Sethioz Industries Forum

[Sethioz]

first i gotta say that this is really EVIL

i will not name the ISP names here, but everything else will be revealed.
here i simply explain what i did:

1. i found a wireless network and cracked it's password.
2. now i tried the default admin login (admin:admin), you can also try these:
Administrator:blank password (just leave empty)
Administrator:administrator
admin:admin
admin:blank password
administrator:administrator
...etc, usually if you trying to log into router, it will tell you the name of the router (or at least brand) on the page (webpage is named "router name"). so look it up in google, you should get idea what the default pass is.

- additionally, if the password is not default, then it is possible to use brutus to bruteforce the admin login. im very sure that on 99% of cases, username is admin or Administrator (usually not case sensitive, but might be, if so, then admin and Administrator are most common).

3. i went into the settings of router and looked up what method it uses to connect with ISP.
- it was set to PPPoA
- using username:password provided by ISP

4. password was ******* as usual.
5. i used "firebug" to reveal the value for ******* (password).
- so now i have username:password for the internet connection.

6. now i just connected my own router to a phone line that uses the same ISP (most likely any phone line would do, in same neighbourhood, not sure if theres some filters or not, but if it uses user:pass, it should not be limited to location, only to country).

7. so all i needed to do now, is to set my router to use same method:
- PPPoE
- VPI/VCI = 0/38
- username = blahdoh@isp.com
- password = aliens (not revelead here)

8. clicked connect ! and i got somebody elses internet connection.

//////////////////////////////////////////////////////////////////////////////////////
Q: is this legal ?
A: ofcourse not !

Q: can i get cought ?
A: absolutely NOT !
- let me explain, all these phone lines are connected and they end up in ISP.
- internet is account based
- for example user victim1@isp.isp have a subscription, they ONLY way to get a subscription is to sign up, you will provide them your name and address. so if somebody uses "victim1@isp.isp", then they will know that it was the person who signed up.
it's basically like cellphone, if other person grabs your cell at a party and does something stupid with it, then you will get the blame for it.
- only way to track users, is by their account
- yes, smarted ppl will think .. MAC address .. hmmm.
yes ofcourse, but if ill change my router's mac ? then what ? for example i have one old router and it is bought from even different country, so there is no need to even change MAC. however they will NOT track MAC addresses, because it is account based. everybody are free to buy a new router and configure it to use their account.

//////////////////////////////////////////////////////////////////////////////////////

NOTE: first i connected 2 routers using same phone line and it kicked both of them offline, so it means that one phone line can NOT handle two internet connections, but otherwise it works perfectly.

UPDATE: seems like that it is not about DSL (phone line) at all. one of the router's was offline (power cord was out) and as soon as i plug the wire into the filter (small box that converts the phone line into DSL), then my router lost connection. it seems that it is about this converter/filter box. there's 2 main lines and 2 filters/converters, but it doesn't seem to be working.

[KEN]

[Sethioz]

i never even noticed this reply until now.
as i explained, i cracked the wireless password, logged into router's admin area, where you can configure it.
where you see ********** use firebug or similar tool to reveal the username and password. usually username is visible, only password is masked.
then i put same settings into my router, connected it to DSL and worked fine.

[KEN]

I tried it at that time. Here our routers won't connect maybe because of the landline.
the username here are xx_123456789
where xx are 2 alphabets and numbers is the landline phone number.
If I use someone else's username there, even with correct password it won't connect since the username there should have my landline number.

[Sethioz]

i don't know exactly how ISPs work, but im assuming they assign them to their hubs. you have to find out where is your closest hub. all people using that hub can hijack eachothers stuff.

think about a hub as it were a router in a big house with many rooms. or a hotel.
lets say with 50 ethernet ports. they all connect to same point. so if you use MAC filtering and assign different permissions to different people based on MAC, then if one of them clones a MAC, there is no telling who is who.
router does show which ethernet port is used, but ISP hubs shouldn't show it. they might tho, never really thought about it.

what im quite sure in, is that they are hiding this kind of information very well and there must be a good reason for that. best way to protect against attacks, is to hide vulnerabilites. i haven't found any detailed information on how ISPs work exactly.

im not even 100% sure how they assign phone numbers. probably hub does seperate each cable. have to do more research on this.
you should try your neighbour's. it should work.
also it might be MAC filtering. you can test by swapping your modem/router to another one and see if it still works.

for example cable modems mostly work based on MAC. ISP verifies your MAC and gives you internet based on modem's MAC. so if you want new modem, you must notify them and ask them to update the MAC.

[KEN]

Got my friend's modem to my house, tried my user / password, and it works.. used his and it doesn't..
Then I took my modem to my friend's house and used his user / pass and it works.. with mine it doesn't.
I'm assuming our connection is limited to our Landlines.. Until the DSL is connected to the landline number to which the user and pass belongs, It's not working.

[Sethioz]

its very odd. if it has been limited to your house, why would you even need user/pass ?
post your modem/router settings. sensor sensitive information, i just want to take a look at the setup.

also do you know where does lan line come to your house ? is there a hub / junction box nearby ?
are you and your friend using same hub / junction box ?
if you don't know that, then how far does your friend live from you ? (distance i mean).

[KEN]

This is how this internet works:
ISP > Landline > Modem.

ISP gives us modem and connects it's the same for everyone no matter who uses it everything about it will be the same.

The dsl comes from the POLE to the Landline and then to the Modem.

The thing is, our username.. we all have our landline number + 2 random alphabets as our username.
So when you connect the dsl and use a username which does not belong to that landline, it wont work.

[Sethioz]

how do you think they map the landline numbers then ?
telephone have no settings. they ALL work with any landline, meaning that number has to be static and it is assigned to house somehow.
my guess is that they assign it to house from junction box / hub. that "pole" you are talking about, has all house lines going there ? and from there, it goes underground and from there they all end up in some kind of a hub.

that hub seperates all the houses.
so if you climb on that pole, cut your line off from your side and connect it to somebody elses, you will have their number and you can use their internet with proper settings.
it highly depends.
some ISPs use just one line. they all connect to same line and only thing seperating them is username / password in PPPoE.
still i would like to see your modem / router settings. is it PPPoE ?

[KEN]

Yes that POLE have a hub which separates the numbers..
and it's PPPoE but we can change that to 'Bridge' on our free will at any time, but we still have to use the same user / pass on router settings.
Which settings you want? there are lots of them, WAN , DSL..etc.

[Sethioz]

nah you make no sense. bridge and PPPoE are not same. its not possible that they work same way.
at least shouldn't. using bridge, you should not even be able to enter user / pass.
people there are probably fucked up and don't know what they do. i bet its easy as hell to hack free net there.

i mean the whole settings that relate to ISP. everything that helps you connect to ISP

[KEN]

Opps.. said it wrong.. i confused bridge with PPPoE.
I go to modem settings and if i chose PPPoE I have to enter user / pass here once and internet is always on:

and if i choose bridge we have to enter user / pass here and press "connect" to connect to the internet:

This is the diagram I found about how all these connection works, the "phone line from exchange" refers to the "Pole".

[Sethioz]

yeah its almost same here.
however what are options under "authentication" ? it says AUTO, but what are manual options ?
I think they have blocked other usernames from the hub, but then again .. WHY do you even need username ?
i don't understand this double security. even if it is split from the hub, that data is still sent via one line to ISP.
so maybe if you bypass the hub using hardline, then you can use somebody elses line. i don't know the system so well.
What i mean, is that if you are behind the hub, it detects that this is YOUR address/house and won't allow any other username.
but if you would be connected BEFORE the hub, it can't block usage of otherusername.

bit confusing, but if you think about it, you see what my point is.
either way, it's hard to find any details what prevents from using other person's user/pass from your place.

[KEN]

Under authentication are:
Auto
PAP
CHAP
MSCHAP

I see what you mean.
Getting a connection before the hub is difficult.Considering it's right on the road filled with lots of people, and you cant climb up there in broad daylight. :P

[Sethioz]

im still not sure how they know which one is which. i was just guessing its a hub. maybe all of these wires go into one anyway and there is something you did not test.
i don't know how phone lines work really. i do know that in 80s - 90s there were lot of problems lines get tangled up. for example if you picked up your landline, you did not hear the dialing tone, but you was able to hear somebody elses phone call.
so they must have been using same line or something.

anyway i don't really know what else you can try. find a way to monitor what is sent / received by your router/modem. that would help.

im not sure how tho, maybe some hardware based packet interceptor / sniffer. see what you can find on google.
can't bother with it right now. something like "how to capture packets sent by modem" ..etc

[kocoman]

what wireless dsl router have this password stored in plaintext/html?

is it possible to change the speed profile ?

[Sethioz]

what are you talking about, what password?
you mean the PPPoE password or what? PPPoE is always in plain text, hidden behind asterix things ***** which can be revealed with any html editor or by simply looking at the source.

speed profile? and how does this fit into this topic. (if you mean dl/up speed, NO, ISPs are not that retarded anymore...but in other hand maybe in some countries they are and keep those settings in router itself, but i highly doubt).

[XaneXXXX]

This looks really interesting, you know if it still works with today's routers? :)

[Sethioz]

ofcourse it does, anything using PPPoE will work, however i'm more than sure that in most countries it will still be limited to the closest junction box.
I mean how does ISP track people? how do they know who is who?

They have a junction box and have like 10 people connected to it, if they need to track where the connection comes from, from their end, they see the junction box first and from there they can track these 10 people.
So if you are behind same junction box, you should easily be able to take over the internet.
Well using PPPoE it's not really necessary, since they know who owns which connection, if you use somebody's connection and do something naughty, they get the blame.

Same with MAC addresses, but for security most ISPs limit it to junction box, this is best they can do. so in big city areas, if you have like 100 people or more behind one box, they have no idea wtf is going on. or even if there are 2 people and you take over somebody elses internet, there's no way they can track it was you, because you appear to be the other person. it's like cellphone cloning back in the days when SIM cards were vulnerable. If you cloned a card, you received calls at same time and was able to call from other people's numbers. it was big issue back in days. so its basically same.