Domain: phenoelit.de
Stories and comments across the archive that link to phenoelit.de.
Comments · 22
-
Re:Old Hat...
Open printer, add PC-104 computer with ethernet and a linux on it along with a small switch. printer AND PC104 connect to the switch inside AND scab onto the power supply.
Printer + network scanner/document grabber completely hidden.
It's not even necessary to hide any physical equipment inside the printer. HP LaserJets can be hacked to steal documents, run port scans, host rogue FTP or HTTP servers, and more. FX from Phenoelit did some interesting work on this, but his website is now censored due to legal issues. Some of his stuff can now be found here.
-
Re:Who needs to avoid these countries?
In Germany it's forbidden to possess or publish software which can be used for illegal hacking (nmap, tcpdump etc).
http://phenoelit.de/202/202.html
Think of the computers.
-
How I get default passwords
#!/bin/bash
# arguement is device brand
curl -s http://www.phenoelit.de/dpl/dpl.html |
grep -i $1 | sed "s/]*>/ /g"
Is a script I use to get default passwords. I used to regularly reset to default because I was constantly playing with the settings of multiple devices. -
As the author of Nmap ...As the author of Nmap, I'm more than a little concerned about this law. It could mean that I can never again visit Germany, which is a shame because I have many friends there. But I don't want to risk a year in prison or the Halvar treatment. Many of these articles state as a matter of fact that the creation or distribution of Nmap (mentioned by name in TFA) is illegal now. If true, what does that mean for all the Linux distributors who include Nmap and other security tools?
Does anyone have a link to a good English translation and legal analysis of the new law? The Phenoelit page translates the law as affecting "computer programs whose aim is to commit a crime". That doesn't cover Nmap, which I designed for security professionals. But of course some blackhats use it too, and I don't want to bet my freedom on being able to convince a technologically illiterate judge in Germany of my intent.
I hope groups like the CCC (which is apparently quite powerful in Germany) are able to get this overturned! If legitimate German admins are afraid to use Nmap and other security tools while the crackers retain full access to them, that won't be a pretty sight!
-Fyodor
Insecure.Org
-
The ignorant Arrogance of German politicans.
Because of its vagueness, this yet to be commenced, but already passed law is a severe threat to the German security community! Experts of different interest groups have repeatedly expressed their serious concerns, but the politicans - naturally knowing better than any expert can - decided otherwise. For more information, please visit: http://www.phenoelit.de/202/202.html
-
Sad But True
A good start of this attack would be start with a simple JS port scanner and run the default password check on all webservers
,routers etc connected in the LAN,WAN and then control the Network
A simple JavaScript port scanner is here :
http://www.spidynamics.com/assets/documents/JSport scan.pdf
and default password list of most of the connected devices is here :
http://www.phenoelit.de/dpl/dpl.html
Njoy -
Re:HP Isn't the only brand
I had a summer internship with the R&D branch of one of those other companies you mentioned. I was tasked with writing an SSL man-in-the-middle platform, so when somebody told the security group, for instance, "Yeah, we're just going to use Anonymous Diffie-Hellman mode," the security group could clearly demonstrate why that was a stupid idea. Just to be clear, this was not a hypothetical situation. I mean really, ADH! "Sweet, I have an encrypted channel to... somebody!" *sigh* You have to jump through special hoops to get OpenSSL to use ADH at all.
This whole thing is old news, though. FX told us all about the fun you can have with printers way back at Defcon 10. -
Hacking Embedded Network Systems
FX of Phenoelit gave an amazing talk on this at CanSecWest/core03 back in 2003 that outlined how to turn a JetDirect printer into a webserver, fileserver or even a port scanner! We all had a huge chuckle at the thought of someone tracking down a port scanner on the network only to find it was coming from an HP printer.
The entire presentation is still available online in both PDF and PPT format.
The tools used to hack the printers are available here.
-
"Pwned", indeed-1, Submitter Doesn't Understand What He Read
Bottom line, this is a perfectly routine default password issue. Blame your bank.
-
The most dangerous?
-
"First-ever exploit"
The patches come more than three months after former ISS researcher Michael Lynn quit his job to present the first-ever example of exploit shellcode in Cisco IOS (Internetwork Operating System), a presentation that landed him in legal hot water. Cisco's advisory effectively confirmed Lynn's summer warning that the flaw could be exploited by remote attackers to execute arbitrary commands or cause a denial-of-service on compromised routers."
It was not the first-ever example of exploit shellcode in IOS, Phenoelit already made public some Proof-of-Concept IOS exploits in the past. Phrack 60 #7 -
Re:This is a good idea?
Q: How many dumb default passwords are out there anyway?
A: Lots! -
Re:Cisco is acting poorlyAlso, apparently the source for some of the work is available for download here.
So much for keeping it secret
... -
Re:No good deed goes unpunished.
Others did so before...
http://www.phenoelit.de/ultimaratio/index.html -
Re:My neighborhood
Can you say "tech support nightmare"?
You've got it all backwards. Can you say "tech support wet dream"?
"Okay, now enter your router password."
-"I dunno. What is it?"
-"Pick up the small box with the blinkenlights, theres a huge 8-digit number printed on it, this is it."
-"Okay, I'm in. What now?"
Have you ever been doing tech support at some mid-sized ISP? People can't even tell you which router they have which would allow for resetting the device and using some DPL. Next thing is usually they start yelling at you about your 'incompetence'. Poor souls. Life must suck for those if their stupidity drags them down that much. -
Re:At least they're default routers...
While we're on the subject, and before this gets out of hand, just a reminder to everyone about
The Default Password List
Indispensible tool. -
HSRP
I love sniffing the Cisco equivalent to CARP. Lots of HSRP calls to 224.0.0.224 with no security built in. A simple ARP poison will fuck the switch. More advanced attack methods can be found c/o Phenolit
-
This technique is OLD!!!
This has been around for years
-
Already used by backdoor
This method is already used by the proof-of-concept linux backdoor cd00r, written in 2000.
-
Risks of default passwordsDefault passwords are of course a problem, especially when many of these systems are operated by people who probably don't even know they are running an SMB server.
Also, even those who know better often seem to leave passwords to default if the system shouldn't be accessible from the outside. A typical example of such a system is an ADSL router / firewall. I know several of these whose password is left as standard. Granted, attacking them will be more difficult (and probably cannot be automated like in this case) but once one of the hosts inside is rooted, it's easy to connect to the router from within the LAN and gain access to the rest of the services.
-
Happens everywhere
Here's a list of 1090 backdoors.
-
My ZyXEL 600 had this problem...
First thing I did with my ZyXEL Prestige 600 is change that damned default password.
To do this, at least on my 600:
1. Telnet in (make sure you have vt100). On my LAN, the Zyxel is set at 192.168.1.1 -- I don't know how Sprint has it.
2. Use the default 1234 password, and then hit return to log in.
3. At the menu, type "23" and return. 23 is the option for the "System Password" page.
4. Now type the old and new password (twice) using the TAB key to skip fields. Don't pick something obvious.
5. Go down to where it says "Enter here to CONFIRM or ESC to CANCEL" and hit ENTER/RETURN to save your new password. (You may be asked to confirm that you want to do this.)
6. When you get back to the main menu, exit your telnet session by typing "99".
7. Try telnetting in again using 1234 and make sure it doesn't work. Now try to use your new password.
8. Profit.
I'm guessing that if these aren't the exact instructions for the later Prestiges, it'll be pretty close.
Even better than changing passwords is to disable remote login from outside the local network. (I hear this is the default on new Prestige modems). Or, depending on how insecure your LAN is, you can assign particular IPs permission to get in and block all others. This is accomplished using a "filter", just like a w/ a firewall.
To block incoming telnet sessions on the WAN, check out this page. This page also offers a "probe" you can use to discover vulnerable modems.
Finally, check this list for common default passwords. This is an important page, so check it for any equipment you might be using.
W