Mr.Be1ieVe's Treasure

路虽远行则将至，事虽难做则必成

iot信息整理

前言持续更新，欢迎贡献！目前私信QQ，麻烦了！总览必看-IOT 安全实战资料收集整合优先看-IOT 安全实战资料收集整合#总结性资料 IoT Pentesting 101 && IoT Security

Posted by Mr.Be1ieVe on Wednesday, December 30, 2020

HackTheBox Starting Point Oopsie .28

扫描结果 Starting Nmap 7.80 ( https://nmap.org ) at 2020-12-03 06:15 EST Nmap scan report for 10.10.10.28 Host is up (0.49s latency). PORT STATE SERVICE VERSION 21/tcp closed ftp 23/tcp closed telnet 53/tcp closed domain 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: Welcome 110/tcp closed pop3 111/tcp closed rpcbind 113/tcp closed ident 135/tcp closed msrpc 139/tcp closed netbios-ssn 143/tcp closed imap 256/tcp closed fw1-secureremote

Posted by Mr.Be1ieVe on Friday, December 4, 2020

IoTGoat

No 1: Weak, Guessable, or Hardcoded Passwords: $ find . -name cgi-bin ./www/cgi-bin 查找，firmwalker It will search through the extracted or mounted firmware file system for things of interest such as: etc/shadow and etc/passwd list out the etc/ssl directory search for SSL related files such as .pem, .crt, etc. search for configuration files look for script files search

Posted by Mr.Be1ieVe on Tuesday, November 3, 2020

Netgear Nighthawk R8300 upnpd PreAuth RCE 复现辅助

小声：因为nvram那里我实在搞不定了，如果有愿意帮忙的师傅欢迎联系！环境固件下载地址 md5sum c3eb8f8c004d466796a05b4c60503162 R8300-V1.0.2.130_1.0.99.zip binwalk binwalk R8300-V1.0.2.130_1.0.99.chk DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 58 0x3A TRX firmware header, little endian, image size: 32653312 bytes, CRC32: 0x5CEAB739, flags: 0x0, version: 1,

Posted by Mr.Be1ieVe on Monday, October 19, 2020

PCTF2016_Confused_ARM_调试记录

前言结合书《CTF特训营》IoT篇看最佳 0x01 静态分析指定处理器类型为ARM little-endian，不然正常打开之后先看看DCD部分 DCD：

Posted by Mr.Be1ieVe on Friday, October 9, 2020

安全运营，兼任应用安全、基础安全。

FEATURED TAGS

awd buu ctf hackthebox linux使用 xray 专业学习基础知识学习笔记