7,166
edits
(→link) |
(→link) |
||
Line 956: | Line 956: | ||
<syntaxhighlight lang="text" enclose="div"> | <syntaxhighlight lang="text" enclose="div"> | ||
Linux environment | |||
・ROOT as default user: | |||
No local access control. | |||
・Vulnerable components (Kali -> Nmap,Nessus): | |||
Dropbeard ssh 2011.54 -> DoS, remote execution... | |||
BusyBox v1.19.4 -> execute arbitrary commands... | |||
(Kali -> Nmap,Nessus): | Kernel v3.3.8 -> DoS, gain privileges... | ||
・Critical paths: | |||
/var/hosts -> pharming attack | |||
/etc/opkg -> fake repository (SSLsniff) | |||
/usr/bin/kill-bridge -> DoS, own malicious bridge | |||
/var/hosts -> pharming attack | /rom/ -> persistence | ||
/etc/opkg -> fake repository (SSLsniff) | ・No integrity file checks on boot. | ||
/usr/bin/kill-bridge -> DoS, own malicious bridge | ・No redirection to 443 (https). | ||
/rom/ -> persistence | ・Remote insecure configuration: | ||
Deauthentication attack to create new free | |||
on boot. | hotspot, capturing WPA/WPA2 handshakes... | ||
to 443 (https). | |||
Arduino environment: | Arduino environment: |