Monday, April 16, 2012

Fun Hacking - Story of WiFi Airbox Cellular Routers

I am always curious to know more about the new network devices such WiFi routers. So I started hitting at it. Basically, mobile WiFi provides default access to internet connection. I pushed my device to be in the network.

1. A quick IP lookup provided me with the IP address of the mobile WiFi router present in the

2. The very basic thing is to surf the web admin console which by default provides the basic HTTP authentication prompt. At this point, I got to have the details of the mobile WiFi router. So I quickly issued [ echo "GET / HTTP/1.0" | nc] to extract the HTTP response from the running web server that was used for administration. Unfortunately, it was not giving any reply. That's fine.

3. A quick scan leveraged that port 81 was opened. So I fired the web browser to see if something was there for me on port 81.The port displayed the following web page

Yeah, that's more than the information I wanted. The mobile WiFi router was AIRBOX cellular designed by Additionally, port 53 was also opened for DNS querying but that was not the target point.

4. So, the next step was to download the manual of this WiFi router. I did and carefully read it. As common, the airbox router use to have  default credentials. Look at the excerpt from the AIRBOX manual :

5. Based on this information, I build the password list and also used the standard password lists to brute force the account. Within a few seconds. I got the admin interface password. If you are lucky, you will find default credentials present on these routers. Security is always creepy for these devices. I always look for the DHCP leases to find out the number of devices that are connected to the router. As said, I did the same

 So the lesson is, we need to delve more into security.