root:$1$Jl7H1VOG$Wgw2F/C.nLNTC.4pwDa4H1:18145:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
dnsmasq:x:0:0:99999:7:::
dnsmasq:x:0:0:99999:7:::
iotgoatuser:$1$79bz0K8z$Ii6Q/if83F1QodGmkb4Ah.:18145:0:99999:7:::
$ git clone git://github.com/danielmiessler/SecLists.git
$ cd Malware
$ awk '{print $2}' mirai-botnet.txt > /home/iot/Desktop/password.txt
① SSH服务
② MiniUPnPd服务
<serviceType>urn:schemas-upnp-org:service:Layer3Forwarding:1</serviceType>
<serviceId>urn:upnp-org:serviceId:L3Forwarding1</serviceId>
<SCPDURL>/L3F.xml</SCPDURL>
<controlURL>/ctl/L3F</controlURL>
<eventSubURL>/evt/L3F</eventSubURL>
<serviceType>urn:schemas-upnp-org:service:DeviceProtection:1</serviceType>
<serviceId>urn:upnp-org:serviceId:DeviceProtection1</serviceId>
<SCPDURL>/DP.xml</SCPDURL>
<controlURL>/ctl/DP</controlURL>
<eventSubURL>/evt/DP</eventSubURL>
<serviceType>urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1</serviceType>
<serviceId>urn:upnp-org:serviceId:WANCommonIFC1</serviceId>
<SCPDURL>/WANCfg.xml</SCPDURL>
<controlURL>/ctl/CmnIfCfg</controlURL>
<eventSubURL>/evt/CmnIfCfg</eventSubURL>
<serviceType>urn:schemas-upnp-org:service:WANIPConnection:2</serviceType>
<serviceId>urn:upnp-org:serviceId:WANIPConn1</serviceId>
<SCPDURL>/WANIPCn.xml</SCPDURL>
<controlURL>/ctl/IPConn</controlURL>
<eventSubURL>/evt/IPConn</eventSubURL>
<serviceType>urn:schemas-upnp-org:service:WANIPv6FirewallControl:1</serviceType>
<serviceId>urn:upnp-org:serviceId:WANIPv6Firewall1</serviceId>
<SCPDURL>/WANIP6FC.xml</SCPDURL>
<controlURL>/ctl/IP6FCtl</controlURL>
<eventSubURL>/evt/IP6FCtl</eventSubURL
2.2 SOAP控制
upnp> host send 0 WANConnectionDevice WANIPConnection AddPortMapping
upnp> host send 0 WANConnectionDevice WANIPConnection GetSpecificPortMappingEntry
-
是否添加成功
-
是否映射成功
本文始发于微信公众号(山石网科安全技术研究院):系列|OWASP IoTGoat固件漏洞挖掘 02
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论