Category Archives: Windows

Exploiting Router Authentication through Web Interface

The “iBall Baton 150M Wireless Router Authentication Bypass Vulnerability” is the one I found when I was studying in the college. I was simply browsing the router pages to see if there is any way to get authorized page without username/password. Somehow I noticed a web request is sending to a .cgi page. I guessed there is some page in cgi extension instead of html. So I tried an existing known page password.html with password.cgi. Luckily I got the authentication bypassed and showed password reset page. Later I identified all existing pages can be accessed in this way without username/password. While checking the source code of password reset page, I found the passwords of each login accounts in clear text! Clearly it is a critical vulnerability iBall router.

Routers such as D-Link , Linksys etc. whose web interface uses CGI scripts. We can easily access and change these routers configuration bypassing authentication. CGI is one method by which a web server can obtain data from (or send data to) databases, documents, and other programs, and present that data to viewers via the web. The authentication bypass vulnerability is powerful as anyone can change router configuration, such as changing passwords, resetting router etc. through any web browser. The steps are mentioned below:

First we need the router IP, which is usually IPV4 Default Gateway IP. We can find this using ipconfig /all command from cmd or checking details of network adapter connected to network from Network and Sharing Center.

Most common default router IPs are 192.168.0.1, 192.168.1.1 etc. Suppose the router IP is 192.168.1.1, we change the URL format of any web page to ends with .cgi.

Ie, we change

http://192.168.1.1/password.html

to

http://192.168.1.1/password.cgi

Watch this video demonstration for more details. This video shows mainly:

  1. Accessing router configuration without username and password
  2. Finding usernames and passwords which are hidden inside page source

Watch video: https://youtu.be/8GZg1IuSfCs

Some other pages we can directly access like this are:

http://192.168.1.1/upload.cgi

http://192.168.1.1/resetrouter.cgi

http://192.168.1.1/pppoe.cgi

http://192.168.1.1/info.cgi

Identified and Reported by
Gem George


Get Dreamscene in Windows 8 or 8.1

What is DreamScene?

DreamScene was released on September 25, 2007 and introduced in Windows Vista. Using DreamScene users can set video content of MPEG, WMV, AVI formats as there desktop background. It was a really a cool feature. See the steps below to enable DreamScene or Video wallpaper in Windows 8 or 8.1. This also works in Windows 7 and Vista.

Steps to enable DreamScene in Windows 8:

1. Download & install DreamScene Video Wallpaper 2.23 software from here and install it.

You can download one sample dreamscene wallpaper from here

2. Double-click on the icon from desktop to launch the application.
dreamscene
3. Click on the “Plus” icon (look above picture) to add downloaded sample dreamscene wallpaper to playlist. You are done!

You can click on “Launch at Windows startup” to start playing dreamscene automatically on windows startup.


Force windows to use 100% of available bandwidth

Bandwidth is usually controlled by your Internet Service Provider (ISP). Sometimes there are software elements that influence your internet connection speed. Once such factor is QoS (Quality of Service), for example Windows Update, streaming videos or audio, Voip applications, etc. – anything that makes use of the QoS Packet Scheduler.

 
The reservation is 20% in Windows Xp, Vista & 7 and it is 80% on windows 8 and latest versions. We have the option to disable this reserved bandwidth to get access to 100% of your bandwidth. However, please take note that the 20% reserved bandwidth is only used when QoS applications need it. By configuring its setting in the Group Policy, you can easily limit the reservable bandwidth.

 

Steps:
1. Open Run or cmd window and type gpedit.msc and press enter on your keyboard.

Capture

 
2. Now Local Group Policy Editor will open and navigate to Computer Configuration -> Administrative -> Network -> Qos Packet Scheduler.

 
3. Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the ‘Explain’ tab. i.e.”By default, the Packet Scheduler limits the system to 80 percent of the bandwidth of a connection, but you can use this setting to override the default”. Click too ENABLE reservable bandwidth, then set it to 0 (ie. 0%).

 
4. Restart your PC to effect the changes

 

 

Using Windows regisrty:
1. Open Run or cmd window and type regedit in the search box and press Enter on your keyboard.

 
2. In Regedit click your way through HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows

 
3. Right click on the Windows map and select New and Key from the dropdown menu and name the new map Psched

 
4. Double-click on the new Psched map and right click in the empty white screen on the right

 
5. Select New and DWORD (32-bit) Value from the dropdown menu

 
6. Name the new Dword Value NonBestEffortLimit

 
7. Right-click on your new NonBestEffortLimit key and select Modify from the dropdown menu

 
8. In the Value Data field make sure the value is 0 so the reserved bandwidth percentage is set to 0%.

 
9. Click OK and restart your PC to make the changes