Thursday, October 8, 2020

How i hacked bt telecom using an '95 trick

 SOooooo



About this,i have to first mention that this is just a legal.Now lets cut it to the chase


The processes is outlined below:


*OSINT USING Twitter in order to find the cve(i would call it more smthing cwe(common web vulnerability) since in this exploit is not involved any asm/c/bof/mem leak)

*OSINT USING SHODAN Engine in order to identify @ip vulnerable. 

*Exploit & Profit


First things first.


*OSINT USING Twitter in order to find the cve(i would call it more smthing cwe(common web vulnerability) since in this exploit is not involved any asm/c/bof/mem leak)

    Now anyone , does  cve2020-5902 ring a bell?In case not i will explain it to you.cve2020-5902 aka F5 IP RCE is a trivial exploit method caused by a trivial bug which is knows since '95.Now it happends that the whole internet buzzed out when this was disclosed. In case you did not know exploitdb is nothing compared to twitter.Generally people should have a twitter in case they just want to grab a lhf(low hanging fruit) in terms of bug bounty.It just so happend that i was following a reserach which just published a PoC(proof of concept) regards that cve.


* *OSINT USING SHODAN Engine in order to identify @ip vulnerable. 

Now this is the most trivial thing.Everyone use does some cyber should know about SHODAN. It's holly bible for us hackers.It does ip viking in order to do data mining in order to provide a bigger picture of vulnerable/open services around the internet.What i did was just build a simle query based around that cve.Let's break it down.The query used was:http.favicon.hash:-335242539 “3992”.The techniquck behind this is pretty old one here is a link which explains it :https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139.Now using that and entering that in the shodan search bar returned some ip which had the services running on them.


*Exploit & Profit

Once we knew our target ip it was a simple task as : python CVE-2020-5902.py @IP command to execute.In case you don't belive me here is are some screenshot.










*





at

2 comments:

  1. TestOctober 9, 2020 at 8:08 AM

    Hi

    How does the explanation you have provided in this blog is relevant to any of following three posts?

    +44 (0)116 250 6050

    chirag.dattani@dmu.ac.uk
    https://doar-e.blogspot.com/
    Name
    where you from?
    Why DMU?
    Hobbies/interests

    my.dmu.ac.uk












    Post 1: Welcome message
    Post 2: Introduction post
    Post 3: Reflection on your current software skills.

    You can surely improve with following:
    Explain what the blog is about, its purpose,
    how the blog title came about.

    Many thanks
    Chirag

    ReplyDelete
  2. SeoLogyApril 12, 2021 at 9:35 AM

    Incredible article and a pleasant method to advance on the web. I'm happy with the data that you gave. top telecom recruiters

    ReplyDelete

Subscribe to: Post Comments (Atom)

libprotobuf&libfuzz Part 2.

 We just dissect the source code from this guy's repo:https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning we will use sam...

  • libprotobuf&libfuzz Part 1.
    0x1.Introduction Protocol Buffers        I s a protocol that serializes data structures.It was developed by Google, and it is a language-ind...
  • Fuzzing with libafl
     Introduction to libFuzzer libFuzzer is part of the LLVM package.It allows you to integrate the coverage-guided fuzzer logic into your C/C++...
  • ESSAY ON WHY DEVELOPERS SHOULD START HACKING
           In the previous years,we have seen a continuous growing of cyber breaches and attack.Most of them arose due to some coding mistake,ei...