Author Topic: Unsecured Packet8 Devices (Read 2723 times)

Godot · « **on:** March 18, 2007, 01:27:13 PM »

I was scanning for computers with port 80 open, and I found a couple completely unsecured Packet8 boxes. The most practical and fun feature I found to play with is the call log. It tells me who they called or were called by, and when. I could also change the box's network settings, set a password, or log packets (possibly used to moniter calls?). Any ideas on what I should do with these?

Godot · « **Reply #1 on:** March 19, 2007, 01:40:41 PM »

I just found an unsecured Linksys PAP2! It is connected to two phone lines, and I can forward all incoming calls on those lines to any phone number. It works. When I call the phone number on the status page after setting up call forwarding, it sends the call through to the forward number.

mr_doc · « **Reply #2 on:** March 19, 2007, 04:12:30 PM »

Quote from: Godot on March 18, 2007, 01:27:13 PM

I was scanning for computers with port 80 open...

You mean scanning for routers that are remote config enabled; otherwise if port 80 is open it's probably a webserver.

If this is a business forward the calls to RBCP or Murdoc so we can get some new 'takeover' calls

Godot · « **Reply #3 on:** March 19, 2007, 05:29:51 PM »

It claims to be Modern Amenity Homes, Inc. They don't get a ton of calls, but if RBCP or Murdoc want me to, I will set it up.

Godot · « **Reply #4 on:** March 22, 2007, 04:04:28 PM »

I found a ton more of the Packet8 devices while scanning some other IP ranges. Here is one for you all to play with: http://75.109.38.127/

brianwk · « **Reply #5 on:** March 30, 2007, 02:55:56 AM »

You can pull the SIP proxy and authorization details and make free phone calls from their VoIP account.

brianwk · « **Reply #6 on:** March 30, 2007, 03:38:40 AM »

Quote from: Godot on March 18, 2007, 01:27:13 PM

I was scanning for computers with port 80 open, and I found a couple completely unsecured Packet8 boxes. The most practical and fun feature I found to play with is the call log. It tells me who they called or were called by, and when. I could also change the box's network settings, set a password, or log packets (possibly used to moniter calls?). Any ideas on what I should do with these?

You can use SIP packet logging to gain access to the SIP username and password.
Enable SIP packet logging and then look for the SIP authorization packets, it will look similar to HTTP authentication. Then simply inject these packets. The way you inject the packets is up to you and I will leave it as an exercise to the reader to figure it out. I don't want to make it easy for script kiddies.

splynt0r · « **Reply #7 on:** March 30, 2007, 03:45:08 AM »

There is an edit button.
I found it about a week ago

News:

Author Topic: Unsecured Packet8 Devices (Read 2723 times)

Godot

Unsecured Packet8 Devices

Godot

Re: Unsecured Packet8 Devices

mr_doc

Re: Unsecured Packet8 Devices

Godot

Re: Unsecured Packet8 Devices

Godot

Re: Unsecured Packet8 Devices

brianwk

Re: Unsecured Packet8 Devices

brianwk

Re: Unsecured Packet8 Devices

splynt0r

Re: Unsecured Packet8 Devices