Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

First, the developers attempted to do Basic HTTP Authentication on the website. However, because of a default password & the lack of HTTPs, this made the authentication not the most useful.

The author reversed the update mechanism of the device. It appears to take a connection on some port (over authenticated HTTP) and update the device. With some fiddling, anybody on the local network can update the device! Although this is 'RCE', what can we actually do post exploitation?

Edit the file /mnt/mtd/etc/start.sh with the firmware update in order to change the flow of execution.

In terms of reversing, the article goes into using networking tools and basic disassembly. The process for reversing and getting these mechanisms to work can be tedious and difficult. But, at the end of the day, this is where the real fruit is at! There is nothing truly new in this article but the reversing methodology is interesting.