https://youtu.be/rRJKpTxiB20

My story begins at my day job, the company had some new equipment installed and so I received some training on it. The final part of the familiarization was what to do if you can fix it, at this point the instructor pointed out an eWON router:

“IT has said we can’t have it switched on all the time but if you get a failure we can dial in and check the systems remotely” I was immediately interested in this device, I could see it could log multiple devices, full I/O, Flash and full routing. It’s a remote fault finders dream! We weren’t given access to the device but I was extremely interested in its capabilities so like any skeleton worth his bone meal I headed to Shodan. Shodan is like a search engine but instead of pages, it looks for devices on the net.

A quick search later I found almost 4,000 devices, after accessing one of the many I found it to be password protected a few minutes later after finding the instruction manual I had the default user and pass and no surprise I was in.

The first thing I noticed was that I was the highest level user I could do just about anything to this device and like I had seen it had full I/O control over something complicated. None of that really concerned me I was only here for research of the device. Another thing that drew my attention was the file type:

 xxx.xxx.xxx.xxx/Ast/MainAst.shtm

I’d never seen .shtm before and thought it might be something I look at later.

After this, I narrowed my search to my home country thinking that I’d like to be sure nothing else belonging to my work had anything like this that had been left with default creds. 140 devices in the UK, I had a quick look at one of them, default creds again and found myself on a very different page:

At first glance I thought must be one of those domestic turbines. It’s a read-only page so perhaps I can forgive the default creds and a login box at the top that I thought would lead to the config pages but actually I found makes the slew rate and other settings changeable on this page. So is this a custom eWON designed just for this? No, The eWON has FTP and if you upload pages you can serve them on its inbuilt webserver as the default. So if you’re stuck on this page xxx.xxx.xxx.xxx/usr/xxxxx/index.shtm how could you then configure the device? The answer is by browsing the original page mentioned earlier. This would have been difficult to enumerate but I already knew this was the default, so I have full control.

Ok, that’s pretty cool I thought. I don’t even need to log in the read-only page because I could edit the I/O here. That’s about when I noticed the power output, at a glance had thought domestic kW but was in fact MW! I know electricity and that’s a lot of it! Glancing back at Shodan the organization the IP is registered too is actually a well-known energy provider, and they have at least 5 other sites with the same setup!

The scale of this was starting to hit home, I quickly checked the output of the other turbines, a total of 253MW across 5 sites and the final one was showing site number 113!?! I’ve never dealt in MW so I thought maybe it’s not as bad as I thought? Perhaps I’m over exaggerating this. Maths! Maths will save me from a panic attack!

Nope. I calculated with these 5 sites I had control of enough power for 6.5% of the homes in my country. 5 sites with a possibility of at least another 108? Thankfully, its a drop in the ocean if I include industrial usage but still a major concern. I’ve even worked out scenarios where you could do harm to the turbines probably disabling them.

Amazed at what I’ve found, I try to find security contacts at the company’s involved… Nothing. I send emails to customer support… Nothing! A day or so later the country has a massive power cut due to “unforeseen circumstances” I’m going to prison, aren’t I? As a last resort, I contacted the NCSC, pretty sure this isn’t what they are for but it’s national infrastructure and I want to go on record. Guess there is still a chance I could get taken in for this.

More details emerged about the “Unforeseen circumstances” and what I’d found was not involved, thankfully. All that panic was for nothing, but it really hit home the scale of what I’d found. The NCSC was extremely helpful, once again I’m sure this isn’t what they are here for but they did deal with it and even increased my Hackerone rep for the tip-off. 

At least 12 months have passed and to be honest, I had distanced myself from this incase something happened. Today I have checked all the addresses and can report that the message got through, all the sites are now properly password protected! Allowing me to finally talk about this out loud. 

https://youtu.be/6d3kapG6EvU

Maono AU-PM422 USB Microphone is another video on a USB condenser microphone but this one is packed to the brim with features. For starters, as I’ve said in previous video’s I prefer a mic that comes with a boom arm, this is handy for me as I like to keep the mic out of frame when I’m recording and it gives me a lot of flexibility to do so. Build quality is good very similar to the Tonor BM-700 with a slightly stronger desk mount.

The sound goes without say is very good as you can hear from the video but the real magic is located at the front of the mic where you find a mute button, gain nob and headphones input.

The mute button is touch with a red/green LED to show when you are live/muted this is a really handy feature for anyone who does live-streaming and though I had expected it too you don’t hear a big thud when you touch the button because it’s not tactile.

The Mic gain I thought at first I wouldn’t use because it can be adjusted on my PC so I didn’t see the need until I started to use the headphones and then it made sense. It’s not only adjusting the PC input it’s adjusting the gain sent to the headphones so it is very important in fact.

My favourite part that I had not realised when I ordered this microphone is the way the headphones work, I assumed it was just a Microphone monitor which in itself is a handy feature, but in fact, because this microphone has basically got a sound card built in your PC can use it as such… I’ll explain, so you can make your PC choose the microphone not only as input but output too, allowing us to hear ourselves on the mic and whatever noises on the desktop so if for instance you were gaming you could hear that as well and these volumes can be adjusted in you PC settings as you normally would!

Overall extremely impressed by the Maono AU-PM422 USB Microphone and how now become my new default microphone so hopefully, you’ve subscribed to our Youtube channel so you’ll be hearing a lot more from it!

https://youtu.be/hvBsmye-eZY

I bought these Sparrows Euro Drivers Cam Turners a few months back and honestly, wasn’t expecting them to work on most locks but was pleasantly surprised. Where I work a lot of the locked doors are also fire exits so they tend to have thumb turns on a lot of the doors and for me, 90% of them are vulnerable to this little tool.

Generally, the ones that I’ve failed to use this tool on are a very high grade and tend to have anti-drill and snap features too so its to be expected at that level I’d like to think. That said all of the locks in the video are 6 pins with security pins inside so it’s not like they are low grade.

It did take me a few attempts to get the hang of this tool, as I show in the video placement of the tool and adding a bit of downward tension whilst turning is key to getting it to work. Once you get the hang of it it’s extremely quick and easy to use!

https://youtu.be/uhJF0XmVhME

We’ve created a lot of videos on installing OpenWrt and never really touched the subject of what to do after. OpenWrt can be a bit of a beast when you first get to grips with it because it’s so “Open” (Excuse the pun!) it has so many setting it can seem very overwhelming so we wanted to start to tackle some of the first steps to make it a bit easier for newcomers.

Before I start the video is assuming you have Luci installed which is the name for the OpenWrt’s web interface. If you haven’t when you go to 192.168.1.1 you won’t you will get an error. To fix this use these commands on any OS:

ssh [email protected]

(When asked type yes)

opkg update

opkg install luci

reboot

After that, you should be able to log in, also as I mentioned in the video you may need to clear your cache if you have problems logging in.

We hope to make this into a bit of a series to try to cover all the basics of setting up your OpenWrt router so if you have suggestions of things you want us to cover in the next videos leave us a comment and we will try to make for you!