Bsnl Dataone Easily Hackable

[Sushubh]

dont give him any dangerous ideas.

 

[pranKster]

Where 's the Hacker ... err Cracker .... Now I know who to blame for that Bill !! ^_^

 

[qazranchi]

Everything is possible. DESI-TEK forum was warned and then hacked the site was out for more then 2 months. Only now it has restarted.

 

[avinds]

we can try and guess the default passwords for dataone accountdont know whether it works now....used to work earlier in bangalore

 

[nightwolf2k5]

i actually guessed half the pass words here in bangalore..but.. he claims to "get" the account for u.. so..

 

[max]

it wouldn't have hurt to listen to what that guy was saying. he did not post links or any kind of details about how the "crack" could be misused. he just wanted to warn BSNL users.anyway...admins words the last.

 

[Sushubh]

i just dont like script kiddies wannabe. a serious dude would have a different way of posting about a possible security vulnerability.

 

[pita]

hahaha... It reminded me of a time when GOI asked all ISP to host the details of their suscribers accounts, address on their site, so that GOI sleuths could access the information online. But then ISPs were lazy they just uploaded the spreadsheets to their websites with minimal security, and then any smart@ss could go in their do a little search find out those *obscure* links and see the details of X, Y or Z or anyone and call the ISP Call center and have X's, Y's or Z's password reset. Then he told me that "I could hack anyone online in India rightnow" and I could just laugh, it was so cool B-)I have no idea how Dataone works but my guess wud be it uses adsl router.Well if thats the case then, I think everyone should change those router/cable-modem admin passwords? And if u ask me why?*Usually* anyone who hits port 80 on that router can see the router configuration webpage, login as admin/admin or admin/admin123 or admin/cr4zy_p4ssw0rd or noadmin/deadadminpass or ... blah and see in account setup the account details i.e. the username ([email protected]) and password ( ******* ) and if u see that ***** password just rt click on ur favourite browser and view source, there u have it both the username and the password.... Hurrray!!! now u learnt how to hack the living daylights of Csnl DataTwo Broadband!!! w00t!.Well knowing someones router/account user/pass is ok, but no one can hack me I am behind a route and I am on NAT/firewall yo!! Most router's these days have DMZ support in them, if a hacker 'ahem.. I mean a cracker logs into ur router & add ur pc to the DMZ zone then ur NAT wouldnt protect u anymore. All ur ports are open 'doing eagle spread' to the whole world...But I see so many people ignorant about security, security through obscurity is bad, And security comes in when u change your default settings and public disclosure is cool (if done in a right way). Thats why we have Full-Disclosure, Bugtraq because, disclosure leads to awareness and education, and education should be free for all not just for those 1337 h4X0rs...

 

[Sushubh]

the pain is back!

 

[pita]

still have the Adm¡nistrator account neowin.net but the forums dont work for me anymore - so i offer pain here