Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Device inspection to remote root
1. Device
inspection
To remoteroot
Uncovering the sekritz of proprietary software on a fixed
wireless terminal and weap0nizing them into a remote exploit
Where What Who
Ruxmon Melbourne
Device Inspection to remote
root
Tim Noise
3. FixedWirelessTerminals
• Linux Based
• System on Chip
• Provide PoTS and ADSL
• 3G/LTE Backhaul
• Battery and Solar
• Remote Managed
• Deployed in Clusters
For people without copper or fiber
4. ExternalConnectors
• Ether over USB
(DHCP)
• Aerial socket
• SIM Card slot
• 2 RJ11 ports for
ADSL CPE and PoTS
Things we can probe
5. ExternalConnectors
• SIM Card slot
• 2 Management
Ethernet Ports (NO DHCP)
• 2 RJ11 power management ports
Things we can probe
9. GainingROOTalways want that uid 0 - the usual tricks
• Removable root Media
• hashcat / jtr
• kernel paramaters
• init=/bin/sh
• single user mode
• Lucky for us, the root password is
printed on the PCB (not even joking)
26. OneStepFURTHER
• Connect back payloads
• Dial 1900 numbers for profit
• UDP broadcast the attack
• Intercept data and telephony
• Insta-botnet / onion network
• Other bad things
For internet bad men