PLA Forums

Other Stuff That Has Little To Do With PLA => Techinical Shit => Phreaking, Hacking, Social Engineering, Lock Picking => Topic started by: Godot on March 18, 2007, 01:27:13 PM

Title: Unsecured Packet8 Devices
Post by: Godot on March 18, 2007, 01:27:13 PM: I was scanning for computers with port 80 open, and I found a couple completely unsecured Packet8 boxes. The most practical and fun feature I found to play with is the call log. It tells me who they called or were called by, and when. I could also change the box's network settings, set a password, or log packets (possibly used to moniter calls?). Any ideas on what I should do with these?
(http://img364.imageshack.us/img364/4968/packet8fd3.th.png) (http://img364.imageshack.us/my.php?image=packet8fd3.png)
Title: Re: Unsecured Packet8 Devices
Post by: Godot on March 19, 2007, 01:40:41 PM: I just found an unsecured Linksys PAP2! It is connected to two phone lines, and I can forward all incoming calls on those lines to any phone number. It works. When I call the phone number on the status page after setting up call forwarding, it sends the call through to the forward number.
(http://img386.imageshack.us/img386/7905/pap2vb1.th.png) (http://img386.imageshack.us/my.php?image=pap2vb1.png)
Title: Re: Unsecured Packet8 Devices
Post by: mr_doc on March 19, 2007, 04:12:30 PM: Quote from: Godot on March 18, 2007, 01:27:13 PM
I was scanning for computers with port 80 open...

You mean scanning for routers that are remote config enabled; otherwise if port 80 is open it's probably a webserver.

If this is a business forward the calls to RBCP or Murdoc so we can get some new 'takeover' calls
Title: Re: Unsecured Packet8 Devices
Post by: Godot on March 19, 2007, 05:29:51 PM: It claims to be Modern Amenity Homes, Inc. They don't get a ton of calls, but if RBCP or Murdoc want me to, I will set it up.
Title: Re: Unsecured Packet8 Devices
Post by: Godot on March 22, 2007, 04:04:28 PM: I found a ton more of the Packet8 devices while scanning some other IP ranges. Here is one for you all to play with: http://75.109.38.127/
Title: Re: Unsecured Packet8 Devices
Post by: brianwk on March 30, 2007, 02:55:56 AM: You can pull the SIP proxy and authorization details and make free phone calls from their VoIP account.
Title: Re: Unsecured Packet8 Devices
Post by: brianwk on March 30, 2007, 03:38:40 AM: Quote from: Godot on March 18, 2007, 01:27:13 PM
I was scanning for computers with port 80 open, and I found a couple completely unsecured Packet8 boxes. The most practical and fun feature I found to play with is the call log. It tells me who they called or were called by, and when. I could also change the box's network settings, set a password, or log packets (possibly used to moniter calls?). Any ideas on what I should do with these?
(http://img364.imageshack.us/img364/4968/packet8fd3.th.png) (http://img364.imageshack.us/my.php?image=packet8fd3.png)
You can use SIP packet logging to gain access to the SIP username and password.
Enable SIP packet logging and then look for the SIP authorization packets, it will look similar to HTTP authentication. Then simply inject these packets. The way you inject the packets is up to you and I will leave it as an exercise to the reader to figure it out. I don't want to make it easy for script kiddies.
Title: Re: Unsecured Packet8 Devices
Post by: splynt0r on March 30, 2007, 03:45:08 AM: There is an edit button.
I found it about a week ago ;D