Every firmware has a default username and password, and if a person is able to find they might get money in exchange of this vulnerability . In this tutorial i will teach you how to find username and password in one of the firmware of D-Link.
* First we need a firmware, as i am using firmware of D-Link which i have already downloaded, you can also download it from the following site:- http://dlink.co.in/firmware/ftp.aspx
* I am using AttifyOs in this tutorial, it’s an operating system with pre-load tools which will help us to find the default username and password. It’s downloaded and install in my system , you can download it from the following site:- https://www.attify.com/attifyos
◙ Now open terminal in AttifyOs, and use command “cd /tools/firmware-mod-kit” this will take us to folder “firmware-mod-kit”, firmware should be in this folder.
◙ Now we will use command:- “binwalk Dlink_firmware.bin” to find the code embedded inside of firmware images.
◙ Now we will use command :- “dd if=Dlink_firmware.bin skip=917632 bs=1 of=hello” to create and copy files which we left previously.
◙ Now we will use command:- “binwalk -e Dlink_firmware.bin” to create an extracted file of .bin.
◙ Now let’s enter in “_Dlink_firmware.bin.extracted” , here we will find a folder name “squashfs-root” it contain all system files.
◙ Now use command:- “grep -iRn “telnet” it will search for telnet in every file and folder (i : to ignore case sensitive , R : to find “telnet” in each files and directory, n : to print in next line)
◙ Here we find that “/etc/scripts/misc/” there’s a script which run’s to start the telnet….. we might find some usefull infirmation in it.
◙ Use “cd etc/scripts/misc/” to navigate ins misc folder, here we will se “telnetd.sh” let’s see what’s in it, use command : “cat telnetd.sh”
◙ Here we got two things the username and location where default password is stored… We can see “Alphanetworks” near “/usr/sbin/login” it’s the default username of the firmware.. and the highlighted part is the location of default password of firmware :- “/etx/config/image_sign”
◙ Let’s navigate to this folder using command: “cd /home/oit/tools/firmware-mod-kit/_Dlink_firmware.bin.extracted/squashfs-root/etc/config”
◙ Here we will se a file name “image_sign” this find contain the default password of firmware, let’s see the password using command “cat image_sign”
◙ So we finally found the password :::
◙ These are the steps which we can use to find the default username and passwords and earn money….
✭ Hope you understand all the steps :::✭