Maybe im not so sure about getting a Jupiter now, Until this vulnerability gets fixed with a new firmware update.
Where were you going to buy one from anyways?
Topic: KnC Miner : Security hacked - UPDATE with TOOL admin remove plz - page 3. (Read 25842 times)
January 22, 2014, 11:48:27 PM
Where were you going to buy one from anyways?
January 22, 2014, 09:56:14 PM
If you're not a script kiddie, you would be able to figure out how to trick his app into scanning everything. Keep that in mind when you release it steve.
January 22, 2014, 04:46:04 AM
Hi all,
I'm sorry, but at the moment I have another priority task :-)
I will publish it later this week!!
About the open source demand, due to the nature of this application, of course, for general safety open source will be impossible.
There is no need for the entire world to be able to exploit mining rigs!
You will only be allowed to scan your own network ;-)
There will also be an option that scans your entire network for weak or exposed devices, showing whether there is a known exploit available or not, like your router etc.
Please stay tuned!
I'm sorry, but at the moment I have another priority task :-)
I will publish it later this week!!
About the open source demand, due to the nature of this application, of course, for general safety open source will be impossible.
There is no need for the entire world to be able to exploit mining rigs!
You will only be allowed to scan your own network ;-)
There will also be an option that scans your entire network for weak or exposed devices, showing whether there is a known exploit available or not, like your router etc.
Please stay tuned!
January 22, 2014, 03:13:36 AM
Yes awaiting Sunday
January 22, 2014, 02:53:25 AM
Stay tuned, i will compile all this into a nice running GUI by sunday evening 
Sunday 
You mean next sunday January 22, 2014, 02:51:04 AM
You guys need to quit port forwarding/DMZing everything to the internet so blindly. One thing that would have completely prevented your kncminer from being a target is setting up a VPN on a computer inside your network, and forward only the necessary port to connect to it. Then using the VPN session, log into your miner. Then no matter what bug is in kncminers firmware, if it's not receiving inbound connections from the internet, it is unhackable. (Unless of course one of your own machines are compromised.)
January 22, 2014, 01:55:50 AM
Since KnC patched up, i'm going to compile my injection application and release it to the public.
However, some restrictions will apply for general safety!!
-- My application will be limited to ONLY scan your OWN subnet or IP range (127.0.x.x and 192.168.x.x).
-- This application will act as proof of concept, no changes to the miner itself can be made.
-- The newest firmware bug will spill out your login without authentication
The reason i will release the application is for miners to test their own miners against the exploits in the firmware.
Stay tuned, i will compile all this into a nice running GUI by sunday evening
NOTE: STOP asking me in PM about the full exploit in the new firmware. This will not be revealed !
However, some restrictions will apply for general safety!!
-- My application will be limited to ONLY scan your OWN subnet or IP range (127.0.x.x and 192.168.x.x).
-- This application will act as proof of concept, no changes to the miner itself can be made.
-- The newest firmware bug will spill out your
The reason i will release the application is for miners to test their own miners against the exploits in the firmware.
Stay tuned, i will compile all this into a nice running GUI by sunday evening
NOTE: STOP asking me in PM about the full exploit in the new firmware. This will not be revealed !
Needs to be open source. Otherwise you will be stealin our wallet dot dat's!
January 19, 2014, 01:45:54 AM
I'm extremely addicted at looking at my Antminer S1 miner from anywhere, lol. I have to be able to connect to it from anywhere. I got a hotspot on my phone...
I still have the default root password of root on my S1, however:
- 1. My ddwrt router can only be managed remotely from 1 IP address
- 2. My Antminer S1 can only be managed by 1 IP address
- 3. My Antminer S1 can only ssh'ed to by 1 IP address
- 4. Ports 80, 443 or 22 are not the ports to connect to
Amazon EC2 micro instance for free (I think it's still free). I have paid about $1/month for the past 3 months and it's only because I've exceeded the data transfer quota. Set one up. Install OpenVPN on it. Install PPTP VPN on it (for tablets and cell phones). This is your personal VPN server and you don't need to pay nobody (pun intended). You can use this when using unsecured public wifi.
Choose ubuntu instance. apt-get the necesary packages. Guides are out there. EC2 requires opening the necessary ports as well as on the Ubuntu hosts. If I somehow find the time and feeling energetic I would write a detailed step-by-step and post it on a webpage, but I doubt it will be anytime soon...
January 18, 2014, 01:49:28 PM
Since KnC patched up, i'm going to compile my injection application and release it to the public.
However, some restrictions will apply for general safety!!
-- My application will be limited to ONLY scan your OWN subnet or IP range (127.0.x.x and 192.168.x.x).
-- This application will act as proof of concept, no changes to the miner itself can be made.
-- The newest firmware bug will spill out your login without authentication
The reason i will release the application is for miners to test their own miners against the exploits in the firmware.
Stay tuned, i will compile all this into a nice running GUI by sunday evening
NOTE: STOP asking me in PM about the full exploit in the new firmware. This will not be revealed !
However, some restrictions will apply for general safety!!
-- My application will be limited to ONLY scan your OWN subnet or IP range (127.0.x.x and 192.168.x.x).
-- This application will act as proof of concept, no changes to the miner itself can be made.
-- The newest firmware bug will spill out your
The reason i will release the application is for miners to test their own miners against the exploits in the firmware.
Stay tuned, i will compile all this into a nice running GUI by sunday evening
NOTE: STOP asking me in PM about the full exploit in the new firmware. This will not be revealed !
January 17, 2014, 01:44:54 AM
Maybe im not so sure about getting a Jupiter now, Until this vulnerability gets fixed with a new firmware update.
January 16, 2014, 10:48:45 AM
January 16, 2014, 06:29:14 AM
how bypass the http digest ? i want try this hack on my knc
January 15, 2014, 08:18:14 PM
This guy is abrasive like I am
January 15, 2014, 08:16:50 PM
January 15, 2014, 12:38:22 PM
Since KnC does not even thanks me for writing a detailed report, consuming several hours of my time, it's not worth it to me to write another one.
They DID implent every bugfix and security improvement i emailed them, and now taking credit for it... Lame ass f*ckers!
If the script kiddies find out this new (ridiculous) bug in the miners, rest assured that many rigs will be taken over.
They DID implent every bugfix and security improvement i emailed them, and now taking credit for it... Lame ass f*ckers!
If the script kiddies find out this new (ridiculous) bug in the miners, rest assured that many rigs will be taken over.
Sure they could have said something and should have, but are sure it was in fact you and not someone else that emailed them before you but followed industry best practice and didn't make a post on a public forum with a lot of the technical details?
Of course this reply continues to destroy any creditability with respect to the massive amount of professional experience you say you have. As you continue this campaign I doubt more and more you were genuine to begin with and were at best a fame seeker, at worse malicious..
January 15, 2014, 11:43:26 AM
KnC released a new firmware with all my points emailed to them taken into account.
THANK YOU KNC
However....
The new firmware has a HUGE security flaw. BUT...
Since KnC does not even thanks me for writing a detailed report, consuming several hours of my time, it's not worth it to me to write another one.
They DID implent every bugfix and security improvement i emailed them, and now taking credit for it... Lame ass f*ckers!
If the script kiddies find out this new (ridiculous) bug in the miners, rest assured that many rigs will be taken over.
THANK YOU KNC
However....
The new firmware has a HUGE security flaw. BUT...
Since KnC does not even thanks me for writing a detailed report, consuming several hours of my time, it's not worth it to me to write another one.
They DID implent every bugfix and security improvement i emailed them, and now taking credit for it... Lame ass f*ckers!
If the script kiddies find out this new (ridiculous) bug in the miners, rest assured that many rigs will be taken over.
Quote
We have a new firmware for you today, version 0.99.2 firmware which can be downloaded from our firmware page here: https://www.kncminer.com/pages/firmware The firmware contains the following changes.
New features:
- Initial splash screen on first use now asks the user to specify a new administrator user name and password and also a enter a list of trusted addresses allowed to manage the miner. (Please note that by entering trusted addresses incorrectly you could block your access to the miner. The only way to regain access would be to perform a hard reset by pressing the button on the front of the miner 5 times, waiting 5 seconds and pressing another 5 times, as described in the user manual)
There you go, just as i suggested it.
- Miner management can be configured to allow access for trusted addresses only. The trusted addresses should be specified by using space separated addresses from which the miner is allowed to be accessed via HTTP and SSH.
That's about time!!
- List of trusted management addresses can be changed on the "Network" page of the miner interface.
- On the "Mining" page there is now a setting which allows to the user to specify which addresses can access the miner's API interface.
- Added support for BFGMiner, which is now selectable from the "Mining" page of the interface.
Thanks,
KnC team
New features:
- Initial splash screen on first use now asks the user to specify a new administrator user name and password and also a enter a list of trusted addresses allowed to manage the miner. (Please note that by entering trusted addresses incorrectly you could block your access to the miner. The only way to regain access would be to perform a hard reset by pressing the button on the front of the miner 5 times, waiting 5 seconds and pressing another 5 times, as described in the user manual)
There you go, just as i suggested it.
- Miner management can be configured to allow access for trusted addresses only. The trusted addresses should be specified by using space separated addresses from which the miner is allowed to be accessed via HTTP and SSH.
That's about time!!
- List of trusted management addresses can be changed on the "Network" page of the miner interface.
- On the "Mining" page there is now a setting which allows to the user to specify which addresses can access the miner's API interface.
- Added support for BFGMiner, which is now selectable from the "Mining" page of the interface.
Thanks,
KnC team
January 07, 2014, 05:52:09 AM
When I used to mine I never had a miner exposed to the internet, instead if I wanted to do any remote work I would SSH into a laptop that was open to the internet and on my miners network then SSH into my miners or however they were managed. This is fine as long as the bridge (laptop) is secure in this instance.
January 05, 2014, 05:50:17 PM
1. Firewall the system from remote access, there is no reason any port on a KNC Miner needs to be accessible on the open internet, it works fine from behind a NAT on a home router, etc.. If you need remote access recommend a VPN solution as an option.
This.
Never ever expose your miner directly to the internet.
Do not assign public IP to miner network interface.
Even if you're using a private address for your miner do not trust your router fw/firewall.
Router firmwares are updated once in very long while, they reach support EOL quite rapidly. Taking this into account implies using your router port forwarding is moot.
Use a bridge system between your router and your miner(s). Be it a linux hardened box or an OpenBSD one.
Set up a firewall on this machine that do both ingress/egress filtering. Set up a VPN service on this bridge box. Access to the miner only through this VPN service.
If you do not have a static IP spend a few bucks a month for a VPS with a static IP address and use n2n (a layer two p2p VPN) to mimic a more classic VPN set up.
January 05, 2014, 04:11:25 PM
Padrino is right at most of the part.
The remote CGminer exploit can be executed without privileges to the system.
As my tests with a specific portscanner proof, the high portnumber cgminer uses by default is not always closed by the router.
My own router had the port 'filtered', but not closed. That's how i got my cgminer hacked.
Padrino, about the 'Nobody' user, like posted, i was looking via my smartphone in a quick hurry via SSH.
While i was loosing about 5Th/s to a hacker, please excuse me for posting reply to fast
So, lesson learned here. DISABLE the remote CG management, and your safe.
Well, at least from the remote CG exploit...
The remote CGminer exploit can be executed without privileges to the system.
As my tests with a specific portscanner proof, the high portnumber cgminer uses by default is not always closed by the router.
My own router had the port 'filtered', but not closed. That's how i got my cgminer hacked.
Padrino, about the 'Nobody' user, like posted, i was looking via my smartphone in a quick hurry via SSH.
While i was loosing about 5Th/s to a hacker, please excuse me for posting reply to fast
So, lesson learned here. DISABLE the remote CG management, and your safe.
Well, at least from the remote CG exploit...
January 05, 2014, 02:09:36 PM
I don't see any issue, this is just fud. If you have a router you're safe. Tell me how the hell this miner opens ports when bitcoind with upnp can barely do it.
Jump to: