This tiny (51KB) app finds the guest network's default password for almost any Linksys E-series router! The guest network is usually a combination of a color and animal name with the string "-guest" appended. An example is: YellowZebra-guest. If you have a linksys router with a guest network, give it a try. Just connect to the guest network, and run the app. It will take a few minutes at the most to find the password. This is my first android app, and I have no prior experience with mobile apps, so give me some feedback. And it's also the first "vulnerability" that I discovered.
You did an excellent job. I wish my first 'Droid platform package had come out half as polished or functional. Your tool helps legitimate pentesters demonstrate multiple common vulnerabilities, beyond just this router. (Like plaintext password files, directory transversal, guest network insecurity, how bruteforcing works, etc). I hope you'll update it with a non-time-destructing version. In terms of constructive feedback: 1) thanks for helping make the xiopan community better and sharing the tool w/ us. 2) an easy and useful update would he to make the display text selectable. 3) I like the credentials caching you put in, but I would rename that tab something other than "stats". I originally just stumbled onto it. 4) the droid api letting you implement rotation is easy. Letting the app rotate horizontally would be nice, and will also keep it from crashing on some rooted devices that freakout when an app won't run in landscape. 5) aesthetically, I like the bare-bones console feel. But the off-white text with the slight shadow effect is blurry on big non-retina screens. I'd suggest a pure 000 white, no shadowing, and to go with suggestion #2, a clean universally supported mono space font, probably Droid Sans Mono or Droid Sans Mono Bold. 6). I'd highly recommend you add a legal tab to protect yourself and/or your intellectual property. I'm NOT giving you any legal advice here, but a disclaimer like this one could possibly be adapted: http://goes.gsfc.nasa.gov/text/disclaimer.html And a pentester disclaimer might be like sqlmap's, for example: http://sourceforge.net/p/sqlmap/mailman/message/27570843/ Finally, a really easy and fantastic source for copyright options is creative commons: http://creativecommons.org/choose/ Congrats again on your first app! I truly hope it is the first of many.
Thanks for the feedback and suggestions. I've made a few minor changes and have an update here: LinksysGuestHackBeta.zip It expires on Sept 1st because I still want more feedback from others. And I want to know if it works for your router. If it does please post the router model, and if it doesn't work, please post a tcpdump so I can debug it.
I'd like to try it as well so I can determine how secure my guest WiFi access is. I might end up disabling it completely if the password is easy to break.
Sorry for the delay. Here is an updated version that has better support for hdpi screens, and also executes faster on the latest android builds: Linksys-Guest-Hack.apk Remember this app does not require root, is only around 50KB, and has no ads. Let me know if it works for you.
--- Double Post Merged, 5 May 2015, Original Post Date: 5 May 2015 --- I just installed the apk from your March 15th post but the beta has expired May 1st. Greatly appreciate link to non-beta or non-expired version. Thanks again for the hard work.
OK, here's an update for you guys. The link is the same. md5sum: 64e9e06ace281958dfa76501787e110a sha1sum: 732781f4d6fe4fd61b620f2697b16fb90a33e0b5
Linksys Guest Hack --- Double Post Merged, 23 Jun 2015, Original Post Date: 23 Jun 2015 --- https://xiaopan.co/forums/threads/linksys-guest-hack.7097/#post-27778
