- Joined
- Jun 21, 2020
- Messages
- 5,618
- Reaction score
- 1,363
- Points
- 1,012
- Awards
- 4
Greetings, readers.
Now we will talk about holidays abroad in decent hotels. About who is resting and how, and who is specifically working at this time. I will tell you everything from my own experience and examples.
And so, what everyone should know!
When visiting the hotel, do not use the local Wi-Fi network.
And secondly, try not to pay bills with a card through payment terminals.
Now everyone will ask the question, why? It's convenient and I need the Internet.
The essence of these precautions is as follows::
When everyone goes on vacation to expensive hotels, throw out all the negativity and forget about the problems that are on the other side of the holiday. Each person begins to relax and lose vigilance for the security of their electronic accounts, not their bank accounts, and even for their own pocket. And we come to the hotel to earn money. Quickly with a pleasant time in the sun.
Having stopped by the room, in order not to lose our valuable time hacking Wi-Fi, we go and pay for a couple of days of using the network. We get the password to access the grid, as usually this network is slow, since all hotels in the routing are cutting the speed and limiting it so that you can serve a larger number of users and no one interferes with each other, while maintaining the speed when downloading any torrent tracker.
After receiving the password, the first step is to go to the router's admin panel. Let's check the standard passwords, maybe we'll get lucky. I entered the address presumably according to the standard of routers, but alas, nothing was found. In order not to suffer and sort through the addresses manually, I used a software called AngryScan, which means an Evil Scanner. After quickly scanning the subnet I was on, the router's address was found.
But then it immediately became clear that once the smart admin changed the ports to log in to the router's web interface, then 100% and passwords were changed. According to the provided info from the invitation window, it immediately became clear to me that this is a router on the DD-WRT firmware. I scanned this IP again with a request for device recognition. It was already 100% clear that this is a router with DD-WRT Buffalo firmware model HO-G300. I immediately go to the site to search for exploits https://www.exploit-db.com and I start looking for an exploit for this model of router.
From the exploit code:
Code:
<input type="hidden" name="https_enable" value="0" />
<input type="hidden" name="http_username" value="root" />
<input type="hidden" name="http_passwd" value="hacked" />
<input type="hidden" name="http_passwdConfirm" value="hacked" />
<input type="hidden" name="_http_enable" value="1" />
I knew what the password would be changed to, since I set these conditions in the exploit. I.e., I specified the IP address of the router and specified the username and password to replace it with. It was replaced with the root username and the hacked password. Finally!
(this exploit exploits the XSS vulnerability in these models)
I immediately go to the address of the entrance to the web muzzle of the router, look at the number of clients and understand, oh yes, there is money-you can eat. There were currently 89 users online. These are the ones who used the Internet and didn't go sunbathing. And this is the day, and the most busy time for the grid is the evening and night.
And so having gained access to the router interface and spent 20 minutes on everything about everything. Without hesitation, I make a substitution of the DNS server. (the server that is responsible for the addresses of Web sites on the Internet, by means of matching the ip address to the domain name) And I specify in the router settings in the primary DNS-the address of my server where the DNS system is located, in this case, the dns server was launched on my machine and indicated the address of my machine as the primary DNS.
And so, why all this was done.
After changing the DNS and starting the server on your local machine. I run a sniffer to intercept packets on the Internet. (This attack is called Spoofing) Who goes where? what anyone enters where. That is, all data transmitted in this network is intercepted. From the entered addresses, to usernames and passwords, as well as card numbers and other information when paying for this person, any orders to the room through the restaurant's web interface.
During a couple of days of DNS server operation, a lot of interesting things were caught on my local machine. But what attracted me was cards and bank cards.
The intercept was like this: zack keller 419002125272**** 1217 Visa zachary keller 417
As a result, the payer's data is available and you can pay with this data. I won't tell you what you can do with these cards and how to pay with them, since everyone has a card and everyone knows how to make payments online.
For this reason, I do not use bank cards in the hotel's wi-fi networks.
Reason number two.
As you can see from the first example, data is intercepted from Internet users, but payments are not made as often via the web interface as they are paid by card through the terminal. And now it is very common to trade remote servers, that is, computers that are always online (computers that are engaged in servicing, in this case a hotel) Through these computers connected to the network and their routers and payments are made through the terminal, all information about the payment is sent from the terminal to the bank's computer.
Withdraw money from ATMs and pay for hotel services in cash. Do not use public WI-FI networks – or always use a vpn tunnel connection to encrypt the data you transmit and receive.
Now we will talk about holidays abroad in decent hotels. About who is resting and how, and who is specifically working at this time. I will tell you everything from my own experience and examples.
And so, what everyone should know!
When visiting the hotel, do not use the local Wi-Fi network.
And secondly, try not to pay bills with a card through payment terminals.
Now everyone will ask the question, why? It's convenient and I need the Internet.
The essence of these precautions is as follows::
When everyone goes on vacation to expensive hotels, throw out all the negativity and forget about the problems that are on the other side of the holiday. Each person begins to relax and lose vigilance for the security of their electronic accounts, not their bank accounts, and even for their own pocket. And we come to the hotel to earn money. Quickly with a pleasant time in the sun.
Having stopped by the room, in order not to lose our valuable time hacking Wi-Fi, we go and pay for a couple of days of using the network. We get the password to access the grid, as usually this network is slow, since all hotels in the routing are cutting the speed and limiting it so that you can serve a larger number of users and no one interferes with each other, while maintaining the speed when downloading any torrent tracker.
After receiving the password, the first step is to go to the router's admin panel. Let's check the standard passwords, maybe we'll get lucky. I entered the address presumably according to the standard of routers, but alas, nothing was found. In order not to suffer and sort through the addresses manually, I used a software called AngryScan, which means an Evil Scanner. After quickly scanning the subnet I was on, the router's address was found.
But then it immediately became clear that once the smart admin changed the ports to log in to the router's web interface, then 100% and passwords were changed. According to the provided info from the invitation window, it immediately became clear to me that this is a router on the DD-WRT firmware. I scanned this IP again with a request for device recognition. It was already 100% clear that this is a router with DD-WRT Buffalo firmware model HO-G300. I immediately go to the site to search for exploits https://www.exploit-db.com and I start looking for an exploit for this model of router.
From the exploit code:
Code:
<input type="hidden" name="https_enable" value="0" />
<input type="hidden" name="http_username" value="root" />
<input type="hidden" name="http_passwd" value="hacked" />
<input type="hidden" name="http_passwdConfirm" value="hacked" />
<input type="hidden" name="_http_enable" value="1" />
I knew what the password would be changed to, since I set these conditions in the exploit. I.e., I specified the IP address of the router and specified the username and password to replace it with. It was replaced with the root username and the hacked password. Finally!
(this exploit exploits the XSS vulnerability in these models)
I immediately go to the address of the entrance to the web muzzle of the router, look at the number of clients and understand, oh yes, there is money-you can eat. There were currently 89 users online. These are the ones who used the Internet and didn't go sunbathing. And this is the day, and the most busy time for the grid is the evening and night.
And so having gained access to the router interface and spent 20 minutes on everything about everything. Without hesitation, I make a substitution of the DNS server. (the server that is responsible for the addresses of Web sites on the Internet, by means of matching the ip address to the domain name) And I specify in the router settings in the primary DNS-the address of my server where the DNS system is located, in this case, the dns server was launched on my machine and indicated the address of my machine as the primary DNS.
And so, why all this was done.
After changing the DNS and starting the server on your local machine. I run a sniffer to intercept packets on the Internet. (This attack is called Spoofing) Who goes where? what anyone enters where. That is, all data transmitted in this network is intercepted. From the entered addresses, to usernames and passwords, as well as card numbers and other information when paying for this person, any orders to the room through the restaurant's web interface.
During a couple of days of DNS server operation, a lot of interesting things were caught on my local machine. But what attracted me was cards and bank cards.
The intercept was like this: zack keller 419002125272**** 1217 Visa zachary keller 417
As a result, the payer's data is available and you can pay with this data. I won't tell you what you can do with these cards and how to pay with them, since everyone has a card and everyone knows how to make payments online.
For this reason, I do not use bank cards in the hotel's wi-fi networks.
Reason number two.
As you can see from the first example, data is intercepted from Internet users, but payments are not made as often via the web interface as they are paid by card through the terminal. And now it is very common to trade remote servers, that is, computers that are always online (computers that are engaged in servicing, in this case a hotel) Through these computers connected to the network and their routers and payments are made through the terminal, all information about the payment is sent from the terminal to the bank's computer.
Withdraw money from ATMs and pay for hotel services in cash. Do not use public WI-FI networks – or always use a vpn tunnel connection to encrypt the data you transmit and receive.