10-17-2024, 09:15 AM
(This post was last modified: 10-17-2024, 09:16 AM by ToxicAvenger4.)
As my first post lets start off with a bit of a bang.
All Bitcoin miners no matter the manufacturer all have the same flaw. They all run a lightweight open source web server Lighttpd 1.4.32 for remote configuration of the machine which is redundant if you understand how to mine cryptocurrencies cause there should be no situation where you cannot physically access your machine and need to remotely access it.
Whats this mean? Well that means many MANY Bitcoin, Ethereum and Litecoin miners have open HTTP login pages pointed to the internet. Login pages that are highly vulnerable to bruteforcing, directory traversal and XSS and SQL injection. Theoretically an attacker could gain access to an entire Bitcoin mining farm in a matter of seconds more realistically a couple of hours and change their output to a private pool the attacker owns. Even without gaining access one could in theory compile a list of miners IP's and DDoS them offline taking down a few thousand miners would have a direct impact on the market prices allowing for someone to short and distort the markets at will. No miners ='s no transactions.
How to find them? Shodan, Censys whatever service floats your boat use queries such as "Antminer", "Jasminer", "Avalon" and watch all the IP's with open HTTP ports pop up. Most of which have Lighttpd 1.4.32 running if you were to click on one it will bring up a very basic login page. If one were able to cause the miner to reset with say a DoS attack( CVE-2013-4560) most miners revert to the default login "root/root" or "(at sign)root/root".
Enjoy!
All Bitcoin miners no matter the manufacturer all have the same flaw. They all run a lightweight open source web server Lighttpd 1.4.32 for remote configuration of the machine which is redundant if you understand how to mine cryptocurrencies cause there should be no situation where you cannot physically access your machine and need to remotely access it.
Whats this mean? Well that means many MANY Bitcoin, Ethereum and Litecoin miners have open HTTP login pages pointed to the internet. Login pages that are highly vulnerable to bruteforcing, directory traversal and XSS and SQL injection. Theoretically an attacker could gain access to an entire Bitcoin mining farm in a matter of seconds more realistically a couple of hours and change their output to a private pool the attacker owns. Even without gaining access one could in theory compile a list of miners IP's and DDoS them offline taking down a few thousand miners would have a direct impact on the market prices allowing for someone to short and distort the markets at will. No miners ='s no transactions.
How to find them? Shodan, Censys whatever service floats your boat use queries such as "Antminer", "Jasminer", "Avalon" and watch all the IP's with open HTTP ports pop up. Most of which have Lighttpd 1.4.32 running if you were to click on one it will bring up a very basic login page. If one were able to cause the miner to reset with say a DoS attack( CVE-2013-4560) most miners revert to the default login "root/root" or "(at sign)root/root".
Enjoy!
