Hacking Cryptocurrency Miners with OSINT Techniques by Seyfullah KILIÇ

Jan 18, 2019

NOTE: All the methods I have explained are at your own risk

Open Source Intelligence(OSINT) is one of the first techniques to gather information before the attack. There have been many hacking cases using OSINT in the past. Along with the developing IoT devices, we can collect lots of critical data on the public web. We will be gathering critical data for Cryptocurrency Miners (Bitcoin[Antminer] and Ethereum[Claymore]) in this article.

Many Cryptocurrency miners tools and software need the internet connection to send/receive data. So that, they have some vulnerability for attackers.

Reconnaissance the Antminer!

The best bitcoin ASIC miner is Antminer S9/S7. The miner’s hardware use “lighttpd/1.4.32” web server and some of these have open SSH Port. There is an exploit for “Lighttpd 1.4.31” version. However, you can not access the server with this exploit.

The webpage on the web server is protected by “Digest HTTP Authentication”. The critical point is that miners need username and password to log in.

antMiner configuration page....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023