IOT Projects
IOT
I had the opportunity to hack my first ever IOT device, this device in particular was a GL-MT300N-V2 router, actually a really nice device, small, portable, works, nice features.
However, this device is susceptible to UART (Universal Asynchronous Receiver/Transmission) exploitation.
This means that the pins, usually 4 of them, one for each of the following, are used to connect to for "development" purposes, which for a hacker, means exploit.
- TX (Transmission)
- RX (Receiver)
- GND (Ground
- VCC (Voltage)
Once connected to my Ubuntu OS, I was able to successfully run the device and see the boot information display on my screen, which told me a lot of information, such as OS version, backend architecture and so on.
I had set a password on this originally so I just entered "admin" and that password and got root, however to be sure, I reset the device and followed the above steps, this time with no set password, even better it just gave me root straight away, love that for me.
At this stage, you can do anything you want as you are now root on a Linux machine, such as extract firmware for analysis, obtain password hashes, look at private keys, etc.
What a project, highly recommend to anyone interested in IOT.
Shout out to Matt Brown (Youtube) for the guidance.
Pentesting
My gear