Topic: KnC Miner : Security hacked - UPDATE with TOOL admin remove plz - page 6. (Read 25857 times)

That you should have some evidence beyond pure circumstance before slinging around legal threats?

Would you somehow have been better off if OP had been intimidated by legal liabilities into never discovering and posting this information?

P.S. If you don't want people "attacking" your gear through a public IP interface, simply configure it to not fulfill requests so promptly and politely.  Is it that difficult?

 

no not about entitlement.  he admits to attacking passwords of 28 miners. and in no place does he say he had permission.  the 2 miners I own 9.5 % of had a hashing issue during the time he was brute forcing miners.


 if I go to a gym locker and try a 3 digit combo lock 20 times a day until it clicks open I am breaking the law in most counties. even if I push it locked again.


the op admits to doing this with knc passwords.  so dude this is not about entitlement.  this is about the op admitting to attacking passwords on valuable gear. I am not the op. I am a part owner of 2 machines that  the op may have attacked.     so 28/1100 = 2.5% chance but I have 2 machines so about 5% chance he tried on my gear.  my gear had a loss unexplained loss of hash power.  what do you expect me to think?

Holy shit the entitlement here!

 So you attacked 28 logins of the 1100 plus miners and you were successful with them. your words not mine .  you claim to own 2 machines  so at best 26 miners are not yours.  did you get permission to try them?  so I do I know if one   or both of the machines I own shares in were not damaged by you?

 causing them to lose about .5btc each in hash.  look If no one comes to the thread other then me then maybe the 28 machines you hacked were not injured in terms of hash power. but  announcing to the world that you hacked /brute forced 28 machines puts you at risk for damages.  Any one including me and my 9.5 percent share of 2 Jupiter's (about 100gh) can say your  actions caused them harm. Frankly I am posting this here to say that brute forcing some ones password with out permission is not to clever in terms of liability .

  Can you prove the 28 machines  that were brute forced were not damaged? Can you prove you did not attack the machines I own a piece of?  Most people do not realize that for civil damage the proof is not  as high as it is for criminal damage.  So I am not slinging any mud I am pointing out that you may have set yourself up for problems. you should have asked for 30 knc owners to be testers.  

If you had permission to do a brute force attack on the 28 machines you should have told us that right up front.

Of course this kind of thing is a risk if you use a weak password and then forward the ports to allow incoming connections directly from the big bad internet.  Duh.  This goes for any device.

Well, just wait until the post goes public then! Hurry up and push KnC to patch up.
Can you imagine the horror once i post the full details?

For your information; the +1100 miners are public available on the net, everybody can scan and see them.
I bruteforced 28 logins, but i never actually logged in. Dont you know your KnC has a log? CHECK YOUR LOG BEFORE THROWING MUD!!!

I did think about it. I found it to be   bad timing on your part to announce you did this and that the announcement matches very odd behaviour  of our miners. What I would like to know is how many miners other then the two  mention have this problem which is why I posted this here.  You have admitted you viewed 1100 plus miners.  if only the two I mention have this problem after being viewed by you then most likely this has nothing to do with your testing.

Why should i screw with 2 miners, while i have 6 jupiters standing here.
Also, why screw with miners who are pwd protected, while there are hundres of miners with default login.

And mostly, why would i post a topic after screwing with miners.

Think about it ;-)

Quite frankly after   read this I think you owe  coins to us on this thread:

https://bitcointalksearch.org/topic/dz-mc-round-5-6-knc-jupiters-please-move-s-and-discussions-here-334360

I believe you screwed up our 2 miners
we have a 2-3 day coin less gap

https://blockchain.info/address/19NAwha8LGpRFEBwRgjH5ZMB9YyXeqyY9V

https://blockchain.info/address/13fGQGmb6Xi576ppJTkeXk34yDDRmvxjm4

 (Eleuthria )
this direct appeared on both out payout addresses and we lost coins..  the timing matches to your playing around with out 2 miners  along with 1100 other miners.

A 'true' factory reset does exactly the same on sofware level then a 'software' factory reset
Just some minor details change, the miner connects to a server of KnC to get some info, that's it.

Ok.
But just wanted to check its different than brute-forcing the credentials of the remote miner
And loading your custom rom on it.

And would like to confirm that a true factory reset (not software - but the physical hold for 5 seconds to load image from rom, etc)
is unable to restore the miner to its default.

No, the details are not public yet.
There is a significant difference in making a custom rom, and explaining how you can gain access to thousands of remote miners out there.

Custom ROM is intented to use on your own hardware.

My hack is intented to remotely control another miner, making it useless to the owner, since he can no longer login.

Aren't the details already public?
Correct me if I'm wrong, but aren't you in effect trying to create a custom rom like bertmod?
The hash information is already out there...

LMFAO!!!

It also goes without saying that you should not use port forwarding direct to the miner (for remote access) when using a router. I have heard of some people doing this. Best to use some kind of intermediate jump box that can be locked down more securely than the beagle bone.

And everyone thought this was HashFast, well played OP!

http://eligius.st/~wizkid057/newstats/userstats.php/1Nbq2XZaRsKknf5fcT2wTXvBS31PaUWSeX

... API ...

I don't have a KNC but thank you for the info. Other miners maybe vulnerable too and a really good password is a must. I'm not a network expert but hiding your miner hardware behind a router is a great idea IMHO. So thanks 

Mod note: This is probably an elaborate scam to trick you into downloading malware https://bitcointalksearch.org/topic/m.4807591 You should still not expose miners to public internet though

EDIT: SEE PAGE 5 FOR MY PROVE OF CONCEPT APPLICATION
Hi all,

So, what else to do in my spare time while mining some BTC? Exploiting security holes in my hardware.
It turns out that every KnC miner can be hacked within 5-10 minutes, making it possible to control the CGMiner remotely.

I've submitted a higly detailed report to KNC, explaining how i did it, and how they can patch it with a new firmware upgrade.
To avoid a huge breach, i will not reveal all details, but i give you a short summary [proof of concept].

1: Scan the internet, using a special tool, for the default KnC Miner header response

EVERY miner uses this header, so in 10 seconds, i found about 1180 responses vulnerable to my attack.

2: Cricial information remains hidden for public, but the http digest can be bypassed with ease.

3: Run basic HTTP bruteforce. Since the digest is bypassed, i can run unlimited bruteforce attempts.
Within a timespan of 20 minutes, i managed to bruteforce 28 miners !! (Most of them poor passwords tough)

Now comes the fun part...

Login using SSH. If the SSH port is not enabled, simply login to the web console and enable it.

The source code of tells us exactly what we need.

VI (edit) the default factory files, as found in the factory reset code, making a second login inside the factory reset files.

The digest file requires you a special hash to create the password. This can be done using special tools, but for safety reasons, i will not go further on this part in public.

Alter these files to gain access after factory reset


Now remove all the default credentials in the factory files, making it impossible to login using the default admin:admin for the owner

RUN THE FACTORY RESET...

And enjoy your personal miner, that just became unusable to the owner, since he can no longer login.

Disclaimer:

I intend to do no harm. No miner has ever been in my control, or ever will be. I just expose this threat to put pressure on KnC to hurry their firmware upgrade.
Do not ask or PM me for information about this hack, it will not be provided !! Only KNC has the entire manual !


Note to all KnC miners out there: Please change your passwords to long, safe password!
If needed, simply hashing your firstname to MD5 will do the trick to scare away hackers.

PLEASE USE A ROUTER INSTEAD OF DIRECT INTERNET ACCESS !!!


Greetings!!

EDIT: Email to KnC


EDIT: SEE PAGE 5 FOR MY PROVE OF CONCEPT APPLICATION