IoT Security Fundamentals: Detecting and Exploiting Web Application Vulnerabilities

Introduction

In this article, we will be learning emulate a firmware for exploiting a web application called blind command injection. This is found in the older firmware version of Netgear.

For sake of understanding, this post has been divided into two parts: firmware emulation and command injection exploitation.

Part 1: Firmware emulation 

What is emulation? Let’s understand the meaning of emulation in simple words. Suppose you get a firmware file (bin/img) from any source like their official website and you want to run that file, i.e., firmware img/bin file. How can you do so?

There are two ways:

emulation: In this, you get a hardware device like a router, upload the firmware file onto the router and interact with the firmware via the router interface. The issue with this method is you always need an additional hardware device to run the firmware emulation: In this, we use software instead of hardware. Thus, the software mounts the firmware and you interact with the firmware interface. Biggest advantage using this method is you don’t need any separate hardware and you can run as much as firmware you wish to

In this post, we will

Read More: https://resources.infosecinstitute.com/topic/iot-security-fundamentals-detecting-and-exploiting-web-application-vulnerabilities/