How to find remote routers mac address?

Question

I found an open port on my home network. Port 4567. From what I understand and have read online the router uses its MAC address as username, so all you need to login on the router is the routers Ethernet mac address and an admin password that can be found online.

But I am quite sure that it is impractical to get the MAC address of a remote router without being on that network. As such I don't want to mess with it if this isn't going to be a big deal. Thoughts?

Answer 1

One important followup question is: Which MAC address? The router will most likely have at least one MAC address for the WAN side and one for the LAN side.

Should the vendor have chosen to create usernames with each of the MAC addresses (in the name of usability), that could lead to an interesting vulnerability where changing the default password of one of the users to something more secure would still leave the other username(s) with the default password.

On some routers you will see the LAN and WAN interfaces being assigned adjacent Ethernet addresses. And in case the router has a builtin USB-Ethernet adapter, that one may be adjacent to the other two.

The adversary would only need to know one of those MAC addresses in order to deduce the rest. Additionally from the login page the adversary could likely tell the vendor and firmware version of the router. Those two will be sufficient to deduce the first 3 bytes of the MAC address with high confidence.

There are ways the adversary could learn more information about the MAC addresses:

• One of them will be in the ARP table of devices connected to this router (that includes devices both on the LAN and WAN side of the router).
• One of them will be known to your ISPs DHCP server. And I have seen ISPs embed that MAC address in the hostname used for reverse DNS.
• A traceroute from either side of the router will reveal an IP address of the router, which may have the MAC address embedded in it.
• If a builtin USB to Ethernet adapter is used for a device on the LAN, then that device could potentially leak the information by leaking its own MAC address.

Each of these possible ways the MAC address could leak can be addressed. But I would say there are simply too many ways an adversary could learn a MAC address of your router to safely assume the MAC address can be kept secret.

Answer 2

This Batch Code will fetch the below Details,

1. PC Name
2. IP Address
3. MAC Address
4. Computer Description(If Available)

Please save the below code in anyname.bat format and run it. It will output the results in a separate text file.

    :: This Windows Batch(CMD) File fetches All the Details of the Nearby PC's of Same VLAN (Upto 254 host's).
    :: Windows OS (CMD)
    :: Author : [M.S.Arun][1]

    :: #****************************************************************** Start of Script ********************************************************************#

    @echo off
    title Remote PC Details Fetching Script(PC Name / IP's / Computer Description)
    echo. > %cd%\PC_Details_Temp.txt
    echo Remote PC Details Fetching Script (PC Name / IP's / Computer Description) details of the Nearby PC's of Same VLAN.(Upto 254 Hosts)
    echo.
    set /p input_ip="Please Enter the IP Range(Eg:192.168.1) :  " && echo
    set /p input_ip_start="Please Enter Start IP Range(Eg:1) :  " && echo
    set /p input_ip_end="Please Enter End IP Range(Eg:254) :  " && echo
    echo. >> %cd%\PC_Details_Temp.txt
    @echo on
    for /l %%i in (%input_ip_start%, 1, %input_ip_end%) do nbtstat -a %input_ip%.%%i | findstr /c:"MAC" /c:"<00>" | findstr /c:"MAC" /c:"UNIQUE" >> %cd%\PC_Details_Temp.txt && echo     IP Address  = %input_ip%.%%i >> %cd%\PC_Details_Temp.txt
    @echo off
    echo. > %cd%\PC_Details_Logs.txt
    echo. > %cd%\PC_Details_Logs.txt
    echo This Batch Script fetches All the Details of the Nearby PC's of Same VLAN.(Starting from 1 to 254 host's) >> %cd%\PC_Details_Logs.txt
    echo. >> %cd%\PC_Details_Logs.txt
    echo. >> %cd%\PC_Details_Logs.txt
    echo PC Host Name: >> %cd%\PC_Details_Logs.txt
    find "UNIQUE" PC_Details_Temp.txt >> %cd%\PC_Details_Logs.txt
    echo. >> %cd%\PC_Details_Logs.txt
    echo PC IP Address: >> %cd%\PC_Details_Logs.txt
    find "IP" PC_Details_Temp.txt >> %cd%\PC_Details_Logs.txt
    echo. >> %cd%\PC_Details_Logs.txt
    echo PC MAC Address: >> %cd%\PC_Details_Logs.txt
    find "MAC" PC_Details_Temp.txt >> %cd%\PC_Details_Logs.txt
    echo. >> %cd%\PC_Details_Logs.txt
    echo PC Seat No's. and Vnet No's: >> %cd%\PC_Details_Logs.txt
    echo. >> %cd%\PC_Details_Logs.txt
    echo. >> %cd%\PC_Details_Logs.txt
    net view /all >> %cd%\PC_Details_Logs.txt
    echo. >> %cd%\PC_Details_Logs.txt
    echo. >> %cd%\PC_Details_Logs.txt
    arp -a >> %cd%\PC_Details_Logs.txt
    :: del %cd%\PC_Details_Temp.txt
    echo.
    echo Completed Successfully..!
    echo.
    pause

    :: #****************************************************************** End of Script ********************************************************************#

Hope this might help.

Screenshots For References,