Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35

Thread: What can someone do after discovering a "exploit"?

Hybrid View

  1. #1
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Thomson vulnerability discovered

    Note: I already disclosed what I found, it can be found here: http://www.backtrack-linux.org/forum...l=1#post212902

    Ok, what happened is that I discovered a exploit that enables me to get the default wireless password from any router (no matter which protection the router has, no matter which model it is) of a given brand of routers. So now I have a dilemma... Should I try to contact the enterprise that produces such routers, and try to warn them? Should I make my findings available to the whole world to see? Or should I just keep quiet about it? I'm just a student, I have no professional experience in the Security area, so I don't know if the enterprise would take me seriously.

    I know that if I disclose what I've discovered, many people will use my findings with malicious intentions. Take for example the stkeys from Kevin Devine. Once it was discovered, and being that the major ISP in my country was distributing Thomson routers along with their services, it was a chaos. Every router they distributed was vulnerable. Thankfully Thomson fixed the problem (although IMHO they were lazy on the fix and the routers are still vulnerable, although it's not as easy as inputting the SSID on a small program and getting the wireless key), but the routers manufactured before the fix just kept like they were, vulnerable. I mean, I know people that haven't paid for their internet for more than a year, they just use their neighbors connection. That's the kind of things I would like to avoid.

    On the other hand, if I keep quiet about it, inevitably someone will discover it and disclose it to the general public. Also, being that I intend to follow a career in the Security area, I think that a discovery like this would look good on my curriculum vitae.

    What do you think?
    Cheers!
    Last edited by Snayler; 01-29-2012 at 10:44 AM.

  2. #2
    Member melissabubble's Avatar
    Join Date
    Aug 2011
    Location
    c:\
    Posts
    85

    Default Re: What can someone do after discovering a "exploit"?

    Hey snayler, I would say, if you don't already have a web site or blog, start one. Then put your name behind the exploit. Create a open source tool for the community, go on forums like this and let people no of the vulnerability. One exploit is a start, but if you want to be taking serious, you going to have to keep at it.

  3. #3
    Junior Member
    Join Date
    Nov 2010
    Posts
    27

    Default Respuesta: Re: What can someone do after discovering a "exploit"?

    Hello. I understand your thinking. But think about that when every vulnerability is found (and unleashed) we are building our future faster in the right direction. And what we do about it is what really matters.
    We now living the fire and bone ciber age. We all must work to evolute.

    First I would do is think deeply. Dont hurry.

  4. #4
    Senior Member
    Join Date
    Jul 2011
    Posts
    236

    Default Re: Exploit Discovery

    Snayler,
    Ok, what happened is that I discovered a exploit that enables me to get the default wireless password from any router
    What do you mean by this? I can find the default wireless password for any router via a simple google search. I'm very curious as to this....


    Cheers!

    pentrite,

    English.... Learn it. Your grammar sucks.
    V/r,
    Snafu
    Pffbt..[quote]I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. [/quote]

  5. #5
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Exploit Discovery

    Quote Originally Posted by melissabubble View Post
    Hey snayler, I would say, if you don't already have a web site or blog, start one. Then put your name behind the exploit. Create a open source tool for the community, go on forums like this and let people no of the vulnerability. One exploit is a start, but if you want to be taking serious, you going to have to keep at it.
    I'm too lazy to create a blog... At best I would create a PoC tool and post it to googlecode. And I doubt I'll be able to find another exploit soon, I was kinda lucky for finding this one. I don't even know if I can call it "exploit" (hence the "" in the title).

    Quote Originally Posted by snafu777 View Post
    What do you mean by this? I can find the default wireless password for any router via a simple google search. I'm very curious as to this...
    Not if the password is never the same. Just to be clear, I'm talking about the WIRELESS (WEP/WPA/WPA2) password, not the router's administration page login! Take D-Link, for example. They generated their wireless passwords based on the MAC Address of the router (which is never the same, obviously). Thomson/Speedtouch used part of a hash derived from part of the serial number (again, which is never the same). This is done because the average consumer doesn't know how to setup a router, so it's easier to leave the default configuration and have the wireless key on a sticker in the router. For security reasons, the default wireless password can't ever be the same, else it wouldn't be secure. Unfortunately for D-Link and Thomson, their methods were discovered, but that's another matter.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Exploit Discovery

    Quote Originally Posted by snafu777 View Post
    Snayler,
    pentrite,

    English.... Learn it. Your grammar sucks.
    At least it made me learn a new word, whether me meant to or not http://dictionary.reference.com/browse/evolute
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Just burned his ISO
    Join Date
    Jan 2012
    Location
    Orillia, Ontario
    Posts
    14

    Default Re: What can someone do after discovering a "exploit"?

    I say post it, have others verify it and become a god. I would.

  8. #8
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: What can someone do after discovering a "exploit"?

    The question of disclosure is definitely one for about 600 pages of ethics philosophers, everyone will have their own opinion on the topic. On the side of non-disclosure:

    Recently I contacted the software division of a company that we are closely tied to with a vulnerability in a relatively critical component of their code, they thanked me for it, asked if I would like to be publicly acknowledged (no) and sent me some free stuff (my desk is now littered with fusballs, pens, mini rockets and general other toys).

    Counter that with a smallish company I ran into doing SCADA for wineries, who have threatened to sue should I ever disclose the vulnerability that would let you browse to the default web page of the controller and click the empty all link without any confirmation (should you crawl the site automatically with a bot). Ahem.

    So you have a couple of options available to you. In my case, I'm not a huge fan of messing with the public image of small companies, so I don't disclose. In the event I find something big* in a large piece of well known software I will probably be publishing that to full disclosure with little or no contact to the parent company. Or you can just up and publish the exploit to the exploit-db. You get your name out, it's a one off thing and someone else has to worry about the hosting details.

    The question of ethics though, that's a tricky one

    *The last "big" thing I found was a few years ago in the ipfw software on FreeBSD - a bug where if you ping'ed me, I could ignore your incoming ICMP rules and ping you back. How minor. - before I was a community individual I never knew that you could disclose this sort of thing to the company, so I just sat on the issue in my little closet of a room. In this event, FreeBSD has a well established history of publicly acknowledging and fixing bugs, so I would definitely submit any new bugs I find for fix.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  9. #9
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: What can someone do after discovering a "exploit"?

    Quote Originally Posted by Gitsnik View Post
    Recently I contacted the software division of a company that we are closely tied to with a vulnerability in a relatively critical component of their code, they thanked me for it, asked if I would like to be publicly acknowledged (no) and sent me some free stuff (my desk is now littered with fusballs, pens, mini rockets and general other toys).

    Counter that with a smallish company I ran into doing SCADA for wineries, who have threatened to sue should I ever disclose the vulnerability that would let you browse to the default web page of the controller and click the empty all link without any confirmation (should you crawl the site automatically with a bot). Ahem.

    So you have a couple of options available to you. In my case, I'm not a huge fan of messing with the public image of small companies, so I don't disclose. In the event I find something big* in a large piece of well known software I will probably be publishing that to full disclosure with little or no contact to the parent company. Or you can just up and publish the exploit to the exploit-db. You get your name out, it's a one off thing and someone else has to worry about the hosting details.
    Thanks for your insight, Gitsnik!
    For now I'm going to lay low, take some time to build a tool capable of exploiting the vulnerability. The intention is not to disclose it, but to train my skills in programming. And case I decide to contact the company, the tool will help me prove my findings.

    Cheers!

  10. #10
    Senior Member
    Join Date
    Jul 2011
    Posts
    236

    Default Re: 'Sploit

    snayler,
    Just to be clear, I'm talking about the WIRELESS (WEP/WPA/WPA2) password, not the router's administration page login!
    Bro... If you found something like that, that is along the lines of a truly unique 'sploit that would be very useful in the wild and therefore it deserves a lot of attention in my book.

    I say warn the developers and demand a response. If they fail to acknowledge it within a timely manner (72 hrs or less), then you make it known to them you will hold them accountable to the public if they do not.

    Wireless has/is/always-been my niche'

    I would be very interested in what you have found... How you're going to code it and etc....

    Please hit me up bro.... will@configitnow.com
    V/r,
    Snafu
    Pffbt..[quote]I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. [/quote]

Page 1 of 4 123 ... LastLast

Similar Threads

  1. Replies: 5
    Last Post: 03-26-2012, 11:42 AM
  2. Replies: 4
    Last Post: 02-24-2011, 04:52 PM
  3. Win2003 / R2 und exploit "ms08_067" Problem
    By Drake379 in forum Anfänger Ecke
    Replies: 3
    Last Post: 05-10-2010, 05:54 AM
  4. Video Demo "Vom POC zum Exploit SEH" by ozzy
    By ozzy66 in forum Tutorials und Howtos
    Replies: 5
    Last Post: 01-20-2010, 10:41 AM
  5. msfcli cannot load "listening" exploit?
    By bruk0ut in forum OLD BT4beta Bugs and Fixes
    Replies: 8
    Last Post: 03-10-2009, 07:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •