Zyxel Backdoor & A Known Plaintext Attack
6.3 هزار بار بازدید -
4 سال پیش
-
In this video I discuss
In this video I discuss a recent finding where an undocumented admin-user account was found in Zyxel security products, accessible over SSH and via the web. As such, I showcase a simple technique called a 'Known Plaintext Attack' which can help enable you to analyse this Zyxel device firmware.
LINKS / BLOGS
============
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
https://www.zyxel.com/support/CVE-2020-29583.shtml
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
https://math.ucr.edu/~mike/zipattacks.pdf
https://portal.myzyxel.com/my/firmwares
TOOLS
======
https://formulae.brew.sh/formula/pkcrack
https://formulae.brew.sh/formula/squashfs
https://github.com/cybercdh/hacks/blob/master/zyxel/zyxel.sh
FOLLOW
======
You can join in the conversation by following me at https://twitter.com/cybercdh
THANKS
=======
If you LIKED this video, please hit the THUMBS UP. If you LOVED it, please SUBSCRIBE!
Many thanks for watching, it means a lot.
Peace out. ✌️
@cybercdh
4 سال پیش
در تاریخ 1399/10/21 منتشر شده
است.
6,300
بـار بازدید شده