Kitz Forum

Broadband Related => Broadband Hardware => Topic started by: moooooooooooooon on July 18, 2019, 06:23:44 PM

Title: is there any way to get the wifi password out of HG531 v1 router page ?
Post by: moooooooooooooon on July 18, 2019, 06:23:44 PM

i can't get the wifi password from the router page because it's masked with stars and when i convert the type from password to text using inspect elements it gives me a wrong password
"@1GV)Z<!"
and while looking into this path
http://192.168.1.1/html/network/wlan.asp
in another similar model helped me finding the password !!
but in this model
http://192.168.1.1/html/ntwkall/wlan.asp
all i found was that the ssids and the wrong passwords "@1GV)Z<!"
and while looking in the network tab i found this while submitting a new password
it sends the password to this url
http://192.168.1.1/html/ntwkall/setcfg.cgi?x=InternetGatewayDevice.LANDevice.1&y=InternetGatewayDevice.LANDevice.1.WLANConfiguration.1&k=InternetGatewayDevice.LANDevice.1.WLANConfiguration.1.PreSharedKey.1&z=InternetGatewayDevice.LANDevice.1.WLANConfiguration.1.WPS&RequestFile=/html/ntwkall/wlan.asp

with this --data
"csrf_token=XGusO59EJlYEVQ0sWpMA7ftQo7JH5gQN&y.Standard=b%2Fg%2Fn&y.MaxBitRate=Auto&y.X_Wlan11NHtMcs=33&y.Enable=1&y.AutoChannelEnable=1&y.Channel=6&y.SSIDAdvertisementEnabled=1&y.X_WlanIsolateControl=0&y.WMMEnable=1&y.X_Wlan11NBWControl=20%2F40&y.X_Wlan11NGIControl=long&y.SSID=wifisucks&y.X_AssociateDeviceNum=32&y.X_PowerValue=20&y.BeaconType=11i&z.Enable=1&z.X_WPSMode=ap-pbc&k.PreSharedKey=thepasswordyouno&y.IEEE11iEncryptionModes=AESEncryption&x.X_WLANEnable=1"

is there any way to extract the password from that setcfg.cgi ?
and i tried to decrypt the router backup config file but niresoft router pass view failed to decrypt it ..

When i looked into the page file from the firmware and searched PreSharedKey

i found those if they make any sense
and i have tried to open the page with javascript turned off but still the password didn't show up !
the wrong password after trying the inspect elements trick
the wrong passwords from the page source code

any ideas other than getting it through wps would be very useful !

Title: Re: is there any way to get the wifi password out of HG531 v1 router page ?
Post by: dorzb on July 22, 2019, 09:43:43 AM

why don't you just reset the password?

[Unnecessary quoting removed - roseway]