Be careful when browsing the web interface Check your DNS servers on a weekly basis
DDWRT DNS UNREPLIED PASSWORD
Change your router's administrative password □ Logout (if possible) / Wipe browser's cache after finishing Only log into the web interface when needed Get into the advanced configuration interface Not as easy as buying a brand new router Mitigations only work for specific models Exploits an Internet Explorer client-side vulnerability: Using a Reflected Cross Site Scripting to get a Reverse Bypass Authentication using SMB Symlinks Reflected XSS + client-side attack to get Reverse Shell Unauthenticated Cross Site Scripting via DHCP Request Social Networks = Build the easiest botnet ever! The attacker is outside of the victim's LAN Attacker is connected to the victim's LAN either using an Open critical ports for remote WAN hosts Allows application to execute network configuration Enabled by default on several router models Hints about router's administrative password
Detailed list of currently connected clients Obtain critical information without requiring any But allows attackers to change any configuration setting Shows why multiple user accounts are unsafe User without administrator rights is able to escalate The malicious script is injected within Connected Send a DHCP Request PDU containing the malicious
DDWRT DNS UNREPLIED CODE
Script code injection is performed locally without BeEF hooks link to a more complex script file hosted by Unauthenticated Cross Site Scripting Input field character length limitation Browser Exploitation Framework is a great help Inject malicious script code within the web Attack feasible if credentials have never been changed Requires embedding login credentials in the Change any router configuration settings by sending Settings without requiring authentication Persistent DoS / Restore router to default Service misconfiguration: SMB and Twonky Media Server Improper file permissions: Web configuration interface Allows unauthenticated attackers to carry out router □Passwords for these accounts are never changed Example 1 – Dictionary for DNS Hijacking via CSRF Álvaro Folgado, José Antonio Rodríguez, Iván Sanz Soho routers: swords and shields CyberCamp 2015
0 kommentar(er)
