no one is safe ...

secure IT

Security Advisories

Posted Mon, 2013-05-06 11:44 by m1k3

2013

M1ADV2013-018 - Multiple Vulnerabilities in D-Link DSL-320B
Release Date: 06.05.2013
BID: 59659
Exploit DB ID: 25251

Multiple Vulnerabilities in D-Link DSL-320B

Posted Mon, 2013-05-06 11:42 by m1k3

Device: DSL-320B

Firmware Version: EU_DSL-320B v1.23 date: 28.12.2010

Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/ds...

============ Vulnerability Overview: ============

  • Access to the Config file without authentication => full authentication bypass possible!: (1)

Request:

192.168.178.111/config.bin

Response

=======

Your Telnet Backdoor is waiting for you

Posted Tue, 2013-04-30 14:18 by m1k3

It is too bad if your device has a backdoor directly from the vendor. In some devices of the vendor D-Link you are able to find a nice telnet server listening on the internal network interface. The following output shows the results of a Nmap scan of three different D-Link DIR devices (DIR-300revA, DIR-300revB, DIR-600revB):


root@bt:~# nmap -sSV -p 23 192.168.178.133,144,222
Starting Nmap 6.01 ( http://nmap.org ) at 2013-04-30 13:42 CEST
Nmap scan report for 192.168.178.133
Host is up (0.0067s latency).
PORT STATE SERVICE VERSION

Multiple Vulnerabilities in D'Link DIR-635

Posted Thu, 2013-04-25 08:36 by m1k3

Device Name: DIR-635
Vendor: D-Link

============ Vulnerable Firmware Releases: ============

Firmwareversion: 2.34EU
Hardware-Version: B1
Produktseite: DIR-635

============ Vulnerability Overview: ============

  • Stored XSS -> Status - WLAN -> SSID

Special Webcast: Hacking Embedded Systems (No Axe Required)

Posted Wed, 2013-04-24 14:28 by m1k3

Hey guys,

yesterday @pauldotcom gave a great webcast on hacking embedded devices. Following some impressions of this webcast.

On a slide with HD Moore ... h00ray ;)


And the MIPS payloads of the #metasploit framework: