Олег Купреев «Уязвимости программного обеспечения...
Preview:
Citation preview
- 1. Telecommunication Hardware Vulnerabilities
- 2. WHOAMI HACKER REASEARCHER @ DSEC.RU @090h, root@0x90.ru
ADMIN @ ISP IN THE PAST HACKING TELECOMMUNICATIONS SINCE 2001
HACKING HARDWARE SINCE 2012 DREAM TO LEARN, LEARN TO DREAM
- 3. TELECOM HARDWARE MODEM ROUTER SWiTCH ATS HYBRiD
- 4. VULNERABiLiTiES DEFAULT CREDENTiALS (admin:admin,
admin:1234, cisco:cisco) PLAiNTEXT PASSWORDS (/var/passwd)
BACKDOORS/ISP ACCOUNTS AUTH BYPASS USER iNPUT MiSVALiDATiON
(COMMAND/SQL/HTML/XML injection) iNFORMATiON DiSCLOSURE CSRF XXE
BOF (stack, heap, of-by-one) WPS*
- 5. VENDORS & VULNS @ EXPLOiT DB Cisco 144 D-link 81 Linksys
49 Netgear 36 TP-Link 18 Zyxel 15 Huawei 13
- 6. MODEMZ
- 7. 3G/4G modems. Made in China by Huawei.
- 8. Zero CD
- 9. Zero CD-RW
- 10. EViL C0NF
- 11. OUC.EXE = OUCH LPE
- 12. 3G/4G MODEM -> CYBERWEAPON
- 13. CR0SSPLATF0RM 3G/4G M0D3M R00TKiT
- 14. ROUTERZ
- 15. SDLC BUBEN DANCiNG
- 16. BACKUP=FCUKUP
- 17. GET HTTP REQUEST
- 18. 20 AUTH BYPASS + CSRF = CONFiG UPLOAD 8) Firewall/AV bypass
Botnet via Habrahabr
- 19. 21 habrahabr.ru CSRF Evil FTP server Config CSRF
- 20. Network configuration PPPOE account SIP account
CONFiGURATiON
- 21. OLD DAYS
- 22. 24 2-12-85-06 2-12-85-06 2-12-85-06 2-12-85-06 2-12-85-06
2-12-85-06 XXI century
- 23. AUTH BYPASS + CSRF + COMMAND INJECTION = w00t w00t rem0t3
reb00t Back to 90s.. Do you remember +++ATH.jpg trick? WARNINNG!!!
WARNINNG!!! WARNINNG!!!
- 24. Huawei HG8245 Jtagulator Huawei 8245 hacking
- 25. PLACE 4 FUTURE ViRUSES
- 26. PASSWORDS.
- 27. How to rob the train in XXI century? Easy!
- 28. WARNINNG!!! WARNINNG!!! WARNINNG!!! WITH GREAT POWER COMES
GREAT RESPONSIBILITY 272, 273, 274
- 29. STAGE 0x00 Search for train with WiFi Buy train ticket Dont
miss the train
- 30. STAGE 0x01 admin
- 31. STAGE 0x02
- 32. STAGE 0x03
- 33. STAGE 0x04
- 34. SIP hacking? Port 5060 + SHODAN Auth needed? Web
interface?
- 35. CALL TO UID 0
- 36. but check!Trust,
- 37. Any questions? INFO: @090h root@0x90.ru Links
https://github.com/0x90/routerz https://github.com/0x90/modemz