Oleg Kupreev - Telecommunication Hardware Vulnerabilities

0c988f4618b436b14ce6ddcecd52d11d?s=47 DC7499
July 03, 2015

Oleg Kupreev - Telecommunication Hardware Vulnerabilities

DEFCON Moscow 9

0c988f4618b436b14ce6ddcecd52d11d?s=128

DC7499

July 03, 2015
Tweet

Transcript

  1. 1.
  2. 3.

    WHOAMI • HACKER REASEARCHER @ DSEC.RU • @090h, root@0x90.ru •

    ADMIN @ ISP IN THE PAST • HACKING TELECOMMUNICATIONS SINCE 2001 • HACKING HARDWARE SINCE 2012 • DREAM TO LEARN, LEARN TO DREAM
  3. 5.

    VULNERABiLiTiES • DEFAULT CREDENTiALS (admin:admin, admin:1234, cisco:cisco) • PLAiNTEXT PASSWORDS

    (/var/passwd) • BACKDOORS/ISP ACCOUNTS • AUTH BYPASS • USER iNPUT MiSVALiDATiON (COMMAND/SQL/HTML/XML injection) • iNFORMATiON DiSCLOSURE • CSRF • XXE • BOF (stack, heap, of-by-one) • WPS*
  4. 6.

    VENDORS & VULNS @ EXPLOiT DB • Cisco 144 •

    D-link 81 • Linksys 49 • Netgear 36 • TP-Link 18 • Zyxel 15 • Huawei 13
  5. 7.
  6. 9.
  7. 11.
  8. 15.
  9. 17.
  10. 20.

    20 AUTH BYPASS + CSRF = CONFiG UPLOAD 8) •

    Firewall/AV bypass • Botnet via Habrahabr <IMG SRC =“PWN”…
  11. 25.

    AUTH BYPASS + CSRF + COMMAND INJECTION = w00t w00t

    rem0t3 reb00t… Back to 90’s….. Do you remember +++ATH.jpg trick? WARNINNG!!! WARNINNG!!! WARNINNG!!!
  12. 30.

    WARNINNG!!! WARNINNG!!! WARNINNG!!! • WITH GREAT POWER COMES GREAT RESPONSIBILITY

    • ВАС ПРИСТРЕЛЯТ ПО УТРУ – НЕ РАБОТАЙТЕ ПО РУ • 272, 273, 274
  13. 31.

    STAGE 0x00 • Search for train with WiFi • Buy

    train ticket • Don’t miss the train