Jump to content

Victim can access management page


crystal

Recommended Posts

Hi everyone.

Devices that connect to the an open AP (from PineAP SSID Pool) can browse to the management page (172.16.42.1:1471). I guess that access is supposed to be allowed only for devices connected on Management AP.

The error persist even after a firmware reset.

Does anybody know to fix it?

Link to comment
Share on other sites

21 minutes ago, crystal said:

Hi everyone.

Devices that connect to the an open AP (from PineAP SSID Pool) can browse to the management page (172.16.42.1:1471). I guess that access is supposed to be allowed only for devices connected on Management AP.

The error persist even after a firmware reset.

Does anybody know to fix it?

Yeah, if this is happening, this should be more like a bug, not a feature request to be able to turn off.  I think the management of the device should not be available from the open spoofed wifi.  Was there a Blackhat talk showing a screenshot of a p0wned Pineapple used at a defcon with a nice message for the owner?  Wonder if this was how it was p0wned?

Link to comment
Share on other sites

10 minutes ago, PoSHMagiC0de said:

Yeah, if this is happening, this should be more like a bug, not a feature request to be able to turn off.  I think the management of the device should not be available from the open spoofed wifi.  Was there a Blackhat talk showing a screenshot of a p0wned Pineapple used at a defcon with a nice message for the owner?  Wonder if this was how it was p0wned?

The Def Con you mentioned was held in 2014, before NANO was released (news link). According to the news, Hak5 fixed the bug used by the attacker. Don't think it's related to the one I mentioned in this thread.

Link to comment
Share on other sites

the bug on the mark5 is different from this.  I have noticed this also but remember that wlan0 (OpenAP for Pineap) and wlan0-1 are run off the same radio.  wlan0-1 is a virtual interface for the management AP which is why I think you can access it from both AP's.  With that said, and I know this doesnt fix anything, but how many people do you know that will know the port number 1471 and try to access that from the openap.  also even if they get there they still need the password to access it.  That doesnt mean they couldnt try to bruteforce the password and get access if your password is weak.  

Link to comment
Share on other sites

Just a quick brainstorming...with or without sense :wink:

What a about

  • a .htaccess file to protect the Login, nobody know´s what´s behind
  • change webserver config to allow only some IP´s to the Login for the admin folder
  • seperate IP range for clients or a smaller netmask so you can route Client´s separate
  • Own network interface for clients or a VLAN

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...