Blackstar: Difference between revisions

From DisNCord Community Wiki
Jump to navigation Jump to search
Newer edit →
VisualWikitext
jcnjkndjknaskjnckjndsakjfbdfbjhbdhfwboechwfoexuiofaonucfoiunuipqnoirunsoiufcnoiafuoinuciodsnauopibeiqubwrcrberyrwehwrnehuidxfjneoqjrjbijausodjfcobuiewcjneuweqirbqiudhboxnqyuiybduyauiybauiefonjeqpxiqefournqceuroiquriupxueoqxunuqexuehmmnqdpznjafhdfhbehcqoonuiwhmefixuefuzhbeuiqseyuefnhxnhfiuhninhewqioybffgryweiueyzbfyxgexweybfgqixbyefgigeqnxgfeyfqgenxygwehqjggdhgafshfgiexqbeytvieytewvytftewvfiqwvtvyetwgfnyyifbysfubiabduyfboefyeborybiubwufbyeoufybyasybidosafybfucknyndxiuyebifvuebxnqnyszehbyezuyiybiu
 
What? Help me!
Line 21: Line 21:


Currently, a Python script has been written (and will eventually be released) that can detect ViP units on a wireless network (via UPnP) and execute exposed actions. This has the added advantage of being able to quickly detect model information and grab the unit's IP (for port scanning, which will be done Soon<sup>ᚾᛖ</sup>.)
Currently, a Python script has been written (and will eventually be released) that can detect ViP units on a wireless network (via UPnP) and execute exposed actions. This has the added advantage of being able to quickly detect model information and grab the unit's IP (for port scanning, which will be done Soon<sup>ᚾᛖ</sup>.)
[[Category:Projects]]

Revision as of 14:31, 10 September 2024

This is a project to (hopefully) achieve remote code execution on the Dish Network ViP line of set-top boxes. The unit used for testing is a Dish Network ViP222k.

I wouldn't place bets on this project's success. I do not have a background in cybersecurity or pentesting. It'd be funny though.

Goals

  • Framebuffer access (for funniest image I'll ever take)
  • Boot NetBSD (someday, somehow)
  • Run Doom (maybe)

UPnP

On startup, the ViP units expose a UPnP server with a surprising (alarming?) amount of functions. Some examples:

  • Increment/decrement channel
  • Force redownload program guide
  • Lock/unlock front panel controls and remote
  • Remote reboot
  • Test satellite switch (annoying, takes a very long time!)

(Among various other things.)

Currently, a Python script has been written (and will eventually be released) that can detect ViP units on a wireless network (via UPnP) and execute exposed actions. This has the added advantage of being able to quickly detect model information and grab the unit's IP (for port scanning, which will be done Soonᚾᛖ.)

Retrieved from "https://wiki.restless.systems/index.php?title=Blackstar&oldid=1250"