Posts

The Australian Tax Office Vulnerability: A $2 Billion Oversight

  In the wake of the COVID-19 pandemic, governments worldwide scrambled to implement financial relief measures to support their economies. Australia was no exception, but a significant vulnerability in the Australian Tax Office (ATO) system during the 2021-2022 financial year led to a staggering loss of $2 billion. This incident raises critical questions about the balance between expediency and security in government systems, as well as the potential motivations behind such oversights. The Vulnerability Unveiled The vulnerability stemmed from a change in the ATO's processes that allowed individuals to create an Australian Business Number (ABN) and register for Goods and Services Tax (GST) with minimal verification. Once an ABN was obtained, individuals could lodge their Business Activity Statements (BAS) monthly after their first submission. This meant that, in a matter of weeks, someone could claim a GST credit against their supposed business activities, leading t...

ZTE MF65 - EFS Access Method / Partial FS Dump: Revised

ZTE MF65 - EFS Access Method / Partial FS Dump ZTE MF65 - EFS Access Method / Partial FS Dump In this post, I’ll share my findings on accessing the internal file system of the ZTE MF65 modem. This guide will cover the steps to resolve a soft brick issue caused by directory traversal and provide insights into accessing internal files. Introduction In our previous post, we discussed the local file listing method and the necessary changes to the configuration file for continuous file listing related to SD card functions. Recently, I encountered a challenge that led to a soft brick of my device due to directory traversal on the SD card base path. The Problem When the router attempted to load the HTTPS share page, it reached the share path and SD base path, ultimately reading /mmc2/../ . This caused the device to malfunction and become unresponsive. Fortunately, I have found a solution that not only resolv...

Wikaonwi:Kaon DG2144 Factory Wi-Fi Credential Vulnerability

Wikaonwi: A Factory Wi-Fi Credential Vulnerability Wikaonwi: A Factory Wi-Fi Credential Vulnerability Date: 1/21/25 9:35 PM Today, I faced a setback when I was declined a position in the cyber security field due to a prior criminal conviction related to fraud. However, I refuse to let this discourage me. Instead, I am determined to showcase my skills and resilience by releasing another piece of my work. In a future post, I will also cover the details surrounding the charges that led to this situation. This is just one step in my journey, and I won’t allow past challenges to define my future. Wikaonwi: In the ever-evolving landscape of cybersecurity, vulnerabilities can often be found in the most unexpected places. One such vulnerability has been identified in the Kaon DG2144 router, where the factory Wi-Fi password is not as random as one might expect. This flaw can lead to the easy recovery of a device's Wi-Fi ...

Kaon DG2144 Exploit : Root Command Injection( & How To Enable SSH )

Image
Command Injection Vulnerability in Kaon DG2448 & DG2144 Modems Command Injection Vulnerability in: Kaon DG2448 & DG2144 Modems Published on 7/30/24 3:17 PM Introduction In this post, I’ll be sharing my findings on a critical command injection vulnerability I discovered in the Kaon DG2448 and Kaon DG2144 modems. The vulnerability is a severe flaw that allows attackers to execute arbitrary commands with root privileges through the modems' web interface. I will explain the details of how the exploit works, the potential impact, and how users and organizations can protect themselves. The Vulnerability Overview Upon analyzing the modems’ web service, I found that several diagnostic functions are vulnerable to command injection. These functions include: Ping (under Diagnostics Tab) Traceroute (under Diagnostics Tab) NsLookup (under Diagn...

Telstra ZteMF910/v Exploit Scripts

 Telstra ZteMF910/v Exploit Scripts To utilize the exploits on the ZTE MF910V router, we will create a set of scripts in bash and HTML. These scripts will allow us to perform mode switching, enable ADB, execute AT commands, enable debug mode, exploit LFI, and gain root access. Let's go through each exploit and the corresponding scripts required. Mode Switching and Enabling ADB To perform mode switching and enable ADB on the ZTE MF910V router, we need to send HTTP requests to specific endpoints. We can achieve this using a bash script. Here's an example: language-bash #!/bin/bash # Mode Switching MODE_SWITCH_URL= "http://192.168.0.1/goform/goform_set_cmd_process?goformId=SET_DEVICE_MODE&debug_enable=X" MODE_SWITCH_VALUE= "1" # Change X to 0 or 1 curl -s -X POST -d "goformId=SET_DEVICE_MODE&debug_enable= $MODE_SWITCH_VALUE " $MODE_SWITCH_URL # Enabling ADB ADB_ENABLE_URL= "http://192.168.0.1/goform/goform_set_cmd_pr...

ZTE MF910V Root exploit

ZTE MF910/ZTE910B/ZTE MF910V/Telstra MF910v  This guide exists in both linux and windows format Please follow the instructions as per O/S or untill instructions converge |+++++++++++++++++++++++++++++++++++++| Default credentials: For ZTE MF910/ZTE910B/ZTE MF910V/Telstra MF910v root:oelinux123 Web Interface Password: password |+++++++++++++++++++++++++++++++++++++| Getting Setup: Download the mode switch html to run locally: http://lopoteam.com/3AY9 Also ensure you have ADB (Android Debug Bridge) installed on your computer: ADB: Linux: https://dl.google.com/android/repository/platform-tools-latest-linux.zip http://lopoteam.com/37Bw Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip http://lopoteam.com/37Ac |+++++++++++++++++++++++++++++++++++++| Lets Begin |+++++++++++++++++++++++++++++++++++++| Plug your device into the computer to download drivers. Linux: Open Terminal cd ...

ZTE MF910V Mode Switch / ADB Enable / AT Commands / Debug

ZTE MF910V Mode Switch / ADB Enable / AT Commands / Debug AT mode : /goform/goform_set_cmd_process?goformId=SET_DEVICE_MODE&debug_enable=X Change X to either 0 or 1 this enables and disables qualcomm services, Debub / Adb :  /goform/goform_set_cmd_process?goformId=USB_MODE_SWITCH&usb_mode=X Change X to be the value matching the desired mode. 1-4 is RNDIS 5 is CDC 6 is ADB. or this page is uploaded to any web dir: UPDATED(2017) Download this file: tools.html Upload it to any directory and use it to switch thru modes via html