEH Exams Ebook - Hacking Ebooks

EC-Council E-Business Certification Series

Copyright © by EC-Council

Developer - Thomas Mathew

Publisher - OSB Publisher

ISBN No - 0972936211

By explaining computer security and outlining methods to test computer systems for possible weaknesses, this guide provides the tools necessary for approaching computers with the skill and understanding of an outside hacker.

Introduction

This module attempts to bridge various aspects of ethical hacking by suggesting an approach for undertaking penetration testing. There are different ways of approaching a penetration test.

• External Approach
  • With some prior knowledge
  
  
  • Without prior knowledge
  
  


• Internal Approach
  • With some prior knowledge
  
  
  • With deep knowledge
  
  

Whatever the approach adopted, it is a fact that penetration testing is constrained by time and availability of resources, which varies from client to client. To effectively utilize both these telling factors, penetration testers adopt some form of structure or methodology. These can be checklists developed by consulting practices, widely available resources such as Open Source Security Testing Methodology or a customized attack strategy.

There are is no single set of methodology that can be adopted across client organizations. The skeletal frame of testing however is more or less similar. The terms of reference used for various phases may differ, but the essence is the same. As discussed in preceding modules, the test begins with:

• Footprinting / Information Gathering phase


• Discovery and Planning / Information Analysis phase


• Detecting a vulnerability / security loophole


• Attack / Penetration / Compromise


• Analysis of security posture / Cover up / Report


• Clean up

The general objective of a penetration test is to reveal where security fails. The result of a penetration test can be:

• successful attack - when the objective is met within the scope of the attack


• a partial success - when there has been a compromise, but not enough to achieve the objective


• a failure - when the systems have been found to be robust to the attack methodology adopted

Foot printing / Information Gathering phase:

• Client site intelligence


• Infrastructure fingerprinting


• Network discovery and Access point discovery

Discovery and Planning / Information Analysis phase

• Target Identification


• Resource and Effort Estimation


• Modeling the Attack strategy (s)


• Relationship Analysis

Detecting a vulnerability / security loophole

• Vulnerability Analysis


• Scanning


• Enumeration


• Zeroing the target

Attack / Penetration / Compromise

• Exploring viable exploits (new / created / present)


• Executing the attack / Alternate attack strategy


• Target penetration


• Escalating the attack

Analysis of security posture / Cover up / Report

• Consolidation of attack information


• Analysis and recommendations


• Presentation and deliverables

Clean up

• Clean up tasks and procedures


• Restoring security posture

Download Here:

Read More

Download Free The Hacker's Underground Handbook - Hacking Ebooks

The Hacker’s Underground Handbook

Learn What it Takes to Crack Even the Most Secure Systems

By: David Melnichuk

The Hacker’s Underground Handbook will guide you through password hacking, windows hacking, malware, phising, web hacking, network hacking and Linux (intro, installation, etc). All this material fully packed with images, thus being a top step-by-step guide, on the course of which you cannot fail.

A great starting book which will guide you in the right direction, helping you understand the basic concepts of computer security and matters that you should take in consideration.



Download Link:

Read More

How To Use MegaUpload As a Premium User - Hacking Tools

If you want to enjoy megaupload as premium usr, download this tool and install. The name of the tool is Megakey


Features.
1) It removes limitations on megaupload and megavideo.
2) It provides happy hour premium access to all mega sites.
3) It allows for ultra fast up & downloads thanks to multiplexing technology.
4) It identifies music files on your PC and make them available in your megabox.
5) It gives you a direct connection to mega servers.
6) No delays and availability. In the future you get free access to movies, music and games licensed by mega.

Read More

How To Hack A Website Using C99 Shell - Website Hacking

The c99 shell script is a very good way to hack a php enable web server. You have to find an unsecure uploader to upload this file to the server. Here i used unsecure uploader means the uploader which can't check for file extension and allow us to upload our executable scripts to the server.


This c99 shell allows an attacker to hijack the php enable web server. This script is very user friendly and having very good interface so it is easy to use. You can issue any php command to run on the web server. You can use any of the commands given in the script to run on the web server.


For hacking a website using C99 script follow these steps.

1) Find a php web site with an uploader.
2) Test the file uploader to be secure or not by uploading files with a server executable extension.
3) If uploader is unsecure then upload the shell script.
4) Execute the uploaded code by navigating to the uploaded page.
5) A c99 script GUI will show up with a lot of options and details.
6) Look for the server details if the safe mode is on or off. If safe mode is off then the entire web server can be controlled by the script. If its on then on the directory in which c99 shell script is uploaded can only be controlled by the script.
7) Apart from being able to chmod, modify and delete files c99 also lets its user brute force the ftp but it requires an additional dictionary file which can run into hundreds of MBs.

Read More

Back Track 5 Released & Download - Hacking Tools

Backtrack, the operating system for pnetration testers, 5R1 released. 

This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.
The company posted on the blog, "We are really happy with this release, and believe that as with every release, this is our best one yet. Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack. 
We’ve released Gnome and KDE ISO images for 32 and 64 bit (no arm this release, sorry!), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed.

Read More

How To Prevent Your Computer From Hackers - Windows Tweaks

Hackers and Browser Hijacking is one area of the Net that affects everyone at some stage.

In addition to having third party utilities such as SpyBot, Anti Virus scanners and firewalls installed there are some changes that can be made to Windows 2000/XP. Below are some details to make your system safer from hackers and hijackers.


Some of these tips require editing of the Registry so it is wise to either backup the registry and/or create a Restore Point.

1. Clearing the Page File at Shutdown Windows 2000/XP paging file (Sometimes called the Swap File) can contain sensitive information such as plaintext passwords. Someone capable of accessing your system could scan that file and find its information. You can force windows to clear out this file. In the registry navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management and add or edit the DWORD ClearPageFileAtShutdown. Set it to 1. Note that when you do this, the system will take much longer to shut down: a system with a really big Page File (! Gig or more) may take a minute or two longer. 2. Disable the POSIX and OS/2 Subsystem.Windows 2000 and XP come with little-documented subsystems it at allow compatibility with UNIX and OS/2 systems These rues systems are enabled by default but so rarely used that they are best off bring disabled completely to prevent possible service hijackings. To disable these subsystems, open the registry and navigate to HKEY LOCAL MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems. Delete the subkeys Os2 and Posix. then reboot.

3. Never leave default passwords blank.
On installation, Windows 2000 sets up an Administrator account with total system access and prompts for a password. Guess what: by default, it allows that password to be blank. If a user doesn't want to type a password, he can simply click Next and the system will be an open door for anyone who wants to log on. Always opt for a password of some kind when setting up the default account on a machine.
4. Disable the Guest accountWindows XP comes with a Guest account that's used for limited access, but it's still possible to do some damage with it. Disable it completely if you are not using it. Under Control Panel, select User Accounts, click on Guest Account and then select Turn Off the Guest Account.5. Install Windows In a different directory.
Windows usually installs itself in the WINDOWS directory. Windows NT 4 0 and 2000 Will opt for WINNT. Many worms and other rogue programs assume this to be the case and attempt to exploit those folders files. To defeat this install Windows to another directory when you're setting it up - you can specify the name of the directory during setup. WINDIR is okay; so some people use WNDWS - A few (not that many) programs may not install properly if you install Windows to another folder but t hey are very few and they are far between

6. Fake out hackers with a dummy Administrator account
Since the default account in Windows 2000 is always named Administrator, an enterprising hacker can try to break into your system by attempting to guess the password on that account. It you never bothered to put a password on that account, say your prayers.

Rather than be a sucker to a hacker, put a password on the Administrator account it you haven't done so already. Then change the name of the Administrator account. You'll still be able to use the account under its new name, since Windows identifies user accounts by a back-end ID number rather than the name. Finally, create a new account named Administrator and disable it. This should frustrate any would -be break-ins.

You can add new accounts and change the names of existing accounts in Windows 2000 through the Local Users and Groups snap in. Right-click on My Computer, select Manager, open the Local Users and Groups subtree, look in the Users folder and right-click on any name to rename it. To add a new user, right-click on the containing folder and select New User. Finally, to disable an account, double-click it, check the Account is disabled box and click OK.

Don't ever delete the original Administrator account. Some programs refuse to install without it and you might have to log in under that account at some point to setup such software. The original Administrator account is configured with a security ID that must continue to be present in the system.

7. Set the Hosts file to read-only to prevent name hijacking.
This one's from (and to a degree, for) the experts. The HOSTS file is a text file that all flavors of Windows use to hold certain network addresses that never change. When a network name and address is placed in HOSTS, the computer uses the address listed there for that network name rather than performing a lookup (which can take time). Experts edit this file to place their most commonly-visited sites into it, speeding things up considerably.

Unfortunately hijackers and hackers also love to put their own information into it - redirecting people from their favorite sites to places they don't want to go. One of the most common entries in HOSTS is local host which is set 1770.0.1. This refers to the local machine and if this entry is damaged the computer can behave very unpredictably.

To prevent HOSTS from being hijacked, set it to read-only. Go to the folder %Systemroot%system32driversetc, right-click on HOSTS, select Properties check the Read-Only box and click OK. If you want to add your own entries to HOSTS, you can unprotect it before doing so, but always remember to set it to read-only after you're done.8. Turn off unneeded Services
Windows 2000 and XP both come with many background services that don't need to he running most of the time: Alerter, Messenger, Server (If you're running a standalone machine with no file or printer shares), NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager (the last two if you're not using Remote Desktop or NetMeeting), Remote Registry, Routing and Remote Access (if you're not using Remote Access), SSDP Discovery Service, Telnet, and Universal Plug and Play Device Host.
A good resource and instruction on which of these services can be disabled go to /http://www.blkviper.com/WinXP/

9. Disallow changes to IE settings through IE
This is another anti hijacker tip. IE can be set so that any changes to its settings must be performed through the Internet icon in the Control Panel, rather than through IE's own interface. Some particularly unscrupulous programs or sites try to tamper with setting by accessing the Tools, Options menu in IE. You can disable this and still make changes to IE's settings through the Control Panel.

Open the Registry and browse to HKEY_CURRENT_USER SoftwarePoliciesMicrosoftInternet ExplorerRestrictions. Create or edit a new DWORD value named NoBrowserUptions and set it to 1 (this is a per-user setting). Some third-party programs such as Spybot Search And Destroy allow you to toggle this setting.

You can also keep IE from having other programs rename its default startup page, another particularly annoying form of hijacking. Browse to HKEY.CURRENT USERSoftwarePolicies MicrosoftInternet ExploreControl Panel and add or edit a DWORD, Homepage and set it to 1.

10. Disable simple File Shares.
In Windows XP Professional, the Simple File Sharing mode is easily exploited, since it抯 a little too easy to share out a file across your LAN (or the NET at large). To turn it off, go m My Computer, click Tools, Folder Option and the View tab, and uncheck Use Simple file sharing (Recommended). Click OK. When you do this you can access the Security tab in the Properties window for all folders; set permissions for folders; and take ownership of objects (but not in XP Home)

Read More

How To Change Your IP Address - Black Hat Hacking

1. Click on "Start" in the bottom left hand corner of screen
2. Click on "Run"
3. Type in "command" or "cmd"and hit ok

You should now be at an MSDOS prompt screen.

4. Type "ipconfig /release" just like that, and hit "enter"
5. Type "exit" and leave the prompt
6. Right-click on "Network Places" or "My Network Places" on your desktop.
7. Click on "properties"

You should now be on a screen with something titled "Local Area Connection",

8. Right click on "Local Area Connection" and click "properties"

9. Double-click on the "Internet Protocol (TCP/IP) " from the list under the "General" tab

10. Click on "Use the following IP address" under the "General" tab

11. Create an IP address (put any ip there like 1.2.3.4 it doesn't matter what you give there , this is only to tell you how to change your "IP" .

12. Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.

13. Hit the "Ok" button here

14. Hit the "Ok" button again

You should now be back to the "Local Area Connection" screen.

15. Right-click back on "Local Area Connection" and go to properties again.

16. Go back to the "TCP/IP" settings

17. This time, select "Obtain an IP address automatically"

18. Hit "Ok"

19. Hit "Ok" again

20. You now have a new IP address

Read More

NetBIOS Hacking - Black Hat Hacking

THIS NETBIOS HACKING GUIDE WILL TELL YOU ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER. NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER.

STEP-BY-STEP NETBIOS HACKING PROCEDURE

1.Open command prompt

2. In the command prompt use the “net view” command
( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “IP TOOLS” SOFTWARE BY ENTERING RANGE OF IP ADDRESSS. BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME).

Example: C:\>net view \\219.64.55.112

The above is an example for operation using command prompt. “net view” is one of the netbios command to view the shared resources of the remote computer. Here “219.64.55.112″ is an IP address of remote computer that is to be hacked through Netbios. You have to substitute a vlaid IP address in it’s place. If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown. If not an error message is displayed. So repeat the procedure 2 with a different IP address.

3. After succeeding, use the “net use” command in the command prompt. The “net use” is another netbios command which makes it possible to hack remote drives or printers.

Example-1: 
C:\>net use D: \\219.64.55.112\F
Example-2: 
C:\>net use G: \\219.64.55.112\SharedDocs
Example-3: 
C:\>net use I: \\219.64.55.112\Myprint

 

NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk.

NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES, FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER. THAT IS, IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DIVE AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT

F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer. These are displayed after giving “net use” command. “219.64.55.112″ is the IP address of remote computer that you want to hack.

4. After succeeding your computer will give a message that “The command completed successfully“. Once you get the above message you are only one step away from hacking the computer.

.

Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name. You can open it and access remote computer’s Hard-Drive. You can copy files, music, folders etc. from victim’s hard-drive. You can delete/modify data on victim’s hard-drive only if WRITE-ACCESS is enabled on victim’s system. You can access files/folders quickly through “Command Prompt”.

NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios. That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed). So Repeat The Procedure 2,3 With Different IP Address.

Read More

Proxy Servers and Anonymizers - Black Hat Hacking

Proxy is a network computer that can serve as an intermediate for connection with other computers. They are usually used for the following purposes:

• As firewall, a proxy protects the local network from outside access.


• As IP-addresses multiplexer, a proxy allows to connect a number of computers to Internet when having only one IP-address.


• Proxy servers can be used (to some extent) to anonymize web surfing.


• Specialized proxy servers can filter out unwanted content, such as ads or ‘unsuitable’ material.


• Proxy servers can afford some protection against hacking attacks.

Anonymizers

• Anonymizers are services that help make your own web surfing anonymous.


• The first anonymizer developed was Anonymizer.com, created in 1997 by Lance Cottrell.


• An anonymizer removes all the identifying information from a user’s computers while the user surfs the Internet, thereby ensuring the privacy of the user.

Read More

How To Make Reverse Phone Lookup - Black Hat Hacking

A Reverse Cell Phone Lookup is simply a process of finding someone’s personal details such as name, age, address and related information by using their cell phone number. At times it becomes necessary for us to start investigating on someone to know their personal details. The reason for this can be many – Some people may go for a cell phone lookup in order to locate their old friends, some to investigate the prank calls or to trace a suspicious number.

There exists a lot of websites on the Internet that offer reverse cell phone search, some claim to be free while others ask you a small fee for the subscription. There also exists a few directories that provide access to both landline and cell phone numbers thereby providing an all-in-one lookup service.

Since most people wish to access this information for free, they go in search of those websites which provide the reverse cell phone lookup service for free. Most scam websites take up this tendency of people as an added advantage and try to attract more and more visitors by promising them to provide the search service at a free of cost. In reality, the visitors of these websites may pick up malware programs like viruses and trojans. So you should be very careful not to visit any of such websites unless you are 100% confident about their legitimacy. Hence, in order to do a reverse cell phone lookup, you need to find a trusted website/directory service that provide information which is accurate and authentic.

Even though there is no national cell phone lookup directory available in United States due to various privacy concerns, there are still a number of top quality directories used by various private detectives, journalists and those who are in need to spy on their cheating spouse or children. These companies invest a lot of time and financial resources in gathering mobile phone and landline numbers by using both private and public sources, as well as major cell phone carrier restricted databases.

Thus by using this service it becomes just a cakewalk for anyone to find the details associated with any phone number whether it be a cell phone or a landline. The entire process of finding someone by cellphone number is very straightforward – all you need to do is just enter the phone number that you want to trace down and hit the “Search” button. You will be able to instantly view the information such as the phone owner’s name, age, mobile provider, billing address, previous addresses and more.

I recommend the following cell phone directory to search both mobile & landline and listed/unlisted residential numbers. The site is completely safe and uses a 128-bit secured access to maintain 100% privacy of the uses. All searches remains private and anonymous. Click on the following link to gain access now!

Read More

How To Hack Someone's Modem Or Routers - Black Hat Hacking

Almost half of the Internet users across the globe use ADSL routers/modems to connect to the Internet however, most of them are unaware of the fact that it has a serious vulnerability which can easily be exploited even by a noob hacker just like you. In this post I will show you how to exploit a common vulnerability that lies in most ADSL routers so as to gain complete access to the router settings and ISP login details.

Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in theDefault username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later. This makes it possible for the attackers to gain unauthorized access and modify the router settings using a common set of default usernames and passwords. Here is how you can do it.

Before you proceed, you need the following tool in the process

Angry IP Scanner

Here is a detailed information on how to exploit the vulnerability of an ADSL router.

Step-1: Go to www.whatismyipaddress.com. Once the page is loaded you will find your IP address. Note it down.

Step-2: Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for.

Suppose your IP is 117.192.195.101, you can set the range something as117.192.194.0 to 117.192.200.255 so that there exists atleast 200-300 IP addresses in the range.

Step-3: Go to Tools->Preferences and select the Ports tab. Under Port selectionenter 80 (we need to scan for port 80). Now switch to the Display tab, select the option “Hosts with open ports only” and click on OK.

I have used Angry IP Scanner v3.0 beta-4. If you are using a different version, you need to Go to Options instead of Tools

Step-4: Now click on Start. After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image.

tep-5: Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers the default username-password pair will be admin-admin or admin-password.

Just enter the username-password as specified above and hit enter. If you are lucky you should gain access to the router settings page where you can modify any of the router settings. The settings page can vary from router to router. A sample router settings page is shown below.

If you do not succeed to gain access, select another IP from the list and repeat the step-5. Atleast 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.

What can an Attacker do by Gaining Access to the Router Settings?

By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or play any kind of prank with the router settings. So the victim has to reconfigure the router in order to bring it back to action.

The Verdict:

If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack. 

Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model.

Read More