Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Yes, trying to hack a remote control

from [gjgowey] Network Security [Permanent Link]
Subject: Re: Yes, trying to hack a remote control
Date: Thu, 8 Feb 2007 20:07:42 +0000 
I've done some embedded programing in the past and I can guess that the ftp 
server is for firmware updates.  However, when I worked with a digi Connectme 
the way I had the ftp server setup you only could upload files not read or 
download anything.  The firmware would flash after the upload completed.  That 
said you might not get anything out of the remote even if you do crack the 
password for the ftp portion.  It might be different in your case though.  I 
just don't know.

Geoff
Sent from my BlackBerry wireless handheld.  

-----Original Message-----
From: "Brian Kerley" <kidgenius@gmail.com>
Date: Wed, 7 Feb 2007 15:28:56 
To:security-basics@lists.securityfocus.com
Subject: Yes, trying to hack a remote control

Ok, you guys are going to probably think I'm the biggest loser, but here's
what's up.

I've got a new Harmony 1000 remote from logitech. It's a new touchscreen
remote that has just came out.  Of course, I can't leave well enough alone
and would like to take a look at the inner workings of this thing.  That's
where it gets difficult and I'm hoping someone might be able to help.

The remote connects via usb using a Belcarra USB Lan Link.  The remote gets
assigned an IP address of 169.254.1.2  I've scanned it and it shows that it
is running both telnet and ftp (as well as another service called "discard"
according to nmap).  So I've tried to telnet/ftp into it using a various
combination of passwords and usernames.  I've also tried to do a dictionary
attack, but the remote shuts the service down after so many attempts.  I've
also tried using both Cain and Wireshark to analyze the packets being sent
to the remote during an update that is performed by the included software.
I got a lot of data, but I can't seem to find any plaintext passwords or
usernames in the packets.  The software running on the computer is java, and
the remote's software might be java as well.

Do you guys have any ideas on how I might be able to get into this thing?
There are also a lot of guys running linux that have other logitech remotes,
and of course are high-and-dry right now about how to update without running
a virtual environment.  If I can figure how to get in over one of these
services, then maybe it can be of some help to those guys.

Thanks,
Brian
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Virtual Machine from an existing Physical Machine, jano_prospero
Next by Date:  Re: PHP filter function against SQL injections, jeffrey rivero
Previous by Thread:  RE: Yes, trying to hack a remote control, email23m
Next by Thread:  Re: Yes, trying to hack a remote control, Brian Kerley
Indexes:  [Date] [Thread] [Top] [All Lists]