![]() ![]() This can be opened in 7-zip, which allows extraction of the compiled Java Classes: Decoding the applicationĪ quick dig around the installed application showed that it was written in Java, which has been compiled into a Portable Executable file (a PE file). So the next step to decode it is to examine how the application encodes the data. each packet) starts with 5d 74, this is indicative of a simple constant encoding pattern, either just mangling with XOR or a shift, or encrypting with a static key. Though we can see that the data repeats itself, this is clearer if we use the hex view of the packets: That’s not desired, so maybe we can steal the switch’s credentials, so let’s have a look at the data stream:Īh, that’s no good – that’s been encoded in some way. any device connected to the switch) will receive this traffic! This means that any device on that subnet (i.e. The immediate thing that jumps out is that all traffic is sent to the broadcast address, 255.255.255.255: To make sense of the above, the important two conversations are the two at the bottom, covering traffic from my laptop (192.168.0.2) to the switch (192.168.0.1) on port 29808/udp. Here’s a very quick screenshot of the sniffed conversations: I’m curious, so I turned on a network sniff through Wireshark whilst I was using the switch. You see, as the switch is designed as a basic home consumer unit it doesn’t have a fancy web interface, it uses a custom program (Easy Smart Configuration Utility) to allow you to configure this through a custom protocol. ![]() This isn’t a post about port mirroring though, it’s a post about the switch’s management interface and how I decoded the management traffic to get information such as the devices credentials. ![]() it would send everything from one port to another, effectively allowing me to easily sniff data passing over an interface. ![]() I got a TP-LINK TL-SG105E (version 1) switch because it had a very useful port mirroring feature – i.e. A while back I bought a small TP-LINK switch for using whilst testing. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |