View
5.391
Download
1
Category
Tags:
Preview:
Citation preview
Device inspection To remote root
Uncovering the sekritz of proprietary software on a fixed wireless terminal and weap0nizing them into a remote exploit
Where What Who
Ruxmon Melbourne Device Inspection to remote root
Tim Noise
tIM NOISE
• twitter/dnoiz1 • github/dnoiz1 • mIRC/dnz • streetz/notorious D N Z • tim@drkns.net
Internet subscriber and pirate impersonator
Fixed Wireless Terminals
• Linux Based • System on Chip • Provide PoTS and ADSL • 3G/LTE Backhaul • Battery and Solar • Remote Managed • Deployed in Clusters
For people without copper or fiber
External Connectors
• Ether over USB
(DHCP) • Aerial socket • SIM Card slot • 2 RJ11 ports for
ADSL CPE and PoTS
Things we can probe
External Connectors
• SIM Card slot • 2 Management Ethernet Ports (NO DHCP)
• 2 RJ11 power management ports
Things we can probe
Gaining ROOTalways want that uid 0 - the usual tricks
• Removable root Media • hashcat / jtr
• kernel paramaters • init=/bin/sh • single user mode
• Lucky for us, the root password is
printed on the PCB (not even joking)
One Step FURTHER
• Connect back payloads • Dial 1900 numbers for profit • UDP broadcast the attack • Intercept data and telephony • Insta-botnet / onion network • Other bad things
For internet bad men
Recommended