The UDP data looked promising as a way to control the endoscope, so I setĪ WireShark display filter to ip.addr = 192.168.10.123 and udp. It ends up that nmap apparently only scans the top 1000 mostĭirectly with nmap -sU 192.168.10.123 -p 50000, sure enough it picked it up. I was surprised to find the UDP 50000 data, since that hadn’t come up in my I didn’t see any evidence of communication on port 23, so the app was.Once I’d started digging through the captured files, I noted a few things: use capture filters to greatly reduce the amount of data, e.g.enable WireShark’s promiscuous and monitor mode for your network interface.use the app to remove the endoscope’s WiFi network password, making it much.Same thing using WireShark directly, so that’s how I’ll present the However, I’ve since discovered that I can do pretty much the Unfortunately, it’s been a while since I did this and I no longer recall theĮxact commands. scp the tcpdump file and open in WireShark for analysis.run some commands on my phone through the endoscope’s app.connect my phone to the endoscope by way of the router.connect to the router via ssh and run tcpdump.configure the router to rebroadcast the endoscope’s network.install tcpdump using OpenWRT’s package manager.connect the router to a network with internet access.Rebroadcasts networks as one of its core features. This super convenient little router as a MITM, since it runs OpenWRT and I really didn’t understand how the iPhone app was communicating informationīack to the endoscope (maybe via telnet?), so I decided to see if I could use With (GNU) netcat showed a seemingly endless stream of data, suggesting Video stream and configure the endoscope’s settings without using the iPhoneĪpp, to make sure I could still use the endoscope if the app ever stoppedĪs I had noted previously, nmap showed that port 7060 was open, and connecting
Part 2 review: I used a bus pirate to grab theįirmware from my WiFi Endoscope, which revealed theĪfter getting admin access over telnet, I still wanted to be able to view the Part 3: Using WireShark to Decode UDP Protocol
Part 4: Using Netcat to Decode Video Protocol.Part 3: Using WireShark to Decode UDP Protocol.Part 2: Reading Flash to Get Telnet Password.
Part 1: Introduction and Serial Debug Port to Get WiFi.Bottom Line: I got root on a WiFi Endoscope.
0 kommentar(er)
