IoT Hacking - Polycom Conference Phone - Web Exploitation
HTML-код
- Опубликовано: 20 окт 2024
- In this video we demonstrate some typical web application analysis performed when security testing IoT devices.
gist.github.co...
cve.mitre.org/...
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
Soli Deo Gloria
💻 Social:
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nma...
#hacking #iot #cybersecurity #privacy #wireshark
So pumped that you're putting these out so frequently. I found your channel recently and was sad when i blew through some of your other vid series so fast and you started back up just in time!
Big same, i thought I missed the Matt boat, stoked to see new uploads!
Well done Matt! Great series on the Polycom, I do enjoy your unscripted style!
Ehy Matt. Really Cool!
i usually practice about classic hacker stuff like web pentesting, ctf, hackthebox, etc etc... and i'm really curious about other hacking areas like : firmware extraction, IOT hacking etc. In this video you join the 2 things making a really really cool content. Well Done!
Every new video it's a new learning. Thanks a lot! I speak from Brazil!!
Why not try opening the S3 bucket to see if all versions of the firmware are there and maybe more things to use for investigation?
Great video, can't wait to see your firmware analysis video.
Keep it up. Really nice content. I am glad that I somehow manage to find your channel and to subscribe.
Suggestion: number the episodes in this series for posterity 😊
I wonder if you could just change the HTTP request to the polycom download server to get all the earlier versions of the firmware and their download links?
Thanks for the videos Matt, I purchased a poly phone to have a play with off the bay.
Any chance looking over the HDX gear? I picked up a fair bit of this stuff and it looks fun. Found a video of a guy booting one and a compact flash card was staring me in the face so it looks kinda fun..
awesome work matt great fan of your work keep doing such awesome content happy to see such great researchers like you in our infosec space who are always ready to contribute and educate.
What microscope do you use? I got a little tomlov one on Amazon and haven’t been happy with it
It's an Amscope. Same one Louis Rossmann uses.
Awesome stuff Matt, You are the GOAT 🐐
Keep up the great work Matt!
if they use Rtos in their firmware, where the web application source code
Thanks for sharing info on how to do stuff like this.
The "/languages" endpoint looks like a LFI 🤔
I tried that! no luck :(
Hi! Is ti possible Haking a polycom system like a g300 series? I would like to use it with Microsoft teams
hi i have sti7111 boards can we open uart acess ?
Fine and great video.
Which linux distro are you using?
arch linux :)
Great keep it up.
subbed!
It would be a nice spot for xml injection.
All these business comms devices have been supplanted by MS Teams nowadays
All these business comms devices have been supplanted by MS Teams nowadays
They are not. I visit a lot of larger corporations and they still use physical voip devices. You can't use MS Team/Skype/SlackWare/Zoom/Jitsi/Matrix-Synapse/GoogleMeet to contact regular people. The other person(s) have to use the same software. We do use HTML5 WebRTC sip (software) phone for customer/service desk (callcenter) solutions, but they are all running behind Kamailio/Asterisk PBX setups.
Board rooms are still using these conference bridge phones. They are still the norm to quickly get a whole bunch of different people together and they are all using their own hardware. Good luck getting a zoom link to your ISP service desk. Even when you are in a meeting a need a quick update of a specific project, they call an extension, ask the question and get an answer directly or they get called back. Ever tried to order a pizza with MS Teams? Works much better with last century technology...
Conference software have their place, but in general are only used to communicate with familiar people. When you need to contact someone you don't know, most people use the plain old telephone...
That eagle eye camera of theirs and their zone mics are way too nice to throw in a dumpster.