O'Reilly logo

IoT Penetration Testing Cookbook by Aditya Gupta, Aaron Guzman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How to do it...

Let's get started with analyzing firmware and seeing whether we are able to identify any of the sensitive information or a backdoor for that matter.

The firmware that we will use for this exercise is a D-Link DWR 932B with the version DWR-932_fw_revB_2_02_eu_en_20150709. These following vulnerabilities have been discovered by security researchers, namely Gianni Carabelli and Pierre Kim:

  1. The first step would be to extract the filesystem from the firmware. However, the firmware in this case comes as a ZIP file which is protected by a password. The password in this case could be cracked by a utility such as fcrackzip and the password was found to be UT9Z. This is also shown in the following screenshot:
  1. Once we have the firmware ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required