Hacking Millions of Modems (and Investigating Who Hacked My Modem) (samcurry.net)

submitted 5 months ago by ticoombs@reddthat.com to c/techsploits@reddthat.com

3 comments fedilink hide all child comments

Unbelievable...

you are viewing a single comment's thread
view the rest of the comments

[-] Deebster@programming.dev 1 points 5 months ago

To fuzz this, I simply used Burp’s intruder to enumerate from %00 to %FF at the end of the URL.

I like to think about what normal people would think when they read something like this. It sounds like a line from a cyberpunk wizard.

We had confirmed that we could bypass authorization for the API endpoints by simply replaying the HTTP request multiple times

Not really replaying, since his initial request worked. Feels like it's going through a load balancer and one from that group of servers didn't have authentication enabled (accidentally included a test/dev server, maybe).

this post was submitted on 04 Jun 2024

16 points (100.0% liked)

TechSploits

385 readers

4 users here now

All things relating to breaking tech, tech breaking, OSS, or hacking together software to perform something completely out of the ordinary, on purpose or by accident.

founded 1 year ago

MODERATORS

reddthat@reddthat.com