![]()
#Hacking panasonic smart tv how to#But before thinking about how to get one in less than 29 characters I wanted to learn a little bit more about the system. Also a reverse shell is handy because it would bypass any possible firewall rules blocking incoming connections. Therefore I did not need to know the IP address of the TV. So now that I knew the IP address of my laptop, I only had to get a reverse shell to my laptop. I connected it to the laptop and found out the laptop’s IP with ipconfig. #Hacking panasonic smart tv tv#After a dislocated shoulder and several threats towards the TV I plugged the cable in. ![]() My TV is wall mounted, so plugging in a cable is not as easy as one would imagine. Until now I didn’t even have to go anywhere and I found it quite funny that I was able to run system commands on my TV just by using a remote control. After waking up the hardest part followed: getting out of bed to get the laptop and an ethernet cable. It was really late so I decided to go to sleep and try to get a shell the next day. This is the explanation why the shadow file couldn’t be opened. I wanted to test if I am root but the file wasn’t readable. When you have root privileges the /etc/shadow file is readable. It was, and it would have been a big surprise if it wasn't I wanted to see if /etc/passwd was readable. & sleep 2 would freeze the menu for 3*2 seconds if the which function found nc on the TV set. Which is a linux command that returns the path to a program if it exists. Since I only had 31 characters, minus the two backticks, my payload could only consist of 29 characters.īelow is a list of commands I tried to run on the TV, including an explanation of what they are and also a confirmation if they succeeded or not. ![]() Freezing the menu was not an ultimate proof though, and it was not very useful in terms of exploitation. There was actually a command injection in the first input field I tried. ![]() It turned out that it always took the television set three times longer than the input number to become responsive, as shown below: There is something definitely happening, but was not sure what and how. I typed in “television `sleep 0`” and tried it again. Maybe the TV did not expect them and threw an error which prevented it from loading. I thought it might have something to do with the backtick characters I injected. The time did not match my input as it was way longer than five seconds. It’s not odd for my TV to hang for a few seconds before changes are made, but because now it took a longer time to become responsive, it made me curious. I didn’t really think that I had just found a command injection or something similar. Once it was responsive again I changed the name so I could select other menu entries. So I thought it would be fun to rename my TV to “television `sleep 5`”.Īfter entering and submitting the payload from my remote, the settings menu just froze for a long time. It might be a GET parameter on your router’s web interface, the control panel of your new printer, or, in my case, a TV. When you work in Information Security, you can’t help but to test some payloads you use on a daily basis on other input fields you encounter. The Vulnerability in My Smart Television Set Then something else caught my attention I could actually give my TV set a name. I opened it and only saw some more version numbers. Within the settings, there was a category called “info”. I could only activate “Hotel Mode” and view the version number of the set. Almost all of the categories it showed weren’t accessible. #Hacking panasonic smart tv code#After a quick Google search on my mobile phone I found out that this brand of televisions has a code that opens a hidden menu.Īfter opening the settings and typing in the code on my remote control, another menu popped up on the left side of the screen. But while setting the timer I wondered about other possible menu functions, and if there any hidden features that are only meant for the support team or the developers. Since I was very tired, I just wanted to set the sleep timer on the television and lie down. Finding a flaw in such a device is always quite fun because you often see things that aren’t meant to be seen by the users, except the developers and maybe the company’s tech support team. I was tired but kept on thinking about a vulnerability I found earlier on in a router someone gave me. It was one of those lazy evenings, just watching TV after a long day. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |