Who is smarter is right? Hacker's Notes part 3 of 5
In previous issues, I told the story of the failure of the championship in the computer club and the magical SysRq in Sunrise , from the first one you can draw my motives and information about the real sources of these stories.
So, we will not repeat, and I immediately turn to the third ballad from the cycle, about provider Gorbin, until I was completely zaminusovali.
My friend was connected to the local "home network" for several years when Gorbin came to his area.
It so happened that the local network at that time had major problems with communication, and he decided to connect to Gorbin in order to know everything in comparison.
And I went to visit him, pick up the disc, and at the same time evaluate the delights of the new provider.
What was my surprise when the ettercap managed to catch some kind of snmp-package, from which it was clear - someone in Gorbin decided not to change the default snmp-community “private”.
')
It was possible to extinguish and raise ports, receive information on interfaces, a table of MAC addresses ...
Looking ahead, I can say that you could even send a snmp request in order for the switch to merge its config to the tftp server.
The first step is to build a network map, focusing on fdb-table data. After all, I did not want to accidentally cut myself off from the rest of the world.
Within a few hours, the scale of the disaster became clear - 4 segments of 20 houses each.
How to put them all?
The solution was found original - I damaged the original firmware for the switch, right in the binary editor. Hoping that the checksum will match, or the switch will not pay attention to it. Raised from a friend tftp server. And he began to send commands to the switch so that he updated this fake firmware from our server. From the third time - a ride! The switch was capturing the firmware, and, apparently, did not get up anymore.
Further, within a few hours, from the farthest "leaves" of our tree, to us - the root, all the switches of the Gorbin provider in the area of my friend were "updated".
The next 3 days a friend observed in the area a huge number of installers Gorbina with huge backpacks over his shoulders.
What do you think was in the backpacks? That's right, new switches. The hornback is so powerful that in a few days it has completely restored everything. And a friend continued to use it, in the end.
In the following issues of "who is smarter than he is right," you can wait for: "a provider who has forgotten to remove the demo.php file from the standard spaw delivery" and "a small provincial provider and a thunderstorm to order."
So, we will not repeat, and I immediately turn to the third ballad from the cycle, about provider Gorbin, until I was completely zaminusovali.
My friend was connected to the local "home network" for several years when Gorbin came to his area.
It so happened that the local network at that time had major problems with communication, and he decided to connect to Gorbin in order to know everything in comparison.
And I went to visit him, pick up the disc, and at the same time evaluate the delights of the new provider.
What was my surprise when the ettercap managed to catch some kind of snmp-package, from which it was clear - someone in Gorbin decided not to change the default snmp-community “private”.
')
It was possible to extinguish and raise ports, receive information on interfaces, a table of MAC addresses ...
Looking ahead, I can say that you could even send a snmp request in order for the switch to merge its config to the tftp server.
The first step is to build a network map, focusing on fdb-table data. After all, I did not want to accidentally cut myself off from the rest of the world.
Within a few hours, the scale of the disaster became clear - 4 segments of 20 houses each.
How to put them all?
The solution was found original - I damaged the original firmware for the switch, right in the binary editor. Hoping that the checksum will match, or the switch will not pay attention to it. Raised from a friend tftp server. And he began to send commands to the switch so that he updated this fake firmware from our server. From the third time - a ride! The switch was capturing the firmware, and, apparently, did not get up anymore.
Further, within a few hours, from the farthest "leaves" of our tree, to us - the root, all the switches of the Gorbin provider in the area of my friend were "updated".
The next 3 days a friend observed in the area a huge number of installers Gorbina with huge backpacks over his shoulders.
What do you think was in the backpacks? That's right, new switches. The hornback is so powerful that in a few days it has completely restored everything. And a friend continued to use it, in the end.
In the following issues of "who is smarter than he is right," you can wait for: "a provider who has forgotten to remove the demo.php file from the standard spaw delivery" and "a small provincial provider and a thunderstorm to order."
Source: https://habr.com/ru/post/86912/
All Articles