Reconnaissance
Theory
Testing a hardware device over Ethernet helps assess network vulnerabilities, intercept sensitive data, and identify exposed services or misconfigurations. This is especially useful for hardware devices that connect to the network, like IoT devices, routers, and industrial equipment.
Usage
Check open ports with nmap:
A simple Nmap scan can show what services are running on the device:
Example Output:
You can also use appropriate flags like:
-sV
: Version Detection-sC
: Default Script Scan-A
: Aggressive Scan-p-
: Scan All Ports-sU
: UDP Scan--script vuln
: Runs a vulnerability check
Try common credentials like: admin/admin etc. also google default creds!
Webserver available?
Use common tools like
burbsuite
,gobuster
ornikto
to identify hidden content or vulnerabilitiesThere are enough websites who showcase web-pentests, like hacktricks.xzy. Check them out!
You can change configurations?
Explore and experiment, always aiming to enhance access to advanced
Firmware Updates!
This is also a very interesting field, as we get the chance to intercept the firmware
Setup:
Setup Wireshark to intercept all traffic from the target device
Start the firmware update
If the firmware is not encrypted, we can recover it from the Wireshark capture
If the firmware is uploaded via FTP, there could be a race condition, where we can download the firmware before it gets deleted from the FTP share
Try to investigate how the firmware update works, and think of how you can intercept it!
Once captured, we can extract password or sensitive data from it
Resources
Last updated