{"id":286,"date":"2006-11-26T14:32:18","date_gmt":"2006-11-26T14:32:18","guid":{"rendered":"http:\/\/www.notmart.org\/index.php\/BlaBla\/Hacking_la_fonera..._part_III"},"modified":"2006-11-26T14:32:18","modified_gmt":"2006-11-26T14:32:18","slug":"hacking_la_fonera-_part_iii","status":"publish","type":"post","link":"https:\/\/notmart.org\/blog\/2006\/11\/hacking_la_fonera-_part_iii\/","title":{"rendered":"Hacking la fonera&#8230; part III"},"content":{"rendered":"<p>La fonera, that fully tivo-ified (as rms would say :)) wifi accesspoint by <a href=\"http:\/\/www.fon.com\">fon<\/a> was hacked two (now three:)) times, and it has always been patched very quickly.<br \/>\nThe last one that was discovered <a href=\"http:\/\/www.dd-wrt.com\/phpBB2\/viewtopic.php?t=5083&#038;postdays=0&#038;postorder=asc&#038;start=0\">here<\/a> with a nice tutorial <a href=\"http:\/\/bingobommel.blogspot.com\/\">here<\/a>,<br \/>\nwas fixed on the 0.7.1 version of their firmware, but there is still a very similar hole in the webform still about unescaped evil characters&#8230;<br \/>\nJust replace &#8220;\/usr\/sbin\/iptables -I INPUT 1 -p tcp &#8211;dport 22 -j ACCEPT&#8221; and &#8220;\/etc\/init.d\/dropbear&#8221; in step1.html and step2.html with &#8220;$(\/usr\/sbin\/iptables -I INPUT 1 -p tcp &#8211;dport 22 -j ACCEPT)&#8221; and &#8220;$(\/etc\/init.d\/dropbear)&#8221;<br \/>\nOnce done this follow the instructions of <a href=\"http:\/\/bingobommel.blogspot.com\/\">the last method<\/a> straightforward&#8230;<br \/>\nNow, it will be surely fixed in the next version and you know what? I hope that it will be fixed, because it&#8217;s a very serious security problem, but it&#8217;s very sad that everything it&#8217;s becoming more and more broken by design, so pleeeeease fon, open that ssh by default and we will all looove you \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>La fonera, that fully tivo-ified (as rms would say :)) wifi accesspoint by fon was hacked two (now three:)) times, and it has always been patched very quickly. The last one that was discovered here with a nice tutorial here, was fixed on the 0.7.1 version of their firmware, but there is still a very [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[108,109,110,102],"class_list":["post-286","post","type-post","status-publish","format-standard","hentry","category-blabla","tag-fon","tag-fonera","tag-hack","tag-howto"],"_links":{"self":[{"href":"https:\/\/notmart.org\/blog\/wp-json\/wp\/v2\/posts\/286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/notmart.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/notmart.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/notmart.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/notmart.org\/blog\/wp-json\/wp\/v2\/comments?post=286"}],"version-history":[{"count":0,"href":"https:\/\/notmart.org\/blog\/wp-json\/wp\/v2\/posts\/286\/revisions"}],"wp:attachment":[{"href":"https:\/\/notmart.org\/blog\/wp-json\/wp\/v2\/media?parent=286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/notmart.org\/blog\/wp-json\/wp\/v2\/categories?post=286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/notmart.org\/blog\/wp-json\/wp\/v2\/tags?post=286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}