Granted this isn't something I always do and I really didn't do any harm I was just bored and saw how deep I could go.
Logged on to Guest Wifi at a local dealership waiting for vehicle
Used it for a bit and then decided to see if they did the standard practice of using the default UN & PW. Yup just a standard consumer Netgear Router, nothing special. Logged in using admin/password.
I see the fixed IP setup for the wan side, interesting it uses local 192.x.x.x for AD/DNS. It also has a 10.x.x.x as the gateway. Believing that is core router I went deeper. Port scanned found it had SSH open. I think it isn't a local ISP but something else that maybe dealers use. Something about ADP dealer network.
Used an SSH app on my phone and boom I get the prompt for level_15_access...
I tried once think there is no way it used a standard password, got a stern warning about you are unauthorized and now the connection is being monitored...blah blah blah FBI. Well that made me feel a little better but seriously I should never have made it that far.
No wonder the major hacks that have occurred did. It's not like this dealership has sensitive data like SS#/Addrs/DL#...etc
Logged on to Guest Wifi at a local dealership waiting for vehicle
Used it for a bit and then decided to see if they did the standard practice of using the default UN & PW. Yup just a standard consumer Netgear Router, nothing special. Logged in using admin/password.
I see the fixed IP setup for the wan side, interesting it uses local 192.x.x.x for AD/DNS. It also has a 10.x.x.x as the gateway. Believing that is core router I went deeper. Port scanned found it had SSH open. I think it isn't a local ISP but something else that maybe dealers use. Something about ADP dealer network.
Used an SSH app on my phone and boom I get the prompt for level_15_access...
I tried once think there is no way it used a standard password, got a stern warning about you are unauthorized and now the connection is being monitored...blah blah blah FBI. Well that made me feel a little better but seriously I should never have made it that far.
No wonder the major hacks that have occurred did. It's not like this dealership has sensitive data like SS#/Addrs/DL#...etc
Last edited: