Deflowering virgin routers

[Nix]

What is this guide for:
Mini-guide to achieve self-reliance and acquiring virgin proxies which you can use for your own (educational) purposes.
Who is this guide written for:
I bet you lads are already sitting on thousands of proxies. But sometimes you need a "special" proxy. Incompetent users usually don't bother changing passwords on their devices. You can use this by creating a tunnel which is used exclusively by you. These type of obscured tunnels are often under the radar and thus safe for i.e hacking purposes. Persistent usage of this trick might lead to a pristine list which you can use for proxychains or MBA sentry.Old dogs gotta learn new tricks, right?

Here is what you need to do:
Execute Shodan query : WWW-Authenticate: Basic realm="UBNT"
http://anony.ws/image/DB63

You will see IP-results, try a couple of 'em out through HTTP. Till you get one working with the following default creds:
username: ubnt
Password: ubnt
Obviously, there are many variations or standard makes you can search for. I'm using this particular brand due to the fact that they often leave SSH enabled. easy peazy.

In page 2 or so, I found a working router. Versions differ, so frontpages may differ. In this case, the one I found looks like this:
http://anony.ws/image/DB6I

Log in, check settings, make sure logging is disabled. Alternatively, you can remove any logs by logging in through SSH(after making sure it is enabled). Another alternative is to reset the router.
Make sure the router you are logged in to is not linked to any expensive Cisco Nexus device or something like that. If you suspect high capital in the one you are in, you are putting yourself on the radar as it is most likely company equipment. Make sure it's those sleazy cheap boxes that no one ever bothers logging into.

Linux users ->
# apt-get install ssh
# ssh -D 1337 ubnt@[IP_ADDRESS]
(Green is a variable, put the Ip of the targeted router in it. ubnt is a variable too, in this case, it is the username.)

Windows users->
Install Putty
Page: SESSION
Enter Hostname: [IP_ADDRESS]
Port: 22(or whatever the port is for that router, check http config page)
http://anony.ws/image/DB6v

Page: CONNECTION/SSH/TUNNELS
Source port: 1337
Destination toggle: Dynamic
http://anony.ws/image/DB6C

Time to make the magic happen
Ok, now that we have everything. We will open up the tunnel. This may take a while, you will see a green cursor thing. Eventually, you will see a prompt saying:
# Login as:
Here, we enter the username: ubnt
Now it asks us for the password, enter password: ubnt

Congratulations, you now have a terminal available.
You could daisy-chain another connection from this vector. For easy-peazy purposes, we will just go ahead and fire up our browser. Make sure you get a proxy-add on like Foxyproxy or Proxy-selector. Enter localhost details and portnumber 1337. This is a SOCKS proxy so make sure you select that.

Check ip address. Done.
http://anony.ws/image/DB6l

I just used Linux because it's way easier and convenient. Thanks for reading!

Note: This guide is for educational purposes only. I don't claim any responsibility for your actions nor do I encourage any actions that are against the law.

 

[rofl cake]

Nice tutorial I've never thought to use this method. In the midst of using your tutorial I came across this website I was only able to recover 1 login within 3 pages of testing, I got lazy and didn't continue with the experimentation:

http;177.130.49.56
LOGIN: admin/admin
~~~~~~~~~~~~~~~
PPPoE
user: [email protected]
pass: wspstm105
name: 1492

 

[Nix]

Nice tutorial I've never thought to use this method. In the midst of using your tutorial I came across this website I was only able to recover 1 login within 3 pages of testing, I got lazy and didn't continue with the experimentation:

http;177.130.49.56
LOGIN: admin/admin
~~~~~~~~~~~~~~~
PPPoE
user: [email protected]
pass: wspstm105
name: 1492

There are probably more effective ways of recovering this type of stuff. I also think we need a more amnesiac-underground location to share things on. I mean the internet is literally full of shit to play with, and there are so many educational PoC's you can make to showcase how certain exploits are used in RL-scenarios

I just have the feeling that VIP only won't cut it, considering the risk that this all might get archived and the living proof that you used exploit X on target Y.

 

[Asphyxia]

IP logs are wiped every 15 minutes.

I could always host a R4P3 invite only forum also --- if that is what you are getting at? Separate server, no public domain name.

 

[Nix]

IP logs are wiped every 15 minutes.

I could always host a R4P3 invite only forum also --- if that is what you are getting at? Separate server, no public domain name.

I think thats a suggestion worthy to be discussed with other members.

The hype it could generate might also motivate people to write quality content in order to gain entry.

 

[Asphyxia]

We could always do a membership payment structure --- to finance a dedicated server. Everyone could help to harden the box, pen-testing encouraged.. etc.
Only of course if that would be feasible, what do you guys say? That's just a thought, if there were membership dues I feel like people would take the forum more seriously with posts, etc. It wouldn't be for profit, assured. Service costs could be publicly reported with any money coming in beside it. It could pretty much be a community effort to lock the box down like T-Rex mode lol.

 

[Nix]

We could always do a membership payment structure --- to finance a dedicated server. Everyone could help to harden the box, pen-testing encouraged.. etc.
Only of course if that would be feasible, what do you guys say? That's just a thought, if there were membership dues I feel like people would take the forum more seriously with posts, etc. It wouldn't be for profit, assured. Service costs could be publicly reported with any money coming in beside it. It could pretty much be a community effort to lock the box down like T-Rex mode lol.

I think that people won't pay unless there is a tangible reward to justify it. Think about a shared cache of "cyberloot"(working accounts, elite proxies, VPN-tunnels and shared shells). But that would push a harmless community into hardcore and shadowy side of things. I'm not familiar with this forum so perhaps you only want casual community with a dash of security-talk rather than the "hardcore" experience. Both options have their bad and good sides, you just need to flesh out the "vision" for where you want to go with this. Slapping additional payment structures without a clearly defined vision could lead to a loss to an already fragile community base.

 

[Asphyxia]

The sort of payment we are talking here is like $8.99 per month (that isn't bad considering the fees and risk involved in running such a community). The price for entry would be clearly outlined to cover a legal response team (potentially get a cyber-crime lawyer to back our shit), dedicated server and some pile of shit SMTP relay VPS. I figure that is feasible at a community base of approximately 30 individuals. We would need to do advertising (most likely), hype the fuck out of it and have a small team such as ourselves to provide filler content initially. From there, users are bound to the agreement to contribute at least 1 useful post a month (in the eyes of a moderation team) or their membership is revoked. That would literally make ONLY the best of the best join, a leech/feed community. Everyone shares, everyone takes --- equal sexiness on the dark side of the moon.

We could even have a leech-only package in which you are exempt from that 1 useful post per month rule --- at $14.99 monthly. If you're not going to contribute, pay up mother-fucker.. seems fair to me. It would be cool to implement some sort of tipping feature (give money) for posts.. that could provide incentive for people throwing up epic/elite shit. If everyone loves your post, you could potentially get $XX BTC, sounds fucking win to me.

 

[Nix]

The sort of payment we are talking here is like $8.99 per month (that isn't bad considering the fees and risk involved in running such a community). The price for entry would be clearly outlined to cover a legal response team (potentially get a cyber-crime lawyer to back our shit), dedicated server and some pile of shit SMTP relay VPS. I figure that is feasible at a community base of approximately 30 individuals. We would need to do advertising (most likely), hype the fuck out of it and have a small team such as ourselves to provide filler content initially. From there, users are bound to the agreement to contribute at least 1 useful post a month (in the eyes of a moderation team) or their membership is revoked. That would literally make ONLY the best of the best join, a leech/feed community. Everyone shares, everyone takes --- equal sexiness on the dark side of the moon.

We could even have a leech-only package in which you are exempt from that 1 useful post per month rule --- at $14.99 monthly. If you're not going to contribute, pay up mother-fucker.. seems fair to me. It would be cool to implement some sort of tipping feature (give money) for posts.. that could provide incentive for people throwing up epic/elite shit. If everyone loves your post, you could potentially get $XX BTC, sounds fucking win to me.

A head-on collision on a legal level is something you will never win. As you said in a post before, cash is king, and in that regard; having a legal response team is probably not that effective as they probably can hire one 10x bigger and more influential than yours. Teaching the art of anonymity however, would produce more yield and raise the education-level of the community. I really think a solid tutorial regarding this would be gold.

As for the payment stuff, I really have no clue lol. It could work or horribly backfire, or make you a millionaire. Some people have a sixth sense for that, I sadly don't.

 

[Asphyxia]

Well, if you don't have $$, you can't have gold. Unfortunately immaterial things just can't spit gold bars (usually). In order to setup a golden community, we're going to need investment(s). Either on behalf of the community or an external source... or sources. I think a self-supported (funded) underground community is the way to go. Membership dues are a way of sustainability, for membership groups. Affordable monthly payments (subscription) is a good way to keep the community funded, valuable and there are certain ways you can word agreements, handle logs and various other legal things which could be utilized in order to maximize our legal safety. If hosting is on a server which doesn't require logs (national laws), the agreement mentions NO <insert_here> and so on it could potentially be literally ILLEGAL for us to be caught, assuming everything is phrased properly.

You can fight a sword with a sword, just be better at waving the sword around. If legal issues came about, at the very least one person's ass would get handed to them, then there would be a lack of IP logs, the community itself would not be liable for damages and hence the community could resume normal operation with end-to-end encryption. How are you going to punish an underground community when it is literally just a medium for information exchange and X_user decides to misuse his education (without proper anonymity) --- good luck. That's like demolishing a high school because a student started making meth after getting into chemistry classes.