gh0sts of the old Exploits: Rooting ‘5’ Quick Servers when Bored !
I am an experienced Vulnerability Researcher and Security Architect with 16+ years of experience in various verticals and horizontals, be it consumer electronics, semiconductors, automotive or other. Having started in software engineer in low-level embedded devices from writing applications to kernel drivers on various operating systems and then moving to my real calling i.e. hacking. Love to stick to the older golden days of game hacking, BBS, shareware, phreaking, phrack, virus era, metal music, cheats and many more such cool stuff from the underground. I wear many hats from time to time as necessary - but I also love to help people and organizations to deal with the core cybersecurity issues and not provide them a checklist with a presentation. Opinions and posts on my site are purely my own and do not reflect my work.
I was quite bored today afternoon after a heavy mutton lunch – while sleep was around the corner of my eyes, something else caught my attention, I just saw one port that I have had a history with. When I was out doing security stuff not far back in the day on OS’s – when I used to work on QNX systems for infotainments. P.S Read the below article from someone for context.
Hacking QNX systems over QCONN
The Boring FUN part:
I wondered whether my old exploit works for any newer sites or if I can index some new sites for this cheap vulnerability. Boy, the new popular mass indexer gave quick hits on this port and I just wanted to be a skiddie for few mins and try my exploit sequence. The indexer gave me at-least 100+ hits – Starting with the first one which was a popular telecom operator from Spain.
I entered the IP on netcat, put the port in and hit fire – Fucking lousy Shit returned the success string of the my exploit – Obviously, here you go ahead and run your command sequence to trigger the vulnerability while that garlic from mutton is hitting you !
How Many ?
I tried 5 – All of them went through – Telecom Operators from Spain & Russia, Giant from China, Some Top universities from the US(who by the way take exorbitant fees for their Master’s program – so I’m told) and some Industrial Control System from Spiderman’s hometown.
Images speak louder than words – Fuck this Shit \n/
Spain:
Russia
China
US
Do you still need a 5th ? Don’t be a skiddie – look on your own.
Access Level: gh0stshell (like literally)
Most of these servers have telnet, ssh, FTP and what not which has a lot of juicy data – Which by the way you should not touch. The access level we have allows us to transfer file and inject/upload anything and run it without restrictions – Go Figure How !
Being a not so bad Black Hat – I don’t want you to use this for scamming or stealing any data. Besides all information is still publicly available ! Writing this small article took me more time than pwning these 5+ servers.
Server Pwned with Root Access – 5
Time Take to pwn all of them – 5 mins – It will take me even less with this exploit if I wrote some shitty netcat automation – which I leave it for the pro’s out there.
Time taken to write and compile this show-off article – 25mins – WTF ! – I could have pwned more servers in that time.
Black Hat Scenario – I can probably sell access to these sites on DarkNet for some quick dirty money – but my those days are long gone.
Note: I did not pivot anywhere else from these servers
Leaving it here now – Hack Dis ?-responsibly !
