Dumping the admin password of the BT Home Hub

So BT added a new security feature on the latest version of the BT Home Hub firmware (6.2.6.E at time of writing) which changes the default admin password from admin to the serial number of the router. From BT Support and Advice site:

When I first noticed this new feature I thought it was quite cool and definitely a good move from BT. [...]

more | comments | comments rss | posted by

Holes in Embedded Devices: Authentication bypass (pt 4)

This kind of authentication bypass bug can go easily undetected during a security assessment if not enough attention is paid. In order to understand this type of vulnerability, we need to be familiar with settings pages available on devices’ web interface that allow the admin user to modify settings.

Administrative web interfaces have different sections/menus available to logged-in administrators. Each section is just a HTML page with a form designed to make configuration changes. [...]

more | comments | comments rss | posted by

Router Hacking Challenge

We want you to hack your router! Yes, You. We want you to hack your router and make your findings public on this very same page, the sla.ckers forum or at hackerwebzine[at]gmail[dot]com. The best and most interesting hacks will receive credit, a lot of attention and good media coverage.

The challenge is supposed to run from 2nd February until 29th February, though it is something that is yet to be clarified because we know that there is a lot to be found. [...]

more | comments | comments rss | posted by

XSSing the Lan

Since there is a growing interest in XSS (Cross-site Scripting) attacks, I will try to put in theory how border routers/gateways can be trivially compromised over the web. For the purpose of this, three prerequisites need to be met: a page that is controlled by the attacker, lets call it evil.com; router vulnerable to XSS; user attending evil.com.

Once the user visits evil.com a malicious JavaScript code executes to find what machines are alive on the LAN and where the router is located. [...]

more | comments | comments rss | posted by