Home >Unlabelled > Hacker pierces hardware firewalls with web page
Hacker pierces hardware firewalls with web page
Posted on 9 Januari 2010 by c0decstuff
On Tuesday, hacker Samy Kamkar demonstrated a way to identify a browser's geographical location by exploiting weaknesses in many WiFi routers. Now, he's back with a simple method to penetrate hardware firewalls using little more than some javascript embedded in a webpage.By luring victims to a malicious link, the attacker can access virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. The method has been tested on a Belkin N1 Vision Wireless router, and Kamkar says he suspects other devices are also vulnerable.
"What this means is I can penetrate their firewall/router and connect to the port that I specified, even though the firewall should never forward that port," Kamkar told El Reg. "This defeats that security by visiting a simple web page. No authentication, XSS, user input, etc. is required."
Kamkar's proof-of-concept page forces the visitor to submit a hidden form on port 6667, the standard port for internet relay chat. Using a hidden value, the form surreptitiously coerces the victim to establish a DCC, or direct client-to-client, connection. Vulnerable routers will then automatically forward DCC traffic to the victim's internal system, and using what's known as NAT traversal an attacker can access any port that's open on the local system
For the hack to work, the visitor must have an application such as file transfer protocol or session initiation protocol running on his machine. The hack doesn't guarantee an attacker will be able to compromise that service, but it does give the attacker the ability to probe it in the hope of finding a weak password or a vulnerability that will expose data or system resources.
"Most people have this false sense of security that 'well, I'm behind my router, nobody can connect to my ports,'" said Kamkar, the hacker behind the notorious Samy Worm that in 2005 took MySpace out of commission by adding more than 1 million friends to the author's account. "If you're going to keep a service open to the world, you'll probably have more upkeep" to make sure it's secureThe problem is a hard one to solve, since NAT, short for network address translation, is included in many routers to give users a seamless experience when accessing a host of internet-based services and applications. The use of a software-based firewall on the client will help, but Kamkar warned that even then some ports may be accessible.
While Kamkar's proof-of-concept requires users to press a submit button, he said it's trivial to use javascript so no interaction is required after the page is visited.
Kamkar said he based his attack on IRC because many versions of Linux used to run routers support the protocol by default. He's based similar attacks on file transfer protocol and had success with both the Belkin and Airport Extreme routers and believes other services such SIP may work on those routers as well as other devices.
Your reporter was unable to get the IRC attack to work on a Netopia 3347-02, so mileage obviously varies. We're interested in hearing from Reg readers about what other routers are vulnerable. To test whether the attack can pierce your firewall, visit this page and specify the port of a service that's already running on your system. ®Source http://www.theregister.co.uk
One Response to “c0decstuff”
Total Pageviews
Labels
- Android (1)
- Aplication (14)
- ARP (1)
- Backdoored (2)
- Browser (1)
- Cloud (1)
- Exploitation (1)
- Exploits (7)
- Facebook (2)
- forensics (3)
- Hacking (11)
- Hijacking (1)
- Honeypot (1)
- HTML5 (1)
- ios (2)
- Jailbreak (2)
- Linux (1)
- Malware (5)
- metasploit (2)
- Meterpreter (1)
- Movie (1)
- Networking (1)
- News (2)
- password attack (2)
- Penetration Test (2)
- Python (1)
- reverse engineering (1)
- Rootkits (1)
- Security (12)
- shellcode (2)
- Stuxnet/Duqu (2)
- Uncategories (1)
- Virus (1)
- Vulnerability (8)
- Web (5)
- Wifi (1)
- Windows (5)
Blog Archive
-
▼
10
(67)
-
▼
Jan
(9)
- Windows XP Hack Administrator Account/ more Account
- Portable PHP Password Hashing Framework
- Active port forwarder
- Hacker pierces hardware firewalls with web page
- SCTP FORWARD-TSN OVERFLOW
- compile, secure, + run botnets
- httpdx Web server information disclosure
- Drupal Autocomplete Widgets for CCK Text and Numbe...
- Web Page Scennario
-
▼
Jan
(9)
Friendlist
Security Resources
-
-
-
This feed contains no entries
-
-
-
-
-
-
-
-
-
شركة نقل عفش بالخرج
شركة نقل عفش بالقصيم
شركة نقل عفش بخميس مشيط
شركة نقل عفش بتبوك
شركة نقل عفش بابها
شركة نقل عفش بنجران
شركة نقل عفش بحائل
شركة نقل عفش بالظهران