shonen Posted April 10, 2009 Share Posted April 10, 2009 I was doing some nmap scanning against a class mate’s network late last night and yes I had his consent. Anyways I noticed that the telnet and HTTP ports were wide open allowing me access to his speed stream modem/routers configuration interface. I ended up login in not with defaults but with the silly bastard’s password for his WEP key which I got off him some time ago when demoing backtrack (people are so predictable). I corrected this issue for him and we got chatting about it over msn. We both came to the same conclusion that google and its spiders do a marvelous job at trolling the interwebs caching web based content, so we thought can you google for other modem/routers that have the same external access to the web based configuration gui. As bob the build would say YES we can! Check it for yourself I know that a lot of the Siemens speedstream product are set with these ports open by default and are distributed this way by a lot of the large ADSL Australian based telco’s/isp’s , I am assuming that a lot of cable providers do pretty much the same thing with their Motorola cable modem but I am yet to check if they can be googled. I was also wondering if one was to gain access to the modem/router, what could you do from there. Well other than checking the DHCP list and port forwarding say netbios, disconnecting LAN users or some shit. Reason I ask is I wouldn’t mind rigging this up and testing it on either my own or class mate’s network for laughs thanks in advance. EDIT Sorry this proberbly belongs in the security section, my bad. Lack of sleep and a massive hangover increases my level of stupidity. Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 10, 2009 Share Posted April 10, 2009 now THAT is hillarious! Now the real question is... Does it work with other dsl/cable modem interfaces? Quote Link to comment Share on other sites More sharing options...
SomethingToChatWith Posted April 10, 2009 Share Posted April 10, 2009 Thanks google ~_~ Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 10, 2009 Share Posted April 10, 2009 Thank you proxies! Quote Link to comment Share on other sites More sharing options...
shonen Posted April 11, 2009 Author Share Posted April 11, 2009 now THAT is hillarious! Now the real question is... Does it work with other dsl/cable modem interfaces? Yeap I got a laugh out of it followed by a WTF it actually pulls up a list. I had a quick look the other night to see if I could find more but I ended up with zip. I may have to define my searche's a little more. Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted April 11, 2009 Share Posted April 11, 2009 Nice find! This is pretty neat. Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 11, 2009 Share Posted April 11, 2009 made sure my dd-wrt interface wasnt on there... hehehe. knock knock knockin' on my door. Quote Link to comment Share on other sites More sharing options...
shonen Posted April 11, 2009 Author Share Posted April 11, 2009 Hey hex wasn't there a worm released a couple of weeks back that exploited this kind of thing on DD-WRT firmware? I am actually suprised that ISP's ship products in this default state to its customers. I have also done a few network setup's on the side and have found that they are shipping them with a self setup install cd that configure's a WPA2 key, the SSID among other things. The problem with this is any person who does some work on the side or has one of these install cd's can spot the SSID a mile away and if you are anything like myself you collect these WPA2 keys for future referencing. =P Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 11, 2009 Share Posted April 11, 2009 yah, i read about it... unfortunately though i have the micro edition on my router, so.. even if i wanted i cant do a virus scan (hell 99% of the damn commands dont even work in the f*(kin thing... though my fon is a different story :D Quote Link to comment Share on other sites More sharing options...
tim.vangehugten Posted April 11, 2009 Share Posted April 11, 2009 indeed, h3%5kr3w, flash your router and 100% of your commands are working :D @Shonen: Nice dude :) Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 11, 2009 Share Posted April 11, 2009 really? cause I reflashed before and still the same issue. a few things will work, but not many.... not even half the commands it gives when you type help. I will try this though as soon as I can (probably tomorrow)... THATS RIGHT! I just upgraded the firmware last time, not a whole reflash (though I thought it was ALMOST the same thing...) I'll definitely check that out cause there are a few good tools that I really would love to have on it... BTW! does anyone know of a virus scan util for dd-wrt??? Quote Link to comment Share on other sites More sharing options...
tim.vangehugten Posted April 11, 2009 Share Posted April 11, 2009 h3%5kr3w, I use openWRT and everything works fine... exept sometimes some trouble with cross compiling errors but its doing its job. Still I wanna buy a fonera2 so that I might be able to run a torrent client on it and hook up an external usb hard disk so that I let my fon download my stuff... (still dont know if it is possible or not...) Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 11, 2009 Share Posted April 11, 2009 That is definitely possible, though you will have to mod the crap out of it to get it to work. I would LOVE to use openWRT.. BUT unfortunately my home router only has 4mb of flash, so the only thing that will work besides the OG firmware IS dd-wrt micro. BTW, just in case your wondering, my home router is WRT54G V.6 Quote Link to comment Share on other sites More sharing options...
tim.vangehugten Posted April 11, 2009 Share Posted April 11, 2009 h3%5kr3w, you have a fon, don't you? And nowadays its verry easy to flash your fon with the freifunk GUI http://download.berlin.freifunk.net/fonera/ Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 11, 2009 Share Posted April 11, 2009 oh, yah, I do have a fon, but I dont use it for a home router is what I am saying. Yes mine is flashed to the fullest with jasager v.2. Quote Link to comment Share on other sites More sharing options...
shonen Posted April 12, 2009 Author Share Posted April 12, 2009 I always wanted a fon, never seen them available in oz. I did look into importing one but the exchange rate is a little harsh at the minute. Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 12, 2009 Share Posted April 12, 2009 rly? did you try picking up the $15 off coupon from somebody? *that's what I did* Quote Link to comment Share on other sites More sharing options...
shonen Posted April 13, 2009 Author Share Posted April 13, 2009 Nope I wasn't aware of that, even still if the postage on most things from the states is anything to go by I am up shit creek without a paddle. XD Besides after my recent purchasing over the passed two weeks on cisco shit, I am flat broke. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.