Kung och 5lot hackar Bredbandsbolagets modem

Information om de omtalade sårbarheterna i Bredbandsbolagets modem har nu släppts till allmänheten. Det är dags att bli mörkrädd…

Apart from the “user” account previously mentioned, the router turns out to have three additional accounts; “root”, “Kundservice” and “Kung”. Since these are ordinary Linux level users, the hashes for these accounts are present in /etc/shadow.

While the “root” and “Kundservice” accounts appear to have passwords of decent quality (i.e. we have not yet been able to crack them), the “Kung” account turns out to have the password “5lot”.

Using the “Kung” account, one can access privileged settings in the web interface, and it is also possible to access a CLI configuration interface via telnet.

It is quite remarkable that a hidden privileged account has an extremely weak, four-letter password.


Have you read <em>Haunted Futures</em> yet? cover

Have you read Haunted Futures yet?

I’ve got a story in the science fiction/near future anthology Haunted Futures, together with the likes of Warren Ellis and Tricia Sullivan. Check it out!