Some IoT Pentesting hints -- keep on update



Procedure 1 :

A. Collect the information about the device
i.data sheets
ii.product features
iii.installation guide and user manual download from the vendor

    website or use google dorks to get the data

B. as per device name and model number or hardware information check for publicly
available exploits -exploit db , or exploit search engines
Useful search engines for the exploits

https://sploitus.com/
https://vulmon.com/
http://www.exploitsearch.com/
https://www.nmmapper.com/searchindex/s/

There are special search engines for IoT which helps us to find the more insecure devices which is publicly available
 i . shodan
 ii. censys
 iii. zoomeye
 iv. onphye

C. Making a detailed list
    i. Write all features list of the device
    ii. Make list publicly available exploits
    iii.Start making your own method to pentest it -

            before that understand device more clearly

D.Common approach for the IoT Pentesting Methodology
     i.Network
     ii.embedded applications
     iii.mobile apps Android and ios
     iv.wireless communications
     v.firmware reversing
     vi.hardware exploitation
     vii.Side channel attacks
     viii. radio communication attacks







V.Firmware Reversing:

1. basic checks for hardcoded credentials and private certificates 
2. services exploits - running services binaries - like (ipv4, telnetd, ssh services , FTPD, encrypted binaries , authentication related binaries , decryption related binary/scripts 
and search for more services and features and config files 
3. check for syslinks will give an idea for the working way or services saving files one folder saving or communication will update here
4. Tools which helps you: 
    1. binwalk - extractor and many more 
    2. FACT tool - static analysis 
    3. Firmware Mod Kit
    4. Fwanalyzer 
    5. Qemu - dynamic analysis
    6. Qiling - for dynamic analysis
    7. FAT - Firmware analysis tool 

Comments

Popular posts from this blog

Dumping the Firmware from the device Using buspirate - SPI

OWASP IoT I9: Firmware analysis part -1

Software Defined Radio