Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : When I was playing around with MSF (MetaSploit Framework), I wanted to try out more with the ?autopwn? function. For those who do not know how it works, here is the standard command-set that I use for it: load db_sqlite3 db_destroy db_create db_nmap -vv iprange.1-254 (with maybe some other arguments you like) Then it uses nmap to scan the IP-addresses, and adds them to the sqlite3 database. Once the scan is finished, you can see the results by using: db_hosts This will output all the IP-addresses that are added to the database and will also give you information about a possible OS running on the system. The following command that I usually do, is obviously the autopwn function. Like this: db_autopwn -p -t -e Enough about that, let's get back to the subject that I really want to talk about here. So I decided to go wild, and googled for some Brasillian IP-range, which in this case was ?201.22.183.x?. Once I started the nmap scan, with only the -vv option and the ip-range ?201.22.183.1-254?. Quickly there was a lot of output on my screen with IP-addresses that had port 80 open on that range. I decided to visit one in my browser and found out it was locked with a username and password. I saw ?DSL Router? in it, so I gave ?admin / admin? a shot, with success, I was in and had access to the router. So I tried some more, and came across different kinds of routers, and even camera systems. I reminded myself that I downloaded a HTTP Auth Scanner a few days ago, that uses the standard passwords such as ?admin / admin?, ?tech / tech?, ?root / root? etc. The scanner is called ?fscan?, or ?Fast HTTP Auth Scanner v0.6?. More information and a download link can be found here: http://www.514.es/2007/07/fast_http_auth_scanner.html Obviously I could not wait to give this a try, so I started up cmd on my laptop, and started the scanner. But now I did the complete c-class range, so 201.22. Here is the command I used: fscan.exe --ports 80 --hosts 201.22.1.1-201.22.255.254 ?threads 100 I did not really expect that much, but there was more vulnerable than expected. Very much IP-addresses on the range had port 80 open with their router software externally accessable for everyone who had the password or who, like me in this case, tried a tiny bruteforce on it with standard passwords. Here is the result of fscan.exe: http://pastebin.com/m4c5cdba5 As you can see, this is pretty shocking, in some weird kind of way. Remember this is only one ISP/IP-range that has been scanned and I am pretty sure there are a lot of these out there. Maybe I will try to find more, however I am not using it for other things than knowledge. Some routers can be programmed in some way that they can execute or host things, or if you change certain things in the routers you could probably even access the connected computers easily. Imagine having a few computers scanning IP-ranges like this, and using them for the bad... ~KL read more






Les derniers articles du site " Attack Research" :

- Spammers, Feed back, and more
- First Blog Spam on AR!
- Very worthwhile post at carnal0wnage by Tebo
- Banking Spam - Northern Trust Bank Report: SSL Certificate Installation
- Reasons Boston Source is my new favorite conference:
- The future of Cyber Warfare.
- Exploit site Includes PDF exploit
- Dumping Memory to extract Password Hashes Part 1
- Dumping Memory to extract Password Hashes Part 2
- Here we go again! CHAR II ... the return of CHAR!

---

S'abonner au fil RSS global de la revue de presse

---