var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

Peplink Routers
#1
Hello friends, I am here talking about a router Why? You say, well. Peplink routers, Are an SD Wan router made for combining cellular, dsl, satellite and other internet streams and using a logical sd wan to aggregate them into one stream, this utilizes a receive buffer, as well as "peplink secret sauce" which is there sd wan aggregate tools. I have taken all the trainings, but what I found is they use a platform called InControl2, this platform lets users register a router and have omnipotent cloud access. If a router has not been registered to InControl2 it can be added and the person who adds it holds the keys. Now, Let me teach you one last thing about peplink. They run like a fucking pyramid scheme even when it comes to their support teams. No in-house support, they have the fucking vendors run tier 1 and 2 support and escalate tickets from distributor to supplier, to finally peplink. Why is this useful? Well, Ive never found a peplink router that I couldn't get a buffer overflow on. They utilize a receive buffer, and the way the memory is processed from the buffer and the sd wan aggregate, it makes it nearly impossible for buffer overflow not to occur. So, Any Networks you are unable to gain access, if there is a peplink router involved identify the broadcast type, they are in my airstream rv and working for broadcasting, they do a lot of television events because the receive buffer "Ensures packet integrity" Most of these are low memory devices also... but with that said, A known peplink distributor I know of because of how the support is set up, it is quite easy for anyone to use this in phishing campaigns. They basically have a support queue and there the tickets come and it gets assigned to a random distributor or wholesaler, if the wholesaler at layer2 cannot resolve he escalates to peplink who facilitates all contact through him. This is a very useful tool in phishing because if you find one of 50 distributors, create a problem and then pretend to be their support, They will literally know no different.Further they allow Companies to do universal management of peplink assets through one platform that's poorly coded. why is this important? Well. Lets say you somehow phish their InControl2 password, this will give you access to all the routers in their network, and better you control the firewall rules associate and can dissassociate any IDS, or IPS passwords with them, I have several zero days for the InControl2 as well as peplink routers as a whole, and in combination with Airgain antennas, I have found this to be one of the easiest systems to gain entry to and be able to use the airgain antennas to escalate, due to the insecure firmware associated with airgain antennas, and the massive list of peplink problems. One of my Favorite methods I have used, is to scan the router, then find the associated data port start sending a buffer overflow lock the receive buffer que. This will stop them from receiving signals when its too full in the buffer cache, then if you are able to spoof the communications utilizing anything from a pc to a sdr and mimic the data stream if you can hold that buffer and get the router attached to your stream of data you can then begin to send payloads. The receive buffer exists just to hold packets for integrity purposes, but with a little magic and some spoofing your truly InControl.
Report


Quick Reply
Message
Type your reply to this message here.





Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }