Arduino Yun cheat sheet: Difference between revisions

Arduino Yun cheat sheet (view source)

Revision as of 11:39, 22 January 2016

82 bytes removed , 22 January 2016

→‎link

Nxhack

Bots, Bureaucrats, Administrators

7,166

edits

@@ Line 956: / Line 956: @@
 <syntaxhighlight lang="text" enclose="div">
-OpenWRT-Debian-Kernel 3.3.8
+Linux environment
-Programming: Arduino IDE No Debugger - "try-and-error" with Serial.prints()
+・ROOT as default user:
-Lastest release image: 1.5.3 Nov 2014
+　　No local access control.
-AVR architecture Linux environment
+・Vulnerable components (Kali -> Nmap,Nessus):
-ROOT as default user: No local access control.
+　　Dropbeard ssh 2011.54 -> DoS, remote execution...
-Vulnerable components
+　　BusyBox v1.19.4 -> execute arbitrary commands...
-(Kali -> Nmap,Nessus):
+　　Kernel v3.3.8 -> DoS, gain privileges...
-Dropbeard ssh 2011.54 -> DoS, remote execution...
+・Critical paths:
-BusyBox v1.19.4 -> execute arbitrary commands...
+　　/var/hosts -> pharming attack
-Kernel v3.3.8 -> DoS, gain privileges...
+　　/etc/opkg -> fake repository (SSLsniff)
-Critical paths:
+　　/usr/bin/kill-bridge -> DoS, own malicious bridge
-/var/hosts -> pharming attack
+　　/rom/ -> persistence
-/etc/opkg -> fake repository (SSLsniff)
+・No integrity file checks on boot.
-/usr/bin/kill-bridge -> DoS, own malicious bridge
+・No redirection to 443 (https).
-/rom/ -> persistence
+・Remote insecure configuration:
-No integrity file checks
+　　Deauthentication attack to create new free
-on boot.
+　　hotspot, capturing WPA/WPA2 handshakes...
-No redirection
-to 443 (https).
-Remote insecure configuration:
-Deauthentication attack to create new free hotspot, capturing WPA/WPA2 handshakes...
 Arduino environment: