Laughable IoT security

  • 🔧 Site instability resolved. You can report double-posts and broken attachments. For bigger issues, use the Technical Grievances thread.
    🇵🇦 Nuestro primer dominio localizado está en español en kiwifarms.pa. Our first localized domain is on Spanish on kiwifarms.pa.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
I had several of that router. They were $5 new-in-box at a local wholesaler, so I figured I'd pick a couple up for DD-WRT fileservers since they were cheaper than RPIs.

Amusingly the ftpd issue wasn't the worst issue. I'll just quote one of the pages about DDWRT compatibility on them:

If you did not reflash the device with any other firmware, you can get shell by going to 192.168.1.254/obama.asp. You can fire up telnetd with telnetd -l /bin/sh and get instant root access.
Presiona para expandir...

It was literally just a HTML form that executed commands as root via http get requests.
 
Smaug's Smokey Hole dijo:
Years ago there were some routers that could act as a NAS if USB HDDs were plugged in to them, pretty decent idea at the time, making the NAS an open internet-facing FTP server by default wasn't as great. For the oblivious owners, very fun for other people though.
Presiona para expandir...

I use syncthing for that purpose, it's shared between my computers only.

It's like dropbox without the use of 'The Cloud'.*



*other people's hard drives.
 
Smaug's Smokey Hole dijo:
Years ago there were some routers that could act as a NAS if USB HDDs were plugged in to them, pretty decent idea at the time, making the NAS an open internet-facing FTP server by default wasn't as great. For the oblivious owners, very fun for other people though.
Presiona para expandir...
Most routers today still do that, they just have the common sense option of locking the drive out from the external internet.
 
Debes iniciar sesión o registrarte para responder aquí.
Atrás
Top Abajo