Today we will try to learn about how to hijack Server Bootrom, cash registers, Routers to redirect DNS, install spyware by TPress the Bootrom system of the net shop
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
Tools needed:
- 1 DDNS or No-ip account (Articles about DDNS, No-ip You can find a lot of tutorials on the website DDNS, NO-IP ).
- Nmap (Download Nmap)
- 1 thinking investment
Let’s start practicing:
Step 1:
First, you need to determine the IP range allocated to the workstation and its Gateway. To determine the IP range for workstations and Router’s Gateway, go to cmd and type the command ipconfig then Enter
IPv4 Address is the IP of my machine: 192.168.1.108
Default Gateway of the system is: 192.168.1.1
Usually, the focus will divide the system into 2 IP ranges
- 1 series for Bootrom machines (192.168.1.2 -> 192.168.1.99)
- 1 array of workstations. (192.168.1.100 -> 254)
Step 2:
Install Nmap software. Just click Next and you’re done.
After the installation is complete, open Nmap and scan the IP ranges and ports of the net shop
- In the Target section: is the network range to be scanned: 192.168.1.0/24.
- Under Profile: select Intense Scan, all TCP Port.
- Then click Scan
Wait for the results to appear (a bit long)
In the result we have 10 hosts that are online:
- 1 host can be Linux,
- 8 hosts are Windows
- What is an unknown host?
Shown above Getway of Router is 192.168.1.1, in the picture after scanning we see that it is a Linux host. Maybe this host is the Router because usually Router devices will run on Linux source code
In the results of Nmap, we see that the Router is opening 2 ports, 53 and 80 (web port).
We try to enter a web browser and type the router’s IP: 192.168.1.1
The user and password are often changed by the net shop owner because it will be troublesome if they do not have IT knowledge, and when the technical staff comes to handle the problem, it will be more complicated. So they usually leave the default user/password
Now we try user: admin, pass: admin.
Wow, so you can access the router’s configuration page. They use TotoLink equipment
We are already half way here. Should not continue at the net shop, now find a way to go home and still access this Router. So we use the DDNS function to assign the domain name to the static ip of the net shop through the Router
This is how I can remotely remote into the Router. Go to menu: Management -> DDNS.
Select No-IP, then type the domain name registered on No-ip. Login information then save and reboot Router
Finished 1 child: 192.168.1.1
The next time we see what is the IP 192.168.1.2 of the net shop? (it runs Windows operating system, open port 3389 (port remote desktop) So we can remote computer 192.168.1.2 according to speculation this will be Bootroom server
Try Remote Desktop.
- Into the run type command mstsc.
- Enter Computer: 192.168.1.2
A dialog box asking for a Remote account appears
Now we have to use the guessing method, usually simple passwords such as the owner’s name, password, 123456, 123@abc … Good luck
If successful, the image below will appear
Remote can enter Bootrom, what to do next is up to you!
(Author: Darkcode – Shellsec)