IoT Hacking - Netgear AC1750 NightHawk - Network Traffic Interception
HTML-код
- Опубликовано: 31 июл 2024
- In this video we will show the interception of encrypted TLS communications that the Netgear router makes to its cloud backend.
mitmrouter github page:
github.com/nmatt0/mitmrouter
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nmatt0/
#hacking #iot #cybersecurity #reverseengineering #wireshark Наука
The DNS service is providing different IPs is due to the load balancing algorithm used by the provider (in this case Akamai). Even with a script that would query the DNS for A records periodically, they can pop in/out IPs that might not be covered by current resolution. One approach would be to pin (in /etc/hosts, or dnsmasq) that host to one of the resolved ip addresses, and clear clients DNS cache. This too has its downsides, as they can exclude that ip from serving DNS requests for the intended domain....but chances are, your test time, is covered.
ok this makes sense :D
Use dig command to query list of the ips from dns
I'm a new subscriber and i like the consistency you're putting in, loving the contents
Thanks for another awesome video Matt! I'm excited to see the Discord community :)
As you might already know, Netgear has a public bug bounty program for their Nighthawk line of routers via Bugcrowd. If you do find a vulnerability worth reporting to them, it'd be really cool to see what a writeup for something like that looks like. I don't believe I've seen any other IoT pentesters go over how things like that work. Thanks for the video, best regards.
Great repo Matt. Looking forward to check it out.
Good to see some genuine content. I'm definitely still learning this stuff, so really appreciate the explanation and detail. Keep 'em comming!
Another Amazing Video Matt, thanks for sharing your process and making the repo public. Will definitely be using this tool in the future. Discord!
Awesome content brother keep it up
This is the good stuff!
Great video thx
I have this exact router collecting dust, about to hack into it! Thanks for the content.
Really looking forward to the discord server. I believe it will be fun for you and others. While you were hovering over the bash script you wrote I noticed that I don't have enough knowledge about linux network controls. Do you suggest any reading content(books, blog, etc.) about those or archwiki is enough ? :D
I do love the arch wiki :D
I make my setup from a combination of this stuff:
wiki.archlinux.org/title/Internet_sharing
wiki.archlinux.org/title/Software_access_point
wiki.archlinux.org/title/Dnsmasq
@@mattbrwn Thanks for the titles!
Thanks for the video.
I have the Netgear Nighthawk 7000, Installed Fresh Tomato. Would installing Fresh Tomato improve the over all security of the system?
A follow up video where you install Fresh Tomato and test again would be interesting.
I love this idea. Will give it a shot!
You should do some vids on a surfboard cable modem with forceware installed, i used to get free internet some years ago. Ill send it to you if you got a po box
15:00 perfect live example of why terminal throughput actually matters. Casey Muratori was right
I know right? certainly with today's HW we can run faster than 115200 :D
Awesome! I didn't know about this "--bind" option from mount command. In time, what is the name of the text http debbuger that you have used?
mitmproxy
hello Matt, do you use qemu to emu some hardware ? or you just buy and debug on the real device ? Thanks
I usually prefer the real device. Getting firmware to emulate correctly takes a lot of work most of the time.
Baby got scroll back.. 21:26
do you make a video about WAN interface testing?
what do you mean by WAN interface testing?
@@mattbrwn testing of those network services that are available via the WAN interface. And the necessary setup for this.
Try using dig command instead of nslookup
dig also uses DNS so it will also show different IPs related to the server as in the case of nslookup. DNS is the real cause, not the command.