Once again Stefan and Michael exploited la fonera to get shell access , even on latest firmware release 0.7.1-2.
For the impatients just do the following
- connect to web interface of la fonera via “My place”
- change the dns to 88.198.165.155
- reboot la fonera
- enjoy your ssh access
- change the DNS entry to the one of your choice ( I suggest OpenDNS 208.67.222.222 )
For all those who wants to go deeper , read directly on Stefan web site.
It’s chillispot.conf injection via fake radius server and DNS spoofing.
Congratulation guys , you’ve got talent !
skynetbbs 10:48 am on March 14, 2007 Permalink |
nice…i’ll test this out this evening
antonde 6:02 pm on March 14, 2007 Permalink |
update 14/03 @ 17.01 UTC
It works
Rui Ponte 2:24 am on March 15, 2007 Permalink |
My Connection via SSH is refused
PLEASE HELP ME
skynetbbs 11:36 am on March 15, 2007 Permalink |
I didn’t even have to reboot so it seems?
antonde 12:02 pm on March 15, 2007 Permalink |
@skynetbbs I had to enable permanently dropbear by hitting mv /etc/init.d/dropbear /etc/init.d/S50dropbear to have port 22 open.
What did markchiang learned? 4:42 am on March 29, 2007 Permalink |
再次破解 fonera
上次是用injection, 這次是用DNS spoofing 給他個假的RADIUS server 就搞定了…
Fonera 3:12 am on March 30, 2007 Permalink |
If you are looking for a guide to hacking the Fon, this is the most detailed (with screenshots).
http://www.digg.com/gadgets/Hack_FON_Router_over_Ethernet_Easiest_La_Fonera_Tutorial_Yet
Krosa » La Fonera 4:30 pm on April 3, 2007 Permalink |
[...] AGGIORNAMENTO: Sono riusciti ad hackare “La Fonera” senza bisogno di un cavo seriale JTAG. Più info qui: http://fonblog.wordpress.com/2007/03/13/la-fonera-hacked-again/ [...]