subimpact.net

Category: exploit

  • PSA: Hacking Unifi Router !! Vulnerabilities

    UniFi users beware!! Just recently discovered that our default UniFi router mainly the D-LINK model DIR-615 is very open for this nasty exploit.

    Thanks to an avid tech blogger keithrozario manage to share this issue , I’m just ensuring that it gets to more masses to know that our internet connections is not that safe after all, thanks to your main ISP so called tighten security..meh..

    searching victims

    Using the web called shodanhq.com, a simple registering on it, searching based on our D-Link model gets us access remotely to an unfortunate UniFi user’s router login page, and with the default password our ISP has pre-defaulted in all of D-Link router.

    Hacked into some random UniFi user login page

    Below is a guide on how to see the exploit in action.

    Details of the hack:
    1. To access the password page the appendage is /model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd

    2. To search for Dlink Routers on Shodan the query is Mathopd/1.5p6 country:MY

    This isn’t abut stealing/unauthorized access to others’ wifi. It is about gaining admin access to your router and change configuration of your router.
    For example, they can:
    – change ur wifi SSID and put some stupid names to embarrass u.
    – change ur DNS server to their own DNS server and direct traffics to the website they want.
    – directing u to fake websites to steal passwords.


    The appendage of /model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd needs to be highlighted as it is very vulnerable if u using the dlink router and open ur wifi access to people, especially businesses using unifi to provide free wifi access to customers. If someone able to access ur wifi, they can do the things listed above.


    Default UniFi TM D-Link 615 passwords:-
    Username: Management
    Password: TestingR2


    Username : operator
    Password : h566UniFi


    Username : operator
    Password : telekom


    Username : operator
    Password : <your Unifi username in reverse order>


    username : admin
    Password : <blank>


    username : admin
    Password : admin




    So boys and girls, be aware on this and, either change all the default passwords, or just get a aftermarket router which supports UniFi.

  • PS3 Trophy Exploit & timestamp



    To quote: That’s right, geezers. You can now platinum any PS3 game instantly!

    Requirements

    – An exploited PS3 (JailBroken) on 3.41
    – PC with Hex Editor Neo (recommended)
    – The PS3 FTP Manager 
    – Filezilla (PC FTP Client)

    I’m warning you right now. If you plan to sync your hacked trophies with this method, you may face a risk of getting banned by Sony. It’s highly unlikely but it’s possible. So, be warned!

    A brief of how this hack works:

    Inside the trophy collection section on your XMB, there are games represented by thier TROPUSR.DAT(s) respectively, where you can view the % of a game, what have you unlocked, etc. TROPUSR.DAT stores all of that information. Basically to get everything unlocked on a game, you will need to edit that game’s TROPUSR.DAT.

    Manually editting TROPUSR.DAT can take a while to get used to. But after learning where and which byte to change, you will be able to platinum a game in no time.

    Tutorial

    Modifying the TROPUSR.DAT file of Yakuza 3 will be part of this tutorial.

    1) Launch the FTP service on PS3.

    2) Open Filezilla on PC, connect and navigate to the folder where TROPUSR.DAT is stored. For example:

    Code:
    /dev_hdd0/home/00000001/trophy/NPWR01101_00

    00000001 is my user ID.

    NPWR01101_00 is the Yakuza 3 folder.

    Inside the NPWR01101_00 folder, there will be a file which is called TROPUSR.DAT. Download that file to your PC.

    3) Open TROPUSR.DAT with Hex Editor Neo.

    4) Now, we need to figure out how many trophies does Yakuza 3 have:


    5) Next, we need to add a byte that we have 45 trophies generally unlocked.



    6) Now, we need to add FF and two zero bytes (meaning 100%) below the 45 byte that you have just inserted.



    7) This is the final step. Now, you just need to unlock every trophy by adding 01 00 01 10 to every trophy ID’s in the file.



    To understand what I have exactly inserted, go to Tool in Hex Editor Neo -> File Comparison -> Compare Files. Put two TROPUSR.DAT (0% and 100%) in the dialogs and change the comparison method to ‘Difference algorithm’ and click Ok. Now, you will be able to see what I have edited. This will help you understand easier. Good luck!

    And, oh, when you view a trophy info on XMB with the hacked TROPUSR.DAT, you will see something like ‘Earned – ‘. That’s because I didn’t add timestamps. At the moment, I don’t know how to add one… because I’m not 100% sure which bytes are responsible for that. Here’s an example of some legit trophy I’ve unlocked:



    PS3 Timestamp Generator tool that allows you to generate timestamps for all of your hacked PlayStation 3 Trophies making you look more legit ever than before.

    Download: PS3 Timestamp Generator v1

    Note – I haven’t tested this on a different platform yet. This was compiled with VS2010 (C#) and .NET Framework 3.5. So, please report me any bug you may have encountered.

    Make sure you put correct numbers into the six text boxes, e.g.

    2009 20 02 02 49 35

    Don’t put one digits, illegal numbers or non-numeric characters,
    otherwise the program won’t generate for you.

    Once generated, copy the hex, open your TROPUSR.DAT with a hex editor and paste the hex underneath the line where it says a trophy ID. E.g:

    0x21e0: 00 00 00 1C 00 00 00 01 00 01 10 00 00 00 00 00
    0x21f0: 00 XX XX XX XX XX XX XX 00 XX XX XX XX XX XX XX

    (1c is a trophy ID)

    So paste your hex into these XXs (the first timestamp). Re-save it, overwrite it over your game’s old TROPUSR.DAT via the FTP manager. Boot the game and ta-da!

    (Note- each trophy ID has two separated timestamps, so I recommend using a newer hex (increased date/time) for the second timestamp.)