Good info.
Bitmain Antminers are just as bad, with the API userid/password & port hardcoded into the firmware.
It is why you NEVER want to run an Antminer (or apparently an Innosilicon) directly connected to the Internet. It will be hacked and mining for others within minutes.
Topic: Hacking ASIC Innosilicon Miner (Read 372 times)
Ulnerability in ASIC Miners Innosilicon allows you to bypass the administrator password check and change the pool settings.
Attack is done through the web panel. By default, you need to go to the /html/generalsetup.html page to configure the pool, if you were not previously authorized, you will be automatically transferred to the /html/login.html login page.
When examining the pool settings page /html/generalsetup.html, the following code was found:
This javascript code checks the presence of the 'login' cookie in the user's browser, if the cookie is not present, then redirects to the Login page.
By adding the cookie name = 'login' value = 'true' manually, you can bypass the administrator password check and change the pool settings.
This vulnerability exists on all versions of Innosilicon ASIC firmware with this interface:
http://ipic.su/img/img7/fs/asic.1519071360.jpg
To search for ASIC, it is possible to use censys.io with the query 'Miner Console'
http://ipic.su/img/img7/fs/minerconsole.1519071271.jpg
Please donate:
BTC 1DJKmpCVGqyDZ2XgjQxKJgVa7V1JrJ3qAj
LTC LgAJKkXT8GHSdwbb3qVWkaWfJbgLxetfqH
Attack is done through the web panel. By default, you need to go to the /html/generalsetup.html page to configure the pool, if you were not previously authorized, you will be automatically transferred to the /html/login.html login page.
When examining the pool settings page /html/generalsetup.html, the following code was found:
Code:
var islogin = getcookie('login');
if(!islogin){
window.location.href='login.html';
}
if(!islogin){
window.location.href='login.html';
}
This javascript code checks the presence of the 'login' cookie in the user's browser, if the cookie is not present, then redirects to the Login page.
By adding the cookie name = 'login' value = 'true' manually, you can bypass the administrator password check and change the pool settings.
This vulnerability exists on all versions of Innosilicon ASIC firmware with this interface:
http://ipic.su/img/img7/fs/asic.1519071360.jpg
To search for ASIC, it is possible to use censys.io with the query 'Miner Console'
http://ipic.su/img/img7/fs/minerconsole.1519071271.jpg
Please donate:
BTC 1DJKmpCVGqyDZ2XgjQxKJgVa7V1JrJ3qAj
LTC LgAJKkXT8GHSdwbb3qVWkaWfJbgLxetfqH
Jump to: