You are not logged in.
This is my newest post on https://izuz.wordpress.com/2011/02/22/o … en-hacked/ ...
This is a payback for all the sucky internet they are giving us..
Enjoy people!..
--------------------------------------------------------------------------------------------------
HEY OGERO !!! PAY BACK IS A B!TCH !!!
How many times you get to find Blink wifi networks around you?! Very frequently right?!
Your WiFi network at home or at work might be a Blink WiFi. ( If you do then this is the time to PANIC!)
Here’s why:
Blink (or any other ISP as a matter of fact) mass orders and mass configures their wireless routers. Hence the WEP/WPA keys are automatically generated per router; so does the SSID (Name of the wireless network).
Certain routers have always had this vulnerability BUT Lo and Behold , Blink routers are also vulnerable to this attack.
How you may ask?! Let me explain…
When you scan for WiFi networks and see a BlinkXXXXXX network, be sure that this SSID is automatically generated, as we mentioned earlier.. It is a concatenation of the ISP Name (Blink) + the XXXXXX (6 character HEX code), and this code is the key to our attack.
This code is generated from the Serial Number (SN) of the router… So does the WEP/WPA key of the router.
XXXXXX -> SN -> Hash -> KEY
So by reversing the Hash function (which is doable via rainbow tables), you will get to have the Serial Number and then Hash it to find the WiFi router key!
It is easy and it can be done! and there are already apps available out there for iOS and Android!
What makes the matter even more critical, is the fact that Ogero doesn’t give you the admin access to your WiFi router, so that you can change your default settings.
So it is really a combination of circumstances that made this Hack available:
Ignorance (People don’t change their SSID)
Dictatorship (Ogero doesn’t supply you with Admin access to your equipment)
Done panicking?! Great your next mission is to go and literally Nag-the-hell out of your Ogero Customer Support.
p.s: You don’t believe me!? Post you WiFi SSID name in the comments and i will tell you your key!
update 1: username “user” with password “user” works for a big chunk of the routers out there, this is a privileged user which means, can view system settings and PCs connected to the network, which brings us to a totally new level of security threats!
Last edited by ZuZ (February 22 2011)
You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...
Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!
Last edited by Samer99 (February 22 2011)
Panic is not appropriate I hacked my brothers blink in 2 minutes without tools the password is mostly 3 digits different than the router serial no joke . That is eactly why i do not want ogero as Isp!
You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...
Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!
I'm trying to do that but I can't. The address is http://192.168.1.1:80, I get the login dialog box, I enter the username and password, but all I get is a blank white page. Why does that happen?
Samer99 wrote:You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...
Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!
I'm trying to do that but I can't. The address is http://192.168.1.1:80, I get the login dialog box, I enter the username and password, but all I get is a blank white page. Why does that happen?
yes me too!
Panic is not appropriate I hacked my brothers blink in 2 minutes without tools the password is mostly 3 digits different than the router serial no joke . That is eactly why i do not want ogero as Isp!
Yes this is actually true. I figured out the pattern very easily a long time ago. Then when I had issues with bandwidth being consumed like crazy (I had to pay $50 + 114,000L.L for bandwidth I did not consume), I went to Ogero in Bourj El Murr and asked them to check the router and change the password. Unfortunately, I forgot what the pattern was because I stopped connecting using Wi-Fi once I bought a desktop.
You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...
Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!
user/user cannot change system settings :)
Panic is not appropriate I hacked my brothers blink in 2 minutes without tools the password is mostly 3 digits different than the router serial no joke . That is eactly why i do not want ogero as Isp!
the wep/wap key are hashed off the serial number, it cannot be guessed, needs to be calculated
Well if you have the Ogero Dlink router, the user/user allows you to change the pass. I don't know about the others, because when i had ogero i changed the Pass and you can change the encryption to WPA. But now i'm with IDM and i'm still using the same router so i flashed the router and installed a new firmware, working perfectly.
Well if you have the Ogero Dlink router, the user/user allows you to change the pass. I don't know about the others, because when i had ogero i changed the Pass and you can change the encryption to WPA. But now i'm with IDM and i'm still using the same router so i flashed the router and installed a new firmware, working perfectly.
a big chunk of the routers are thomson ... dlink are the newer ones..
Samer99 wrote:You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...
Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!
I'm trying to do that but I can't. The address is http://192.168.1.1:80, I get the login dialog box, I enter the username and password, but all I get is a blank white page. Why does that happen?
If you have the THOMSON TG585 v7 (the modem-router that most Ogero clients have), then the default adress is http://192.168.1.254/ and you can login as a User (Username: user / Password: user), and you will be able to change the SSID and the password... I did that for 3 relatives...
m0ei wrote:Well if you have the Ogero Dlink router, the user/user allows you to change the pass. I don't know about the others, because when i had ogero i changed the Pass and you can change the encryption to WPA. But now i'm with IDM and i'm still using the same router so i flashed the router and installed a new firmware, working perfectly.
a big chunk of the routers are thomson ... dlink are the newer ones..
Not really, the first routers ogero used were Dlink, i was a customer with ogero from 2009 then after 6 months i think they replaced the routers to Thomson. I don't know if they are using new Dlink routers now as you're saying.
ZuZ wrote:m0ei wrote:Well if you have the Ogero Dlink router, the user/user allows you to change the pass. I don't know about the others, because when i had ogero i changed the Pass and you can change the encryption to WPA. But now i'm with IDM and i'm still using the same router so i flashed the router and installed a new firmware, working perfectly.
a big chunk of the routers are thomson ... dlink are the newer ones..
Not really, the first routers ogero used were Dlink, i was a customer with ogero from 2009 then after 6 months i think they replaced the routers to Thomson. I don't know if they are using new Dlink routers now as you're saying.
we need an ogero representative to set things straight! and how they are willing to fix this
I have a D-Link router. And no you do not need to calculate anything to figure out the password, you can easily figure out the pattern. At least that's how it used to be back then.
you can contact ogero and they will give you the admin login and password
can you post a howto guide for this ?
what algorithm is used to hash the SN, and what tools we need to reverse it?
Last edited by longbit (February 22 2011)
An advice for future Ogero subscribers: get the non-wireless (modem only) package and by your own router.
Less Expansive.
More secure: I got WPA TKIP set up, mac address filtering, firewall, parental protection.
One interesting thing you can do when you have full control over your router is reduce broadcast power by percentages. My network does not show up at my neighbors above, below and next door using normal laptop WNIC.
TKIP is not secure (it uses some ciphers as WEP, but just different way). Use AES.
um... if you only have a dsl modem also acting as router and wifi, you will get pwnd
IMO, like Bij said; best practice is [DSL modem] -> [wifi/ethernet router/firewall] -> everybody else
Last edited by dp0001 (February 22 2011)
Yes use AES, WPA TKIP encrypted wireless password can be cracked using dictionaries or bruteforce.
Sorry but this is very old news, it is obvious, in fact this matter is related to Thomson company not Ogero, and you did not "hack" Ogero you will be stealing lousy bandwidth (128k or 256k) from your poor neighbors, mmm that's not ethical.
You steal,
Your Neighbors pay,
Ogero Wins.
PS: when I said "you" I didn't mean the author, I am speaking in general.
Heh this "hack" is nothing hunny. I was able to figure out Cyberia ADSL and HDSL usernames and passwords thanks to Cyberia's stupidity. Most cyberia DSL users turned out to have password for their account 12345678. I figured out the username L number pattern, and voila, access to their ADSL account :)
I was able to open at least 27 accounts and heck there is more to come. I wonder if I put the L number and password on my ADSL router, would I use internet off of their account? Hmmmmmm :)
I wonder if I put the L number and password on my ADSL router, would I use internet off of their account? Hmmmmmm :)
This is easily traceable by the ISP. I wouldn't advise using someone else's DSL account on your own phone line.
I know I'm just questioning. Anyway I don't think it will work especially if you're connected to another ISP. I think Ogero sets each account to 1 specific phone line.
worked fine for me =D thanks! but my neighboor's internet was 128 >.<
TKIP is not secure (it uses some ciphers as WEP, but just different way). Use AES.
I actually found out I was using AES when I went to the settings page to change it I don't know why I thought I was using TKIP.
One thing I never noticed before is the "Both" option when choosing the cipher type. Any idea on how this works ?