Why “and beyond”?: exploit features creatively (pt 2)
çPhish admin password of ZyXEL Prestige routers via Dynamic DNS poisoning [link]
¼1. Compromise DDNS service credentials
●Extract from ‘/rpDyDNS.html’ after exploiting privilege escalation vulnerability [link]
● Via SNMP (OID: .1.3.6.1.4.1.890.1.2.1.2.6.0)
¼2. Login to www.dyndns.com with stolen credentials and make domain used to manage device resolve to evil site
¼3. Wait for admin to enter password on spoof login page “evil site”
ç