no one is safe ...
//secure it#

Linksys X3000 - Multiple Vulnerabilities

Device: X3000
Vendor: Linksys

============ Vulnerable Firmware Releases: ============

Firmware Version: v1.0.03 build 001 Jun 11,2012

============ Vulnerability Overview: ============

OS Command Injection

The vulnerability is caused by missing input validation and can be exploited to inject and execute arbitrary shell commands.

You need to be authenticated to the device or you have to find other methods for inserting the malicious commands.

* OS Command Injection - Vector 1 (1):
=> Parameter: ping_ip

Multiple Vulnerabilities in D-Link DSL-320B

Device: DSL-320B

Firmware Version: EU_DSL-320B v1.23 date: 28.12.2010

Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/ds...

============ Vulnerability Overview: ============

  • Access to the Config file without authentication => full authentication bypass possible!: (1)

Request:

192.168.178.111/config.bin

Response

=======

Your Telnet Backdoor is waiting for you

It is too bad if your device has a backdoor directly from the vendor. In some devices of the vendor D-Link you are able to find a nice telnet server listening on the internal network interface. The following output shows the results of a Nmap scan of three different D-Link DIR devices (DIR-300revA, DIR-300revB, DIR-600revB):


root@bt:~# nmap -sSV -p 23 192.168.178.133,144,222
Starting Nmap 6.01 ( http://nmap.org ) at 2013-04-30 13:42 CEST
Nmap scan report for 192.168.178.133
Host is up (0.0067s latency).
PORT STATE SERVICE VERSION

Multiple Vulnerabilities in D'Link DIR-635

Device Name: DIR-635
Vendor: D-Link

============ Vulnerable Firmware Releases: ============

Firmwareversion: 2.34EU
Hardware-Version: B1
Produktseite: DIR-635

============ Vulnerability Overview: ============

  • Stored XSS -> Status - WLAN -> SSID

Special Webcast: Hacking Embedded Systems (No Axe Required)

Hey guys,

yesterday @pauldotcom gave a great webcast on hacking embedded devices. Following some impressions of this webcast.

On a slide with HD Moore ... h00ray ;)


And the MIPS payloads of the #metasploit framework: