Pwning the SMCD3GNV Without Reaver or PixieDust!

Discussion in 'Resources' started by scorpius, 8 Apr 2015.

  1. scorpius

    scorpius Well-Known Member

    Joined:
    12 Jul 2012
    Messages:
    32
    Likes Received:
    22
    The SMCD3GNV's pin can be found by converting the last 3 bytes of the BSSID to decimal. If you get 8 digits, remove the first one. You are left with the first 7 digits of the pin. You can calculate the last digit (the checksum) or have reaver automatically calculate it for you.

    There's no need to use pixiedust or a potentially lengthy reaver session. And yes, you actually do need reaver, but just to get the password from the provided pin. This will take a few seconds at most.

    I'm not trying to take credit for this "discovery" because I know other routers have the same or a similar issue. But as far as I know, I'm the first to try it on the SMCD3GNV. Also, I'm the first to "discover" that if you get 8 digits after conversion, you must remove the first one. It sounds easy, but it is actually a complicated mathematical process to remove the first digit from a sequence of 8 digits. No it's not. ;)

    And for the pwning part of this post, the SMCD3GNV has a few open ports. One of which is very interesting: port 4159. You can telnet or nc into this port and you get a nice command processor. The beauty of this is that it has a 'lin' command where you can execute commands as root! The best application here is to be able to get the password of the Web GUI (if it has been changed from the default).

    Enjoy and use responsibly.
     

Share This Page

Loading...