One Article Review
| Source |  w00tsec |
|---|---|
| Identifiant | 8300167 |
| Date de publication | 2014-07-21 11:49:10 (vue: 2023-01-11 16:56:00) |
| Titre | Hacking Asus RT-AC66U and Preparing for SOHOpelesslyBroken CTF |
| Texte | So it's finally July, time to pack for DEFCON, follow @defconparties on Twitter and decide which villages to visit and which talks to attend.There's a new hacking competition this year called SOHOpelesslyBroken, presented by ISE and EFF. The objective on Track 0 is to demonstrate previously unidentified vulnerabilities in off-the-shelf consumer wireless routers. Track 1 will hold a live CTF for the duration of DEFCON. CTFs are always fun and this contest involves hacking real embedded devices, what makes it even more fun. Yes, that's my workstation =PI'm particularly interested on the EFF Open Wireless Router, but they didn't disclose details about the device yet. According to the event rules, the ASUS RT-AC66U (HW Ver. A2) [Version 3.0.0.4.266] is one of the possible targets. As I had a spare RT-AC66U at home, I decided to write a quick guide for everyone interested in participating in this competition CTF.reconThe first thing to do is to find the firmware and its source code. Hopefully, Asus RT-AC66U is GPL'ed and we can easily find its source online. The version used for the contest is an old one, from 2012. In order to perform a better analysis, we are going to grab the sources and the firmware from v3.0.0.4.266 and v3.0.0.4.376.1123 (the most recent one as of this writing).Asus RT-AC66u v3.0.0.4.266 - FirmwareAsus RT-AC66u v3.0.0.4.266 - Source CodeAsus RT-AC66u v3.0.0.4.376.1123 - FirmwareAsus RT-AC66u v3.0.0.4.376.1123 - Source CodeMany firmware versions were published between these two releases, we can review the changelogs to find security issues:http://www.asus.com/Networking/RTAC66U/HelpDesk_Download According to the rules, we have to identify and exploit a 0-day vulnerability. We can combine different flaws with known issues in order to score points. If the vendor had silently patched an issue and you create an exploit for it, that should be scored as a valid 0-day (I'm not going to start discussing terminologies here).Now that we have the source code, it's time to extract and audi |
| Envoyé | Oui |
| Condensat | /asuswebstorage/prebuilt/asuswebstorage /ated/prebuilt/ated /eapd/linux/prebuilt/eapd /et/prebuilt/et /flash/prebuilt/flash /nas/nas/prebuilt/nas /webdav /wlconf/prebuilt/wlconfthe /wps/prebuilt/wps 10:bf:48 30:85:a9 50:46:5d if right *very* /acsd/prebuilt/acsd /asuswrt/release/src/router/ /sbin/wanduck /smb/ 08:60:6e 1 will 1/x 1123 130+ 168 18017 2011 2012 266 266 30c3 374 376 443 8082 :the =pi @defconparties `reboot` about ac66u ac66u: ac66udear access accessible according acsd activate additional address addresses administrative advisories affect against aicloud aicloud: algorithm all allows also always analysis analyze and and nvram and winmerge on another anyone apk app application application:forensicwhile applications approaches araxis are article asp aspect asus asuscomm asusgate attach attached attend audit auditing audits authentication available avoid awarded backdoor backdoored bad base based basic because been being believe better between beyond binaries binaries: binary binds binwalk binwally bits blobs bonuswhy boot bootloader breakpoint broadcom broke brute bug but bypassed bypasses c:we called can case caveat changelogs check chiptune choice client client/prebuilt/webdav code codeasus codemany code|wps coffee com com/networking/rtac66u/helpdesk combine command command: nvram command:another commands compare comparing comparison:enter competition compile components compressed conclusion configuration configurations connect consumer content contest contest:rewrite cool corresponding could crawler create creating fully credential cross crypto cryptothe csrf ctf ctf and ctfs currently cutlip daemon damn data day days ddns ddns: debugger debugging decide decided deducted default defcon defcon/bsideslv/blackhat defined demonstrate details developed device devices didn diff differences different directories:most directory disclose disclosed disclosure discussing display displays dlna dns does don downloadaccording drivers drops dst dual due dumping duplicates duration during dynamic easily easy edian:it eff either embedded ending engineering entire entropy even event every everyone evident example exceptions exercise exploit exploited exploits extensive list extra extract fact failsafe fast feel few field file files files/paths filesystem filesystems finally find firmware firmwareasus firmwares first flash flaw flaws fmk:you focus folders follow following for force forensics forget free from from fast ftp full fun function functional future fuzzy gamethere gather gdb gdbserver generate generated generates get get function going good gpl grab grep guide guide from guys hackerfantastic hacking had handler hardest hardware has hashing have here holcomb:the hold home hopefully host hostname hostnames how http http://192 httpd https ico ida idea and ideas:slides identify important include including indicate information initial injection injectiontaking inspect install intercepting interested interesting interface internet involves iot ise issue issues issues:http://www issuing it: itbrick its jacob july keygen keys kind known last layouts lazy learn least led let lets lfi lighttpd like links linux list lists little live localhost:12345 look lots luke lzma mac main make makes many map may mechanism meld:there memory merge microhttpd might mime mips mipsrl misc mobile modify monitor more most mount mtd mtd1 mubix multi multiple n56u n66u named navigate need net network network:we new newcomers newer nfs nice not noticed now nvram objective off offers old on shodan:aicloud on track one online only open openwrt operations option options or meld order osvdbpoints ouis out over owasp own pack packages page parameters part participate participating particularly partition partitionbackdoor partitions:the password patched path payload perform pid pin ping platforms pmon points pong port ports possible post posts potential potentially pouet prebuilt preparing pre |
| Tags | Tool |
| Stories | |
| Notes | ★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.