Televizyonun kök dizinine erişmek?

Feqtico

İstihbarat Tim Asistanı
24 Haz 2020
608
92
nmap -sV parametresi ile versiyon taraması yapıp versiyonların açıklarına uygun exploitleri kullanabilirsin
 

emr3q

Anka Red Team Editör Asistanı
29 Tem 2017
149
18
güzel bir konuya değindim ama o kadar basit değil.
televizyon internete açık anlaşılan. bir yerlerde yazılımda RCE gibi zafiyetler bulmalısın.
Bildiğim kadarıyla bu da ileri seviye reverse eng. isteyen bir konu olacak çünkü akıllı televizyonun yazılımını çekip oradan vuln. research yapman lazım.
 

[email protected]

Yeni üye
19 Haz 2021
29
3
21
Kod:
Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-19 17:58 Türkiye Standart Saati

NSE: Loaded 153 scripts for scanning.

NSE: Script Pre-scanning.

Initiating NSE at 17:58

Completed NSE at 17:58, 0.00s elapsed

Initiating NSE at 17:58

Completed NSE at 17:58, 0.00s elapsed

Initiating NSE at 17:58

Completed NSE at 17:58, 0.00s elapsed

Initiating ARP Ping Scan at 17:58

Scanning 192.168.1.42 [1 port]

Failed to resolve "nmap".

Completed ARP Ping Scan at 17:58, 0.06s elapsed (1 total hosts)

Initiating SYN Stealth Scan at 17:58

Scanning 192.168.1.42 [65535 ports]

Discovered open port 443/tcp on 192.168.1.42

Discovered open port 8080/tcp on 192.168.1.42

Discovered open port 8085/tcp on 192.168.1.42

Discovered open port 50944/tcp on 192.168.1.42

Completed SYN Stealth Scan at 17:58, 19.84s elapsed (65535 total ports)

Initiating Service scan at 17:58

Scanning 4 services on 192.168.1.42

Completed Service scan at 18:01, 169.19s elapsed (4 services on 1 host)

NSE: Script scanning 192.168.1.42.

Initiating NSE at 18:01

Completed NSE at 18:02, 78.34s elapsed

Initiating NSE at 18:02

Completed NSE at 18:02, 1.42s elapsed

Initiating NSE at 18:02

Completed NSE at 18:02, 0.00s elapsed

Nmap scan report for 192.168.1.42

Host is up (0.00026s latency).

Not shown: 65531 closed ports

PORT      STATE SERVICE     VERSION

443/tcp   open  ssl/http    Mongoose httpd 3.7

| http-methods:

|   Supported Methods: GET POST HEAD CONNECT PUT DELETE OPTIONS

|_  Potentially risky methods: CONNECT PUT DELETE

|_http-svn-info: ERROR: Script execution failed (use -d to debug)

|_http-title: WebSocket Test

| http-webdav-scan:

|   WebDAV type: Unknown

|_  Allowed Methods: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS

| ssl-cert: Subject: commonName=192.168.252.250/organizationName=Arcelik AS/stateOrProvinceName=Istanbul/countryName=TR

| Issuer: commonName=192.168.252.250/organizationName=Arcelik AS/stateOrProvinceName=Istanbul/countryName=TR

| Public Key type: rsa

| Public Key bits: 2048

| Signature Algorithm: sha256WithRSAEncryption

| Not valid before: 2015-05-07T11:45:07

| Not valid after:  2016-05-06T11:45:07

| MD5:   7b1f 9cd4 6bab 7caf 9867 4b39 2627 3c1a

|_SHA-1: 3532 9827 d596 359a 9326 7bdd 49af 9fdf d78f 1c58

|_ssl-date: ERROR: Script execution failed (use -d to debug)

| sslv2:

|   SSLv2 supported

|_  ciphers: none

8080/tcp  open  http-proxy?

| fingerprint-strings:

|   DNSStatusRequestTCP, LANDesk-RC, LDAPBindReq, Socks4:

|     okokokok

|   DNSVersionBindReqTCP:

|     okokokokokokokok

|   FourOhFourRequest:

|     okokokokokokokokokokokokokok

|   GetRequest, afp:

|     okokokokok

|   HTTPOptions, NCP, RTSPRequest:

|     okokokokokok

|   Help, JavaRMI:

|     okok

|   Kerberos:

|     okokokokokokokokokokokokokokokokokokokokokokokokokokokokokok

|   LDAPSearchReq, ms-sql-s:

|     okokokokokokokokokokokokok

|   LPDString, TerminalServer, X11Probe:

|     okokok

|   NotesRPC:

|     okokokokokokokokokokokokokokok

|   RPCCheck, Socks5, TerminalServerCookie:

|     okokokokokokokokokokok

|   SIPOptions:

|     okokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokok

|   SMBProgNeg:

|     okokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokok

|   SSLSessionReq:

|     okokokokokokokokokokokokokokokokokokokokokok

|   TLSSessionReq:

|     okokokokokokokokokokokokokokokokokokokokokokokokokokokok

|   WMSRequest:

|     okokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokok

|   giop:

|     okokokokokokokokokokokok

|   oracle-tns:

|_    okokokokokokokokokokokokokokokokokokokokokokok

8085/tcp  open  http        Mongoose httpd 3.7

| http-methods:

|   Supported Methods: GET POST HEAD CONNECT PUT DELETE OPTIONS

|_  Potentially risky methods: CONNECT PUT DELETE

|_http-svn-info: ERROR: Script execution failed (use -d to debug)

|_http-title: WebSocket Test

| http-webdav-scan:

|   WebDAV type: Unknown

|_  Allowed Methods: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS

50944/tcp open  upnp

| fingerprint-strings:

|   FourOhFourRequest:

|     HTTP/1.1 404 File Not Found

|     EXT:

|     CONTENT-TYPE: text/xml; charset="utf-8"

|     DATE: Thu, 01 Jan 1970 00:32:56 GMT

|     PRAGMA: no-cache

|     SERVER: AwoX/1.1 UPnP/1.0

|     CONTENT-LENGTH: 0

|   GenericLines, HTTPOptions, RTSPRequest:

|     HTTP/1.1 400 Bad Request

|     EXT:

|     CONTENT-TYPE: text/xml; charset="utf-8"

|     DATE: Thu, 01 Jan 1970 00:32:46 GMT

|     PRAGMA: no-cache

|     SERVER: AwoX/1.1 UPnP/1.0

|     CONTENT-LENGTH: 0

|     CONNECTION: close

|   GetRequest:

|     HTTP/1.1 404 File Not Found

|     EXT:

|     CONTENT-TYPE: text/xml; charset="utf-8"

|     DATE: Thu, 01 Jan 1970 00:32:46 GMT

|     PRAGMA: no-cache

|     SERVER: AwoX/1.1 UPnP/1.0

|     CONTENT-LENGTH: 0

|   SIPOptions:

|     HTTP/1.1 400 Bad Request

|     EXT:

|     CONTENT-TYPE: text/xml; charset="utf-8"

|     DATE: Thu, 01 Jan 1970 00:32:56 GMT

|     PRAGMA: no-cache

|     SERVER: AwoX/1.1 UPnP/1.0

|     CONTENT-LENGTH: 0

|_    CONNECTION: close

2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port8080-TCP:V=7.91%I=7%D=6/19%Time=60CE0627%P=i686-pc-windows-windows%

SF:r(GetRequest,A,"okokokokok")%r(HTTPOptions,C,"okokokokokok")%r(RTSPRequ

SF:est,C,"okokokokokok")%r(FourOhFourRequest,1C,"okokokokokokokokokokokoko

SF:kok")%r(Socks5,16,"okokokokokokokokokokok")%r(Socks4,8,"okokokok")%r(Ge

SF:nericLines,2,"ok")%r(RPCCheck,16,"okokokokokokokokokokok")%r(DNSVersion

SF:BindReqTCP,10,"okokokokokokokok")%r(DNSStatusRequestTCP,8,"okokokok")%r

SF:(Help,4,"okok")%r(SSLSessionReq,2C,"okokokokokokokokokokokokokokokokoko

SF:kokokokok")%r(TerminalServerCookie,16,"okokokokokokokokokokok")%r(TLSSe

SF:ssionReq,38,"okokokokokokokokokokokokokokokokokokokokokokokokokokokok")

SF:%r(Kerberos,3C,"okokokokokokokokokokokokokokokokokokokokokokokokokokoko

SF:kokok")%r(SMBProgNeg,54,"okokokokokokokokokokokokokokokokokokokokokokok

SF:okokokokokokokokokokokokokokokokokokok")%r(X11Probe,6,"okokok")%r(LPDSt

SF:ring,6,"okokok")%r(LDAPSearchReq,1A,"okokokokokokokokokokokokok")%r(LDA

SF:PBindReq,8,"okokokok")%r(SIPOptions,70,"okokokokokokokokokokokokokokoko

SF:kokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokok

SF:okokokokok")%r(LANDesk-RC,8,"okokokok")%r(TerminalServer,6,"okokok")%r(

SF:NCP,C,"okokokokokok")%r(NotesRPC,1E,"okokokokokokokokokokokokokokok")%r

SF:(JavaRMI,4,"okok")%r(WMSRequest,58,"okokokokokokokokokokokokokokokokoko

SF:kokokokokokokokokokokokokokokokokokokokokokokokokokok")%r(oracle-tns,2E

SF:,"okokokokokokokokokokokokokokokokokokokokokokok")%r(ms-sql-s,1A,"okoko

SF:kokokokokokokokokokok")%r(afp,A,"okokokokok")%r(giop,18,"okokokokokokok

SF:okokokokok");

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port50944-TCP:V=7.91%I=7%D=6/19%Time=60CE0620%P=i686-pc-windows-windows

SF:%r(GenericLines,C4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nEXT:\x20\r\nC

SF:ONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20Thu,\x2001\x

SF:20Jan\x201970\x2000:32:46\x20GMT\r\nPRAGMA:\x20no-cache\r\nSERVER:\x20A

SF:woX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\nCONNECTION:\x20close\r

SF:\n\r\n")%r(GetRequest,B4,"HTTP/1\.1\x20404\x20File\x20Not\x20Found\r\nE

SF:XT:\x20\r\nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20

SF:Thu,\x2001\x20Jan\x201970\x2000:32:46\x20GMT\r\nPRAGMA:\x20no-cache\r\n

SF:SERVER:\x20AwoX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\n\r\n")%r(H

SF:TTPOptions,C4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nEXT:\x20\r\nCONTEN

SF:T-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20Thu,\x2001\x20Jan

SF:\x201970\x2000:32:46\x20GMT\r\nPRAGMA:\x20no-cache\r\nSERVER:\x20AwoX/1

SF:\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\nCONNECTION:\x20close\r\n\r\

SF:n")%r(RTSPRequest,C4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nEXT:\x20\r\

SF:nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20Thu,\x2001

SF:\x20Jan\x201970\x2000:32:46\x20GMT\r\nPRAGMA:\x20no-cache\r\nSERVER:\x2

SF:0AwoX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\nCONNECTION:\x20close

SF:\r\n\r\n")%r(FourOhFourRequest,B4,"HTTP/1\.1\x20404\x20File\x20Not\x20F

SF:ound\r\nEXT:\x20\r\nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\n

SF:DATE:\x20Thu,\x2001\x20Jan\x201970\x2000:32:56\x20GMT\r\nPRAGMA:\x20no-

SF:cache\r\nSERVER:\x20AwoX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\n\

SF:r\n")%r(SIPOptions,C4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nEXT:\x20\r

SF:\nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20Thu,\x200

SF:1\x20Jan\x201970\x2000:32:56\x20GMT\r\nPRAGMA:\x20no-cache\r\nSERVER:\x

SF:20AwoX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\nCONNECTION:\x20clos

SF:e\r\n\r\n");

MAC Address: 60:02:B4:70:26:5E (Wistron Neweb)



Host script results:

|_clock-skew: -18797d14h25m53s



NSE: Script Post-scanning.

Initiating NSE at 18:02

Completed NSE at 18:02, 0.00s elapsed

Initiating NSE at 18:02

Completed NSE at 18:02, 0.00s elapsed

Initiating NSE at 18:02

Completed NSE at 18:02, 0.00s elapsed

Read data files from: C:\Program Files (x86)\Nmap

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 274.65 seconds

           Raw packets sent: 65536 (2.884MB) | Rcvd: 65542 (2.622MB)
 

[email protected]

Yeni üye
19 Haz 2021
29
3
21
güzel bir konuya değindim ama o kadar basit değil.
televizyon internete açık anlaşılan. bir yerlerde yazılımda RCE gibi zafiyetler bulmalısın.
Bildiğim kadarıyla bu da ileri seviye reverse eng. isteyen bir konu olacak çünkü akıllı televizyonun yazılımını çekip oradan vuln. research yapman lazım.
nmap -sV parametresi ile versiyon taraması yapıp versiyonların açıklarına uygun exploitleri kullanabilirsin
 

[email protected]

Yeni üye
19 Haz 2021
29
3
21

[email protected]

Yeni üye
19 Haz 2021
29
3
21
Şimdi bu portlardan biri yazılım güncellemesi için arçelik.com la bağlantı kuruyor Biri telefonla onu kumanda etmemizi sağlıyor(web arayüzüyle) biri dlna fotoğraf vs paylaşmak için
 

THT SON MESAJLAR

Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.