Leaked line

The line was leaked but not my own DNS. It was the provider DNS that was posted but my username and password. So im lost how thats happened.
 
surely it would be providers dns as yours wouldn't work with line
 
Simple username and password? Could well be brute force against the server if so.
As for DNS I'm presuming yours and providers point to the same IP then?
 
or perhaps the server admin posted it himself (after banning it) as a way to blame you and get you to pay him more money for a replacement line?
 
The xtreme codes servers were hacked a while back - these servers running the software to provide the streams were compromised. Wouldn't surprise me if its a similar occurrence strange why its just one line though, what are you running it on?
 
Dragging this back up. Found a E2 box been hacked that was running with Suls plugin.

Line was posted online with that box's DNS. No ports were open. Anyone any idea how they would have got it in or sniffing the traffic?

I dont know enough of how Suls works to understand.

Anyone on here in the know?
 
Dragging this back up. Found a E2 box been hacked that was running with Suls plugin.

Line was posted online with that box's DNS. No ports were open. Anyone any idea how they would have got it in or sniffing the traffic?

I dont know enough of how Suls works to understand.

Anyone on here in the know?

They could of gotten access to another device on your network and used it as a jump box to the E2.

How do you know the E2 box was hacked?

are you running a NIDS or HIDS on your network and devices? Most of the traffic coming from E2 is unencrypted so they dont need access to your network to sniff the packets just a HOP on the way.

They could also get access to it if you install a plugin or some script that creates a connection back to a C&C or similar, they can use that connection to control your box without you having a port open.
 
If the provider has a stalker portal, you can brute the MACs (and then find the user/pass)
You can brute the reseller portal - to create new accounts and see account details
Or you can brute the reseller or the provider to find active accounts (and banned and expired ones lol)
The same methods work for any user/pass websites at the moment so it's best not to use shit user/pass combos or reuse old ones incase they're on a list somewhere and get copy pasta'd into my their :) combo lists for the bruteforce tools.
Lots of ways tbh m8
 
brute force can open a lot does take time though
 
be good to know how this is done so I can prevent it.

Brute is done using software Hippie describes it above, common use software for this is Sentry (old now), Letsbruteit and Snipr (new kid on the block).
 
Yep sentry, snipr, hitman, storm, letsbrutit... are all configurable brute forcers, then there's loads of scanners and checkers dedicated to individual sites or particular services like vpn or iptelly services too like panel taram, IPTV scanner, playlist scanner, panel ariyici ... there's loads of them.
You can set them up with proxy lists (or not) and lists of user:pass combos to cycle through and monitor the responses from millions of login attempts automatically so as I say ^^ don't reuse passwords that may already have been leaked and therefore on my a list already or any lazy generic shite like jon:jon, jon:jon1, jon:jon123, jon:123456 ..... cos they're on my oops I mean a list somewhere too :)
 
Yep sentry, snipr, hitman, storm, letsbrutit... are all configurable brute forcers, then there's loads of scanners and checkers dedicated to individual sites or particular services like vpn or iptelly services too like panel taram, IPTV scanner, playlist scanner, panel ariyici ... there's loads of them.
You can set them up with proxy lists (or not) and lists of user:pass combos to cycle through and monitor the responses from millions of login attempts automatically so as I say ^^ don't reuse passwords that may already have been leaked and therefore on my a list already or any lazy generic shite like jon:jon, jon:jon1, jon:jon123, jon:123456 ..... cos they're on my oops I mean a list somewhere too :)
Quality mate, thanks for the heads up ;)
 
Back
Top