LOADING...

How I found a bug in my own network




The House is Not as Safe as You Think: How I Found a Bug in My Own Network


We spend a lot of time learning about the OWASP Top 10 or practicing on websites like PortSwigger and TryHackMe.. It is a whole different story when you use those same tools on the router that is sitting right next to you.

 Last Week, I decided to test my home network like I would test a clients network. I did not think I would find anything because I am the one who set it up.. I was wrong.

1. Looking Around: Mapping My Network


Every good test starts with finding out what is connected to my network. I used Nmap to see what devices were talking to my router. I was not just looking for my computer or phone I was also looking for devices like bulbs my printer and the router my internet company gave me.

nmap -sV -p- 192.168.1.0/24

The scan showed me a list of ports but one thing caught my eye on an old device I had forgotten about: Port 8080 was open and it was using an old version of HTTP.

2. What I Found: A Simple Mistake


I used Burp Suite to look at the traffic and see how the device handled requests. When I looked at the login page I saw that the device was sending session information in a way that seemed suspicious.

When I tested the device for something called  IDOR I found out that I could look at the settings of devices on my network by just changing a number in the URL. I did not even need to be logged in.

3. Taking Control: From Guest to Admin


The bug I found allowed me to get the password for the devices web interface. In a few minutes I went from being a normal user on my network to having full control, over the device. From there I could have looked at all the traffic on my network. Used the device to get to other computers.

4. Fixing (What I Learned)


Finding the bug was fun. Fixing it was more important. I took three steps away:

 1.I updated the devices software because it was really old. The update fixed the bug I found.

 2.I moved all my IoT devices to a network. Now even if one of them gets hacked it cannot get to my computer or my personal files.

3.I turned off something called Universal Plug and Play so devices cannot make their rules on my network.

4.I turned off something called Universal Plug and Play so devices cannot make their rules on my network.


My personal advice:

 Always check yourcdigital devices is updated or not if they are not Updated then update them so any attacker can't hack them always be Clever about these things because if one mistake can compromise your full system so stay ethical stay safe 

ABOUT  ME:-

I am Meheraz Hosen Siam a Cybersecurity enthusiast focused on securing the digital landscape. I specialize in Web Application Penetration Testing and Security Research, helping identify and remediate critical security flaws before they can be exploited. You can help me with your suggestions in the comment section so post a comment and help me to improve myself 

 

Thank you for reading this article

#Bug #meherazhosensiam #Network Security #Penetration Testing #Vulnerability

Comments

Post a Comment

> SHARE_THIS_ANALYSIS:

> SYSTEM_REACTIONS: