DEFCON 18: How to Hack Millions of Routers 1/3

25,559

Sign in or sign up now!

Uploaded by ChRiStIaAn008 on Oct 5, 2010

Speaker: Craig Heffner

This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections.

A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials. A live demonstration will show how to pop a remote root shell on Verizon FIOS routers (ActionTec MI424-WR).

Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.

For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html

Category:

Science & Technology

License:

Standard YouTube License

94 likes, 1 dislikes
As Seen On: FreeStuff.gr

Top Comments

I'm Commander Shepard and this is my favorite DEFCON 18 video

lackofsupervision 11 months ago 13
Ah, my schools router uses Javascript to authenticate the login. All I had to do was use Firebug to remove that line, and it lets me in without a problem. :3

1waitandbleed1 11 months ago 10

see all

All Comments (24)

fine dont believe meh, i dont care o.o

itsbasil1126 2 weeks ago
@itsbasil1126

HAHAHAHAHA! yeah sure^^

nsawilla 2 weeks ago
@itsbasil1126 dumbshit

brendameistar 2 weeks ago
Does anyone have a site to learn all this?

JizzMasterPino 1 month ago
Your vid is a favorite on Nay Pyi Taw

ozawablog 1 month ago
@itsbasil1126 kids, sigh.

rapandthekillers 1 month ago
@itsbasil1126 Cool story, bro.

nuttex 1 month ago
Your video is a favorite on Skopje

fryejames12 2 months ago
@itsbasil1126 You know why that isn't true? Someone that would have done that wouldn't say it on youtube. Idiot, learn to lie.

alemaaltevinden 2 months ago
just bullshit

gilmarzenho 3 months ago
I hacked my school's network and got into the gradebook, attendance records, student and teacher and administrator files as well as their files on how much money they spend and get and the school's credit card. I screwed around with it and fucked up the network and their files, we didnt have computers for a whole month cuz it took them tht long to figure it out, and from the credit card i got around 23,000$, funny thing is, im only 15 and i did all tht. I covered my trail well and they nvr fo

itsbasil1126 3 months ago
I don't understand a thing!!!

MegaTutorial101 3 months ago
wtf with recommended videos?

MrAnimeOST1 3 months ago
Man defcon people leave in 1992...

Wolver1nEmkd 6 months ago
yeah but as u see now that pretty much no good now

vinngrizzle 6 months ago
@1waitandbleed1 haha

WEEDxSTAR 6 months ago
what if the user browses to ip addresses not domain names :)

reddoni 6 months ago
Amazingly impressive.

drmanian 7 months ago
cool!!

ubiqaf 1 year ago
Thats really cool!

(hey i am the 3000 viewer)

Safesoned 1 year ago
Clever.

kbo206 1 year ago
Amazing !

StorkReaver 1 year ago

DEFCON 18: How to Hack Millions of Routers 1/3

Category:

Tags:

License:

Link to this comment:

Top Comments

All Comments (24)