VnutZ Domain
Copyright © 1996 - 2020 [Matthew Vea] - All Rights Reserved

2013-10-26
Featured Article

Backdoor in D-Link Products

[index] [981 page views]
Tagged As: Exploit, Hacking, and Security

Security is often such an after thought for people in that they have an implicit trust in their purchased products. Security researcher Craig Heffner of Tactical Network Solutions recently uncovered a backdoor in D-Link router products. How easy is it to gain full access? Simply set the browser string in your HTTP User Agent to xmlset_roodkcableoj28840ybtide and you can bypass the authentication mechanism. This one wasn't even well hidden, just read the string backwards and its obviously "editby04882joelbackdoor". There's a short article on how this sort of thing was discovered on devttys0.com. The gist of it involved decompressing the firmware image, extracting the embedded filesystem, looking at interesting strings (found "auth"), and then analyzed the disassembled code for the function. That revealed when a particular user agent was present, it automatically authenticated. Instant backdoor access to every device using that firmware.



More site content that might interest you:

Next time you make a big life decision, wait until you must urinate.


Try your hand at fate and use the site's continuously updating statistical analysis of the MegaMillions and PowerBall lotteries to choose "smarter" number. Remember, you don't have to win the jackpot to win money from the lottery!


Tired of social media sites mining all your data? Try a private, auto-deleting message bulletin board.