hacking exploit

Imagine this, some network devices have built in web servers for management. Now imagine all these devices being indexed by Google. Can you saw Face Pwnage?!

A few different models of HP printers have a built in web server for management. You can connect to the printer and manage it from a web browser. Currently you can get a list of these printers from Google by searching for “inurl:hp/device/this.LCDispatcher”. Google will return search results in which you can just click, and start playing with their printers.

Hackers can easily take advantage of this exploit and do some major damage. All it takes is a large 1000+ page word document to upload through the manager to drive an IT manager crazy.

It’s not just limited to HP print devices either, it’s any device with a built in web server, to include Web cams, Fax servers, Scanners and more. A hacker could use this to gain unauthorized access to a network.

The js.axd handler in BlogEngine.NET version 1.3, the culprit in this exploit, serves up .js files. The problem is, a bug in js.axd allowed for any files to be delivered including the web.config file. A hacker first starts his attack by identifying a blogger using the 1.3.0.x version. Basically you can use a Google search to find these sites.

BlogEngine.Net stores all it’s usernames and passwords in a txt file in plain text. This is the developers first mistake, and probably biggest one. Using the js.axd file you can get the users.xml file which contains these usernames and passwords. Come on, this has to be the most poorly programmed system I’v seen so far. Plain text passwords? Come on…

Now that you have the BlogEngine.Net usernames and passwords, you can simply log into that blog and do what you need to do. Most of the time hackers leave behind some sort of signature or graphic on the home page. Personally, I would just email the owner a list of his usernames and passwords and have him pay me to fix it or at least have someone else fix it.