Tweet
Mass Owning of Seedboxes - A Live Hacking Exhibition.
Anon, Hacker, He/Him
Demo, Tool, 45
"No one hacks at DEFCON any more." is what I've heard. That is, until
now. Seedboxes/seedhosts are used by thousands of pirates to download and distribute Movies/TV/Music via USENET and Torrents. The thing is, these systems are horribly insecure. Like, they are wide open. In this talk, I am going to open up a xterm, And a FireFox window, and hack into seedhosts. LIVE. No Demos. No Powerpoint. No introduction slides. Just port scan, attack, 0wn, extract credentials, download all content, obtain other users' credentials, etc. For literally thousands of accounts.
Did you know people store their Google Drive tokens on seedhosts? Did you know that your seedbox provider has no idea how to properly configure docker? Did you know that your plain-text password is sitting in multiple places on these machines, accessible to all other users? Did you know that administrators for very-large private torrent sites re-use the same password for all their accounts, and leave them on seedhosts? Let's hack.
The presenter has been attending DEFCON for ~20 years, and has run
various villages and contests for over 10 years. A professional
pentester for over 24 years, his previously released research and tools
are present in MetaSploit, blog posts, blah blah blah. The hacker is a
long-time member of AHA (Austin Hackers Anonymous - takeonme.org )
and is well known for their "this one time on a pentest" stories.
The thing is though. We aren't going to tell you their handle/name. It's
not important. You don't need it. Don't pick a talk by how famous someone
is.
REFERENCES:
https://censys.io/
https://en.wikipedia.org/wiki/Bash_(Unix_shell)
https://nmap.org/
https://sonarr.tv/
https://radarr.video/
https://github.com/Novik/ruTorrent
https://rclone.org/
https://nzbget.net/
https://sabnzbd.org/
https://en.wikipedia.org/wiki/Seedbox