EvilZone

Hacking and Security => Hacking and Security => : pyte June 20, 2013, 08:15:02 AM

: Security puzzles
: pyte June 20, 2013, 08:15:02 AM

Greetings,

#I may be asking some silly question(so it may seem to some) but kindly bare with and enlighten me.


the other day some random guy hacked into a friends router and he simply changed the password .i assume this took cake of the intruder(at  least for that day). the next day my friends website was down internet connections very  VERY   slow! and crazy   staff happening around.


having in mind that the website aint hosted there  , would there be a way that   the guy behind this accessed   the   website through my pals connection ? and what is wrong with the slow internet connection ? this i ask coz its beyond any "answers" i got from google. i guess the Professionals here know it better.


can a malicious code be placed on a router to function only on startup?
(I need someone to teach me of the blackhat part of this things  :-[ )


thanx in advance
Regards,
Pyte.



: Re: Security puzzles
: RedBullAddicted June 20, 2013, 09:27:21 AM
Hi pyte,

its difficult to answer your question with the given informations. Would be interesting what kind of router your friend has. Any custom firmware on it? Are you sure that the attacker came in via the router? You already did some forensics on the connected clients? Does he use wlan (maybe the attacker is not even far away from him :) )? Already had a look at the logs the router provides?

There are ways to execute commands or even scripts on a router. See this post for example: http://evilzone.org/tutorials/cisco-ddr2200-adsl2-residential-gateway-router-vulnerabilities/msg55447/#msg55447

To get the password to his webhosting account can be easy when the attacker has access to the router. All traffic to teh interwebz passes the router and if he is able to capture the traffic he could intercept logins (FTP for example sends username and password unencrypted - thats the reason why you should upload files via ssh/scp)

Regarding the slow internet connection :) if there is something that consums a lot of bandwidth the connections of the other users will get slow as there is not bandwidth left to use for them.

I hope this helps at least a bit. If you have more questions please provide as much information as possible. This will make it a lot more easy to answer :)

Cheers,
RBA