Difference between revisions of "Connected Data Transporter​"

From Exploitee.rs
Jump to navigationJump to search
m (1 revision: Moving from DC22 to main site.)
m (Text replacement - "gtvcom-20" to "exploiteers-20")
 
(One intermediate revision by one other user not shown)
Line 7: Line 7:
== Purchase ==
== Purchase ==
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device.
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device.
[http://www.amazon.com/gp/product/B00BFNJ2NW/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00BFNJ2NW&linkCode=as2&tag=gtvcom-20&linkId=AV4CIQNNZBF5VRMB Purchase the File Transporter at Amazon]
[http://www.amazon.com/gp/product/B00BFNJ2NW/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00BFNJ2NW&linkCode=as2&tag=exploiteers-20&linkId=AV4CIQNNZBF5VRMB Purchase the File Transporter at Amazon]


== Disassembly ==
== Disassembly ==
Line 34: Line 34:
passwd root
passwd root
</pre>
</pre>
== Demo ==
{{#ev:youtube|i1PavLCGH3s}}

Latest revision as of 01:22, 7 February 2016

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

ConnectedDataFileTransporter.jpg

This page will be dedicated to a general overview, descriptions, and information related to the Connected Data File Transporter.

Purchase

Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the File Transporter at Amazon

Disassembly

UART

Below is the UART pinout for the trasnporter.

  • The serial settings are: 38400 8n1

Exploitation

This device ships with an open U-boot installation meaning that with a UART adapter hooked up we have access to modify the default boot parameters. This opens the device to an technique called "Kernel Init Hijacking". This technique involves modifying the "init" boot argument which when passed to the kernel specifies which script will handle the boot-up process after the kernel is loaded. By defining this variable as "/bin/sh" we tell the kernel after booting to drop to a shell over UART. This allows us temporary root access to the file system.

Gaining Persistent Root Access To gain persistent root access after hooking up your UART adapter and "hijacking kernel init". Perform the following commands to change the root password.

mount /proc
passwd root

Demo