I read a lot about wrt54G invunerabilities and so i want to challenge my OWN and Spare wrt54G. 'cause if I can hack it, other can too. (and that's the part I don't like) Since I forgot my password and I don't want to push the reset button, this seems a nice challenge (I have some spare time at the moment ) So the challenge is to get/guess the password A few ideas: - Backup the config and read out the password. reading the password is not the problem, someone on this forum wrote a program for it. Problem: How to backup without password? Brute Force: Can be done, only takes about 3 milion years (p2) or so. I am not that bored Get some firmware on it like (batbox?wi-fibox?) wich can be deleted with a reset. Again, how to do this without password. Use the buffer overflow (something about 10.000 bytes of code which causes a buffer overflow) wich on his turn causes a httpd demon crash but before that you can execute some code, like "set password, backup or bootset_wait etc. etc. Who wants to challenge this?