Router credentials Form

smoses · Aug 5, 2023, 5:53 PM

This matches our network router details. This is blackhat router credential hackers right? I'm certain but wanted verification from others.

POST /login.cgi HTTP/1.1
Host: 192.168.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: http://192.168.0.1
DNT: 1
Connection: keep-alive
Referer: http://192.168.0.1/
Upgrade-Insecure-Requests: 1

admin_username=admin&admin_password=&admin_password=WITH OUR PASSWORD HERE HTTP/1.1 200 Ok

Thank you,
Stephanie

stephenw10 · Aug 5, 2023, 8:42 PM

Where are you seeing that?

johnpoz · Aug 5, 2023, 8:57 PM

@stephenw10 on his "lan" from where to where is anyone's guess..

Answered it here

https://forum.netgate.com/topic/181998/router-safety-blackhats

The 3rd post with the same useless info.. without any background or info on where is was gotten, when it was gotten..

This infection likes to use 3 year old versions of firefox it seems ;) version 82?