A Red Team Guide for a Hardware Penetration Test: Part 1

“Quick smash and grab /what to look for”

Common bugs to hunt for on hardware devices:

  • Initial boot-up: — Does the device have a a recovery mode, or can you interrupt it’s initial boot up.
  • Web based: Forced browsing/CSRF/SSRF/XSS: — You may as an admin have access to diagnostic information, that can be accessed by anyone on the WAN segment.
  • CLI injection: Jail escapes from sandboxed environments
  • Abuse of diagnostic utilities: tcpdump, etc.
  • Improper delegation and handing of default admin/root credentials — Can you somehow get the default root password from a file on the device?
  • Lack of proper user rights assignments — Can a non administrator gain access to parts of the system not intended?
  • Lack of hardware proper device hardening — you may be able to connect a usb keyboard, or a third party

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam Toscher

Adam Toscher

Adam is a offensive security engineer and red team operator with over 20 years of experience in IT