diff --git a/_posts/2019-06-27-PWNlink.md b/_posts/2019-06-27-PWNlink.md
new file mode 100644
index 0000000..4f2b33e
--- /dev/null
+++ b/_posts/2019-06-27-PWNlink.md
@@ -0,0 +1,46 @@
+---
+layout: post
+title:  "I had some fun with a router"
+description: "cleartext passwords + external management = death wish"
+date:   2019-06-27 17:16:00
+categories: projects
+tag: projects
+---
+
+I was playing around with some D-link routers today and remembered an [ExploitDB Entry](https://www.exploit-db.com/exploits/33520) I read a while ago. Many D-link routers have a great feature that allows remote management and configuration queries. Interestingly, this cannot be disabled, and one of the pages contains a cleartext version of the admin password (yay!).
+
+## How to get yourself an admin password
+On any supported router, make an HTTP request to `http://your.router.ip.addr/tools_admin.asp/`. This will return a pretty large XML file containing information about your router's hardware and configuration. 
+
+Notice the fact that you did not have to log in. This is due to the fact that this file seems to be used by a remote management service of some sort. 
+
+The important thing to note here is that, when parsed with the regex pattern: `name="user_password_tmp" value="(.*)">`, you get a single string. This string is the admin password of the device.
+
+## Supported routers
+This is supported by many D-link routers. The ones I know about are:
+ - DIR-835
+ - DIR-855L
+ - DGL-5500
+
+Some routers have this XML file, but it is restricted... By a user without a password. These are:
+ - DHP-1565
+ - DIR-652
+
+## PWNlink
+Like everything I play with, I made a script to do this all for me (and spent a large amount of time adding colours to the text).
+
+My script is called PWNlink (PWN + D-link), It automatically finds a router on your network by looking for a specific DNS entry created by many D-link routers, then checking your gateway. Next, PWNlink reads you router's `hnap1` config to find it's model number. If supported, the script will read and parse the appropriate configs to give you the admin credentials for your router. 
+
+PWNlink can be installed on any *nix computer that has both `python3.7` and `python3-pip` installed. To install PWNlink, run:
+```
+pip3 install pwnlink
+```
+
+Run the script without any arguments for automatic detection, or pass any IP address to use manual detection.
+
+## Disclamier thingy
+I don't see much point to these, but I should probably put one anyways.
+
+**Don't be dumb with this script.**
+
+I have only used it on my own (or 5024's) routers, and did not create PWNlink with any malicious intent.
\ No newline at end of file