Speaker: Craig Heffner This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections. A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials. A live demonstration will show how to pop a remote root shell on Verizon FIOS routers (ActionTec MI424-WR). Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: defcon.org
Subscribe to:
Post Comments (Atom)
|
|
|
|
 |
 |
 |
 |
 |
 |
 |
 |
Sponsor Links
- Products Discount To Day
- Best Buy Vacuum Cleaner Reviews
- Easy Organic Baby Food
- Boston Acoustic Soundbar Immediately
- Discounted Waterbed Mattress
- Deep Pocket Flannel Sheets Queen Top Quality
- Shop Baby Rice Cereals
- Used Ezekiel Sprouted Grain Bread
- Saving Bushnell Pro Sport 450
- Peerless Articulating Wall Arm Get It Now!
- Axle Flange Toilet Parts
- Hitler, Adolf Norway
- Parking Gadgets Electrical
- Temperature Ignition Parts
- Looms and Accessories Fetish Wear
No comments:
Post a Comment