![]() If this succeeds, then the router can be switched to free mode and used, i.e. The global server, in turn, is trying to establish a reverse TCP connection to this router. The LM NOIP router is designed in such a way that upon startup, it accesses the Global LM server, apparently for registration. LMSoulCry needs to be put on the network in front of the LM NOIP router. The only requirement is an external IP address. ![]() This article is accompanied by a fully working example of a program with source code that can intercept almost all IDs and passwords of connections passing through an LMNOIP router. Was this done intentionally or due to the lack of basic knowledge in the field of network security? The question is open. It remains only to intercept the traffic and decrypt it.Īs a result, we have a global, architectural vulnerability of the entire LM infrastructure. A kind of fishing ID and password access to remote machines. In general, this is done by professional hacking specialists, which I am not.īut LM provides, I apologize for another exclamation point, this infrastructure to anyone, and, as they like to repeat on their site, it's free! Install an open LM router and listen to all the traffic that goes through it. To implement MITM, you need, in some way, access to the infrastructure / equipment / communication channel, it needs social engineering and other tricks, this is a single product that does not pose much harm to the masses. Attack "man in the middle." Almost immediately, it became clear that the search for the hole was completed.Įven after a quick study of Wireshark's traffic and viewing the program modules under the debugger, it became clear that this is it. Below is a description from the official site.īut, I repeat, even such a check is not there. the router) use only outgoing connections to the router.Īnd here the fun begins. At the same time, both the administrator’s computer (hereinafter referred to as the Viewer) and the remote PC (hereinafter referred to as the Server, yes, in LM terminology exactly this way, do not confuse it with the LM NOIP server, i.e. You specify the ID and password of the remote computer, press OK and get complete control over the machine. LM borrowed the name from a well-known international company and named their module LM NOIP server (also called a “router”).Ĭonnection by ID, in programs of this kind, allows communication even if the remote (and / or local) computer is located behind NAT. LM was removed from all machines and I started to study the situation, starting, of course, with how the connections by ID are arranged. In general, the situation repeated more than once or twice, even after changing the passwords. Those who had access passwords physically could not connect remotely at that moment. In addition to direct connections to the local network (a la Radmin), LM allowing to work without a remote computer by ID, through the company's server (xa-xa) or custom server IP-addresses that can expand anyone, subject to the availability of external IP addresses (at first glance, it looks like TeamViewer, but this is only at first).Īnd so we found that periodically, to some machines, remote access via LM is carried out by some unidentified person. For various reasons, the choice fell on the LM, which is free for 30 employees. I am a programmer in a small company, our software is not connected with network technologies, however, sometimes employees need remote access to working PCs. ![]() Description of the “hacking” technology and a working example with source code below. That is, if LM is installed on the PC and the connection by ID is used (without IP address), then, with a very high, almost 100%, probability, this PC can be accessed illegally by a completely unauthorized user, with minimal effort, without possessing any special hacking skills. Suddenly for me, it turned out that the relatively well-known program for remote administration "LiteManager" (hereinafter LM) in itself, without modifications and any changes, is a backdoor for any computer where it is installed. This text is, first of all, a warning for system administrators and ordinary users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |