Reconnaissance

Theory

Testing a hardware device over Ethernet helps assess network vulnerabilities, intercept sensitive data, and identify exposed services or misconfigurations. This is especially useful for hardware devices that connect to the network, like IoT devices, routers, and industrial equipment.

Usage

Check open ports with nmap:
1. A simple Nmap scan can show what services are running on the device:
  nmap <device-ip> # often devices have a static ip check manual
  Example Output:
  Starting Nmap 7.93 ( https://nmap.org ) at 2024-10-10 14:23 Nmap scan report for 192.168.1.100 Host is up (0.00045s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https
2. You can also use appropriate flags like:
  1. -sV: Version Detection
  2. -sC: Default Script Scan
  3. -A: Aggressive Scan
  4. -p-: Scan All Ports
  5. -sU: UDP Scan
  6. --script vuln : Runs a vulnerability check
3. Try common credentials like: admin/admin etc. also google default creds!
Webserver available?
1. Use common tools like burbsuite, gobuster or nikto to identify hidden content or vulnerabilities
2. There are enough websites who showcase web-pentests, like hacktricks.xzy. Check them out!
3. You can change configurations?
  1. Explore and experiment, always aiming to enhance access to advanced
Firmware Updates!
1. This is also a very interesting field, as we get the chance to intercept the firmware
2. Setup:
  1. Setup Wireshark to intercept all traffic from the target device
  2. Start the firmware update
  3. If the firmware is not encrypted, we can recover it from the Wireshark capture
3. If the firmware is uploaded via FTP, there could be a race condition, where we can download the firmware before it gets deleted from the FTP share
4. Try to investigate how the firmware update works, and think of how you can intercept it!
5. Once captured, we can extract password or sensitive data from it

Resources

PreviousIntroduction NextProtocols

Last updated 5 months ago

Was this helpful?