How to Hack ADSL Router with kali linux

Hack adsl router with kali linux

bsnl using adsl connection to provide internet for its home and office users. and half of them modems are vulnerable to a simple attack. attacker cut off internet, change dns after exploit this vulnerabilities.

so lets see how attack is possible?

how to hack adsl router

Step 1:

check your public ip address.
just type “my ip” in google.

Step 2: Search for Vulnerable Routers.

 Using linux

open terminal type:

“nmap -sS -sV -vv -n -Pn -T5 117.212.120.16-255 -p80 -oG – | grep ‘open’ | grep -v ‘tcpwrapped’”

Now you have some results, this time you need to find the open devices with open ports. In search Result page:

Step 3:

pick an ip that have open port and place it in your browser and hit enter.

you will see an authenticate page like below image,

put admin as username and admin as password.

if client did not change default username and password, then it will be lucky for you and you entered in router admin page, if you not get success then try different ip and check default username and password for some router on searching google.

 

you can do some further action after enter in router admin area, for example change dns and cut off internet.

this is illegal and you may go to jail for this action, so try at your own risk.

 

 

what is sqlmap and how to use it.

sqlmap is an open source penetration testing tool, that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. it comes pre-installed with kali linux. sqlmap written in powerful language python.


sqlmap developed by Bernardo Damele and Miroslav Stampar. it support all major database management systems, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix.

 
it support to enumerate users, password hashes, privileges, roles, databases, tables and columns.

it support many SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.


Sqlmap is popular and powerful sql injection automation tool. there is no programming knowledge need for hack a website database through it, it completes  all process automate.


in this post we will learn how to exploit sql injection vulnerability, to hack a website.

How to hack a website with sqlmap.

Find a vulnerable website:
First scan a website. if you are using windows then scan with acunetix and if you are using kali then scan with zaproxy.


Find vulnerable url:
if acunetix and zaproxy show a sql injection vulnerability, then next step to exploit it with sqlmap. sometimes these scanner result are false positive,but you can try with different scanner.

Start exploit:
open terminal type:
“sqlmap -u example.com/index.php?id=16 ”

Find Database:

Find tables:

it extract all tables. find admin user and password in tables to get access in website. once you get admin user and password find admin panel url and takeover website. Download to find admin panel url are  here