I saw an interesting story. Let me tell you.
To escape that stressful world, my partner and I headed to Venice a few days ago for a vacation. If you’ve ever been to Italy, especially the north of Italy, you know that italians aren’t very forgiving of us tourists when it comes to prices. That’s why I had to book an ordinary four-star hotel on the outskirts of the city and take the train from there to Venice.
Although it is a four-star hotel, it is a very luxurious place. Many of their customers are wealthy, with fancy cars, clothes and so on. I checked in and took my things to my room. There I found a business card with the hotel’s Wifi password. At first, I just wanted to find out about Venice. Places to go, places to eat, and things to visit often.
While searching for information I needed to travel, I noticed that the Wifi was very weak and there were too many people on the same network at any one time. The first thing that came to mind was for everyone to disconnect Wifi first, and then for my phone to connect. For this task, I came up with the idea of using router Settings to take everyone offline first.
The problem is that routers require a user name and password to log in. But I couldn’t walk up to my desk and ask for their router details. At this point, I told myself, ok, crack it.
Repeated attempts to use various default passwords and usernames seem to have no effect. I have an app on my SD card for such emergencies. Why not give it a try? You installed the application and got as much information as you needed from the manufacturer. Reading very detailed papers on these routers, I found a directory traversal path vulnerability that happened to be the same firmware used in the router.
There’s a problem. I need to check and view the page source code to complete my attack. It’s getting harder and harder every minute to do it with just my phone. While it’s difficult to get the source code for checking and viewing pages from your phone, you can do it by downloading the Firefox for Developer mobile app. The specific method can be searched, but I won’t expand it here.
After I solved the problem of checking and looking at the page source code, all I needed to do was test the various endpoints and get directory traversal. The list of contents was also one of the things I discovered.
I reported my findings to the hotel staff. He asked me to talk to his boss. I explained to him how dangerous it was for his business.
Hotels are not just for people sleeping on holidays. Many important companies use them for events. Some companies even send employees there for a few days to attend corporate training courses or set up financial deals with partners. They all use the Internet for this.
He took an interest in my work and was an easy person to understand. We all know it’s “illegal” to do this, but only up to a point. This is not done to cause economic damage or worse. I told him how to solve the problem. The first is to update his routing firmware, which is very out of date. And finally, in return, I get a full week free of charge next time I go anywhere they own a franchise.
I spent more time trying to find a way to use my phone’s browser as I do on my computer than trying to find or exploit vulnerabilities on my router. This means that you’ve learned how to complete the hardest parts of the entire story, which can help you in the future. Some tips when trying to test a router always start with the firmware version, the file extension used, and the model manual.
The last word
To find bugs, you need to have some network knowledge, you need to be able to view the source code, and you need to know the firmware versions of certain products. If you spot a bug, you have a great chance to win a bounty or reward.