Simple tasks that a hacker can do in a TP-Link Archer C9

Similar tasks apply to other routers.

It's amazing how many users don't change the default manufacturer's login credentials.

(02-16-2022, 03:12 AM)mothered Wrote:

[To see links please register here]

Similar tasks apply to other routers.

Yes you can replicate the tasks on other routers.

It's amazing how many users don't change the default manufacturer's login credentials.

They, including me do not change the router password, only when there is a problem then they fix.

In the GIF i only made the 4 first steps. The last one that was to add a dynamic dns name from no-ip.org and reboot the device i didn't do it. This will make the router accessible to me only. On shodan.io you can gather routers with default password and add DDNS following a reboot.

(02-16-2022, 04:10 PM)hacxx Wrote:

[To see links please register here]

They, including me do not change the router password, only when there is a problem then they fix.

May I ask why you don't change It?

(02-17-2022, 12:38 AM)mothered Wrote:

[To see links please register here]

May I ask why you don't change It?

The router is less than 1/2 year old and the default password is complex (not admin/admin).

(02-17-2022, 02:20 PM)hacxx Wrote:

[To see links please register here]

(02-17-2022, 12:38 AM)mothered Wrote:

[To see links please register here]

May I ask why you don't change It?

The router is less than 1/2 year old and the default password is complex (not admin/admin).

I see.

I assume It can still be Identified through a list of default manufacturer passwords, Irrespective of the device's age.

(02-17-2022, 03:27 PM)mothered Wrote:

[To see links please register here]

I see.
I assume It can still be Identified through a list of default manufacturer passwords, Irrespective of the device's age.

As long as you don't expose your ip and it doesn't get indexed is all good.
In case of trouble, disable access to the admin panel by wifi and plug the router with a cable on eth1.

When i got my first android phone i used to wardrive to get wifi access points. Back in those days the default manufacturer was Thomson and the default password could be generated with a app or online. I made a map that i used to tag the access points. It worked everywhere and i watched YouTube on random wifi signals while waiting for transport, etc.

(02-17-2022, 08:13 PM)hacxx Wrote:

[To see links please register here]

As long as you don't expose your ip and it doesn't get indexed is all good.
In case of trouble, disable access to the admin panel by wifi and plug the router with a cable on eth1.

When i got my first android phone i used to wardrive to get wifi access points.

^ This Is what I'm referring to.

Anyone who knows the manufacturer's default credentials, can simply log In. If you're running a wireless network, always change the default password at the least. It only takes 30 seconds, so there's no excuse to leave It be.