Comments on: Hacking with UPnP (Universal Plug and Play)

By: Disable A Protocol Called UPnP On Your Router Now To Avoid A Serious Set Of Security Bugs - Forbes

Tue, 29 Jan 2013 21:26:22 +0000

[...] devices that use the protocol. The vulnerabilities in the protocol have persisted despite numerous warnings from security researchers and even a warning from the FBI about the protocol’s insecurity as [...]

By: Talk: Attack UPnP – The Useful plug and pwn protocols –

Talk: Attack UPnP – The Useful plug and pwn protocols – — Sat, 18 Jun 2011 13:01:21 +0000

[...] What are the hacks? Well, you can open port 53 on your router inside and outside, redirect traffic to a rogue DNS server and hijack data transmission by fake DNS information. You can trick Microsoft Windows into downloading malicious image files from the Internet. Due to poor error checking you can put NAT rules into non-volatile memory, so that the trick „turn it off and on again“ doesn’t work anymore. This means you can put backdoors into a router (by using port forwardings) that stay there. You can exhaust port ranges used for specific protocols (such as VoIP). You can remove port mappings as well. You can list all dynamic port mappings of a device. The list goes on and on and on… [...]

By: WiFi Infestations – Viral Wardriving | GNUCITIZEN

WiFi Infestations – Viral Wardriving | GNUCITIZEN — Fri, 13 May 2011 21:14:38 +0000

[...] receiving them, UPnP enabled devices will piggy back with information about their UPnP interfaces. Many UPnP devices allow unauthorized access to critical features such as resetting the admin credentials, portforwarding and primary, DNS [...]

By: To hell with IPv4… - Jigeiko

To hell with IPv4… - Jigeiko — Thu, 29 Oct 2009 08:36:55 +0000

[...] But then I came upon the following: hacking with UPnP [...]

By: Wifi Ownage « Samaldis’s Blog

Wifi Ownage « Samaldis’s Blog — Mon, 09 Mar 2009 00:25:44 +0000

[...] router and changed the primary DNS server through many of the available methods in the wild, like UPnP hacking, [...]

By: LoRdRapTuReZ

LoRdRapTuReZ — Mon, 10 Nov 2008 02:43:25 +0000

I have an universal plug and play server gateway. And its protected with the password which was set by pervously guy who work in my company.So, is there any other options that i can reset the server gateway or get the default

By: The Invisible Infection, Revisited | All That's Evil

The Invisible Infection, Revisited | All That's Evil — Thu, 18 Sep 2008 17:53:58 +0000

[...] fine folks at GNUcitizen provided much of the information that I’m mentioning here, and they even have some carefully [...]

By: More UPnP Hacking Fun with Google Media Server | GNUCITIZEN

More UPnP Hacking Fun with Google Media Server | GNUCITIZEN — Fri, 27 Jun 2008 09:31:46 +0000

[...] our exploration in the fields of UPnP earlier this year with some smoking posts which covered some basic attacks and the advance flash attacks. Today I stumbled across Google Media Server, a desktop gadget which [...]

By: vino

vino — Mon, 28 Apr 2008 14:27:39 +0000

Thats Greatt.., You guys Rock !!!!

By: Inseguridad en UPnP. » Vida Casi Digital

Inseguridad en UPnP. » Vida Casi Digital — Fri, 11 Apr 2008 20:11:31 +0000

[...] Hacking with UPnP (Universal Plug and Play): http://www.gnucitizen.org/blog.....-and-play/ [...]

By: Nick

Nick — Fri, 28 Mar 2008 07:17:48 +0000

Alright.

So I’m in an interesting situation. A desperate friend convinced me to help him try to get a friend’s MSN and Gmail accounts back from a malicious ex-friend. I am now communicating with the malicious ex-friend’s router via Flash SOAP requests and I would really like to change this person’s DNS servers. Bad I know, but my friend claims her life is getting ruined. I am having trouble finding an API for SOAP communication with routers – specifically a 3COM OfficeConnect.

For justice!

By: WiFi Ownage | GNUCITIZEN

WiFi Ownage | GNUCITIZEN — Thu, 07 Feb 2008 11:00:18 +0000

[...] router and changed the primary DNS server through many of the available methods in the wild, like UPnP hacking, [...]

By: UPnP: The Saga Continues | GNUCITIZEN

UPnP: The Saga Continues | GNUCITIZEN — Sun, 20 Jan 2008 20:35:33 +0000

[...] already covered what UPnP is and how it works in most basic form. We’ve also showed how it can be exploited [...]

By: And Go it Does: CSRF « Reasons to Fear the Matrix

And Go it Does: CSRF « Reasons to Fear the Matrix — Fri, 18 Jan 2008 20:16:30 +0000

[...] a side note, the security issues raised by GnuCitizen about the use of UPnP (Universal Plug and Play) are quite more interesting. Of course, you have to be on the local [...]

By: Pericoloso bug per Flash e Excel :: News Orebla.it

Pericoloso bug per Flash e Excel :: News Orebla.it — Wed, 16 Jan 2008 13:26:26 +0000

[...] pubblicato dai due ricercatori (vedi articolo) si evince come il problema non sia localizzato in una mancanza di validazione da parte di Apple [...]

[...] ×›×“×™ ×œ×–×¨×– ××ª ×”×˜×™×¤×•×œ ×‘× ×•×©×. ×‘×—×•×“×© ×”××—×¨×•×Ÿ ×”× ×—×§×¨×• ×•×¤×¨×¡×ž×• ×ž×¡×¤×¨ ×ž××ž×¨×™× ×”×¢×•×¡×§×™× ×‘× ×•×©× ×›×”×›× ×” ×œ×’×™×œ×•×™. ×”×¦×ž×“ ×’×™×œ×” ×©× ×™×ª×Ÿ ×œ×™×¦×•×¨ ×§×‘×¦×™ [...]

By: rizki

rizki — Tue, 15 Jan 2008 10:25:13 +0000

how to hacking in the syistem

By: G-Brain

G-Brain — Sun, 13 Jan 2008 11:47:58 +0000

“Home Wirless”. An excellent article nonetheless.

By: Hacking The Interwebs | GNUCITIZEN

Hacking The Interwebs | GNUCITIZEN — Sat, 12 Jan 2008 12:57:28 +0000

[...] the last week we’ve tried to prepare you for this very moment by exposing bits and pieces on how UPnP works and why it is so important to keep it in mind when testing and securing networks. [...]

By: Adrian Pastor

Adrian Pastor — Fri, 11 Jan 2008 00:26:26 +0000

@zmx – Plug-and-Play Tester – like other upnp tools – are very handy for reverse-engineering the protocol. make a config change with the tool while sniffing the traffic. once the SOAP request is captured is trivial to convert to XHR() for remote exploitation.

@agent0x0 – you definitely made me want to test UPnP attacks on consoles. Nice idea as I’m sure they use UPnP stacks that can also be found on other devices besides gaming consoles.