30 november, 2014

Kung och 5lot hackar Bredbandsbolagets modem

Information om de omtalade sårbarheterna i Bredbandsbolagets modem har nu släppts till allmänheten. Det är dags att bli mörkrädd…

Apart from the “user” account previously mentioned, the router turns out to have three additional accounts; “root”, “Kundservice” and “Kung”. Since these are ordinary Linux level users, the hashes for these accounts are present in /etc/shadow.

While the “root” and “Kundservice” accounts appear to have passwords of decent quality (i.e. we have not yet been able to crack them), the “Kung” account turns out to have the password “5lot”.

Using the “Kung” account, one can access privileged settings in the web interface, and it is also possible to access a CLI configuration interface via telnet.

It is quite remarkable that a hidden privileged account has an extremely weak, four-letter password.

Skrämmande.

Tankar och funderingar? Prata med @tdh på Twitter, eller annorstädes.