Hacking Thomson and Speedtouch routers with THC HackSuite
In this tutorial we're going to get access to a WLAN and get free internet access.
Ingredients:
- wamp server(or any other webserver): http://www.wampserver.com/en/download.php
- CSS3 compatible browser: don't use crap like IE, instead try Firefox, Safari or RockMelt.
- THC_HS 0.1.3: http://www.hacksuite.com/downloads/cmse ... suite.html
- THC_SB 0.0.6: http://www.hacksuite.com/downloads/modu ... brute.html
STEP 1:
Run the server and extract the zip files, so you will have:
- thc_hacksuite
- thc_sb
STEP 2:
Put the thc_hacksuite folder in a webdirectory of your server eg C:\WAMP\www, in the thc_hacksuite folder you place the THC_SB folder.
STEP 3:
Open the suite in your browser eg 127.0.01/thc_hacksuite/index.php
This should give you the program.
STEP 4:
Navigate to the top right where you see a dropdown menu, click on it and select "THC Speedtouch Brute".
STEP 5:
This will show the module's web interface, now check out your available wireless networks to see whether you have a speedtouch or thomson router eg ThomsonBA9713
or SpeedtouchBA9713, waiting to be exploited. ;)
STEP 6:
You need to pick the hex part that comes right after Thomson or Speedtouch, so in the case above that would be BA9713, enter this value in the bssid field.
STEP 7:
Select the years(of course this is a guess) in which the router may have been produced, your best bet is to start around the last 3 or 4 years.
STEP 8:
Start brute forcing. :)
NOTES:
- The WPA key might not be found
- There maybe collisions with the algorithm, so there are more than one WPA key possible, try them all
- The generated WPA key may be incorrect, the admin of the network may have changed the key.
MEDIA:
This video shows you how the thing is done and will start at step 3, also it will show you a neat trick of the THC Hacksuite, it will allow you to run tasks in the background.
http://www.youtube.com/watch?v=9dyVCExsxdY
Enjoy and feel free to comment.
Fetching default wpa2 keys for speedtouch + thomson routers
- vegeta
- Hacker in Training
- Posts:71
- Joined:Mon Jul 21, 2003 9:04 am
- Location:000353B1h Hostname: n/a
- Contact:
lda #<text>text
jsr $ab1e ;
rts
text .text "LET ME OUT!"
.byte $0d,$00
jsr $ab1e ;
rts
text .text "LET ME OUT!"
.byte $0d,$00
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Fetching default wpa2 keys for speedtouch + thomson rout
It's a pretty webinterface for sure, but I thought there were standalone tools that could calculate the possible WPA keys for these routers in a few seconds, and that they've existed for years now?
Or am I thinking of a different device?
Or am I thinking of a different device?
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.