 There’s a lot of documentation online on how to hack your neighbours Wi-Fi, but sometimes you need to hack your own system. Usually its because you’ve change your router password and forgot it completely, leaving you in the cold desolate place we like to call “No router land”.
There’s a lot of documentation online on how to hack your neighbours Wi-Fi, but sometimes you need to hack your own system. Usually its because you’ve change your router password and forgot it completely, leaving you in the cold desolate place we like to call “No router land”.
Don’t fear though, its actually pretty darn easy to hack your standard Dlink Dir-615 router (pictured above) that came stock with your Unifi subscription. Make no mistake, the router actually has some pretty sleek features, but Telekom Malaysia has a lackadaisical approach to security that makes hacking this router merely google searches away.
The default Unifi access credentials are:
Username : admin Password :
Where the password field is literally left blank, (as it is).
However, if you’re locked out of your Unifi router, here’s a couple of things you could do to get your connection back:
Option 1: Logging in with the Operator account
Most of the time, I recommend you use the admin account to change your Unifi settings, TM themselves admit that they don’t even set a password for this account on their user guide (page 9, 2nd bullet). However, if you’ve changed the password to this account and forgot it, there’s still a 2nd account that is left lurking in the system.
This is the ‘Operator’ account, and actually has more features than the standard ‘Admin’ account. TM have left this here, presumably for support purposes, but quite frankly, they shouldn’t. It’s like your house contractor, keeping a spare key to your home for ‘support’ purposes, it’s just not good security.
Fortunately though, if you’ve just changed the ‘Admin’ password, you’ve still got a chance to go back into your router and set things up correctly, just logon with the Operator account using one of the following credentials:
Username: Management Password: TestingR2
Username : operator Password : h566UniFi
Username : operator Password : telekom
Username : operator Password : <your Unifi username in reverse order>
Needless to say, please change the operator password once you’ve logged on, and remember it wisely this time.
Option 2: Hack the Dlink Dir 615 router
This options isn’t as hard as it might seem. For those running a router with a firmware version of 7.09 and below, there is a well documented vulnerability on the Dlink Dir-615 router that enables you to access your router without even knowing the username or password. To do so, just enter the url below;
http://192.168.0.1/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0
For more info on the vulnerability check out this link here. The vulnerability is called an authentication bypass, and literally allows you to access the router with no credentials at all! You can visit any page from the router menu, by just adding the “?NO_NEED_AUTH=1&AUTH_GROUP=0” to the end of the link.
Option 3: The one that will always work
*Edited 5-Dec-2013*
I’m really scared of this one. As from my checks with a couple of Shodan searches ALL Unifi routers are susceptible to this attack. All you need to do this is visit this link:
http://192.168.0.1/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd
And you’ll see in plain-freaking-text, your unifi routers username and password, for both the admin and operator/management accounts.
Thanks to use_the_source_luke from this bugtraq post.
This is all public information at this point and you deserve to know that your unifi router is insecure. So get out there and buy a new router already.
*end edit*
Out of Options
There are other vulnerabilities on the Dlink router, including the famous config.bin password hack, however, from my checks, most Unifi routers are already patched with the fix for that. Leaving the above two options your only hope. If you really are out of options, you can always purchase a new router for your Unifi connection (I recommend the Asus RT-N12C1 or the Asus RT-N12HP)
However, you made need to call TM for your Unifi Password.
How to secure your Unifi router
It’s also important to learn how to secure your router, the first bit is easy. Change the passwords, TM have a really bad habit of setting the router password to blank, meaning there literally is NO PASSWORD!!
Needless to say, that’s bad security. What’s even worse is the average customer isn’t aware of the operator account which is left on the system with default passwords as well. From my quick checks, about 50% of people don’t change they’re router Admin passwords, and nearly 99% of people haven’t changed their operator password. You can’t really blame them, they didn’t know the operator account was there in the first place. So basically 99 times out of a 100, you’ll be able to ‘hack’ your unifi router using nothing but default passwords.
Securing the router, first and foremost requires that you change the passwords from their default values.
Secondly, if you’re using a firmware version of 7.09 and below, it’s time to upgrade your firmware. Upgrading your router firmware is actually pretty common stuff, there are entire websites that are dedicated to documenting router vulnerabilities, not for hackers, but security research–and this concept actually helps make our everyday appliances more secure.
Conclusion
A lot of people have locked themselves out of their home routers, so hopefully this post helps. However, because TM have such a bad stance against security, it also means that if you don’t take the necessary precautions, you could be on the wrong end of an attack.
Remember to stay safe and secure, securing your router is as important as securing your front door.
nice tutorial.. ^^
man this is amazing … I have tried such stuff before but couldn’t get through how did you get to find the function REQUIRE
thanks keith 🙂
thank you! forgot my pw and router has been acting up a bit so this was very helpful.
Many thanks from a grateful Unifi-er.
http://192.168.0.1/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd this code, cant be use anymore! tm must be do some upgrade on their service…
qafafafafaaf
Thank you so much 🙂
Hai i tried everything but couldnot get a solution.
How do i hack TM firmware version 1.07 router ? i need the admin password please.
Sorry bro, that’s the L7 Router. Try using the default passwords, if that doesn’t work the only sure-fire way I can recommend is to RESET the router.
Keith
thanks alot
my neighbor hack my wifi before,cause unifi technician install my unifi no ask me username and password, that time i dont know about any router setting …etc . when i feel my connection slow, then i call technician to check , he said username and password is tm1234 . very lazy tm unifi technician ,wtf
Thanks a lot. Appreciate for your explanation and share
someone hacked my router & change the password… what shall i do ???
Just reset your router by the button ! And it will switched to default id and password !
D link
My office using unifi biz don’t want to give me the password I want to use wifi
[…] Hack Unifi: In case you’ve lost your default password – How to Hack your Unifi Dlink router just in case you’ve changed the default password and lost it. […]
dude you save my day!
Most routers nowadays have already been patched up these security holes. just be aware
skvilac@unifi
Many thanks from a grateful Unifi-er.
thank you! forgot my pw and router has been acting up a bit so this was very helpful.
dude you save my day!
Most routers nowadays have already been patched up these security holes. just be aware
Thanks a lot. Appreciate for your explanation and share
How do i hack TM firmware version 1.07 router ? i need the admin password please.
Sorry bro, that’s the L7 Router. Try using the default passwords, if that doesn’t work the only sure-fire way I can recommend is to RESET the router.
Keith
thanks alot
my neighbor hack my wifi before,cause unifi technician install my unifi no ask me username and password, that time i dont know about any router setting …etc . when i feel my connection slow, then i call technician to check , he said username and password is tm1234 . very lazy tm unifi technician ,wtf
D link
skvilac@unifi
Hai i tried everything but couldnot get a solution.
Thank you so much 🙂
My office using unifi biz don’t want to give me the password I want to use wifi
someone hacked my router & change the password… what shall i do ???
Just reset your router by the button ! And it will switched to default id and password !
nice tutorial.. ^^
man this is amazing … I have tried such stuff before but couldn’t get through how did you get to find the function REQUIRE
http://192.168.0.1/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd this code, cant be use anymore! tm must be do some upgrade on their service…
qafafafafaaf
thanks keith 🙂
I love see the new things here. Thank you!
Your article is really great ptcl speed test
how do you hack livigent?
[…] Hack TM Unifi: In case you’ve lost your default password […]
[…] Hack TM Unifi: In case you’ve lost your default password […]
[…] Hack Unifi: In case you’ve lost your default password […]
[…] Hack TM Unifi: In case you’ve lost your default password […]
[…] Hack Unifi: In case you’ve lost your default password […]