So today’s the first day at my client’s office. The thing about this place is they have very strict firewall rules. A lot of sites have been blocked. So using my laptop borrowed from work, I did a quick scan and randomly connected to one of the unsecured wireless networks. There were about 10 results, 7 of them encrypted and requires a password.
After connecting, I tried to connect to the router. A screen popped up requesting for a username and password. On that same dialogue, the model of the router was displayed. I googled that to discover that it’s a D-Link router.
Went to D-Link’s website and downloaded the user manual there for this router I’m connected to. Scrolled a few pages to find the default username and password to be admin/admin.
Tried accessing the router again, supplied this default username and password, and "wallah!" I’m in.
This router also happens to contain the login details for the internet account! The username is clearly displayed in a text-field and the password is hidden in a password-field. So, view source…
<input type="password" name="password" value="t3hp455w0rd"> (this is just an example!)
Then I logged in to his ISP’s website, went to customer service and logged in to see this person’s account details. Sadly, it’s only a 256kbps account. I was hoping for a 10Mbps connection so I could use it and leech some stuff.
As the building I’m in is an office building, the nearest home apartment building is about 100-200 metres away. Signal strength: Fair~Good.
Message of the day: If you are using wireless routers, be sure to at least set a WEP password.