Difference between revisions of "Awox CamLight Pentest"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 1: Line 1:
== Summary ==  
== Summary ==  


DRAFT - This is a report on the information gathering and vulnerability scans performed on Awox CamLight.
DRAFT - This is a report on pentest - the information gathering and vulnerability scans - performed on Awox CamLight.


== Requirements ==
== Requirements ==


* Operating system: Ubuntu 18.04 bionic amd64
* Operating system: Kali Linux 2021.1 amd64, Parrot Security 4.10 amd64
* Packages: git emacs


In order to complete these steps, you must have followed [[Some Other Documentation]] before.
Disclaimer: all possible examples and tests done have been done in VMWare in a Kali Linux and ParrotOS VM.  


== Description ==
== Description ==
In an effort to evaluate the Awox CamLight and perform a pentest, there are certain steps to be followed. A penetration test in general consists of several stages:
* Planning and reconnaissance
This is where the attacker/tester gets familiar with the target and gathers as much information as possible. Finding out what the network topology is (in case of networks), what the IP addresses, domain details or possible mail servers are etc.
* Scanning
This is the phase where you interact with the target, in our case the target host CamLight. Probes are sent to the target and responses are recorded. This includes scanning the target with various scanning tools, identification of open ports, services that are running and much more. The goal is to identify vulnerable ports, functions or services.
* Gaining Access
In this step the vulnerabilities are exploited to gain access to the target. However not all vulnerabilities will lead to this stage, only those exploitable enough to grant access to the target host.


=== Step 1 ===
=== Step 1 ===

Revision as of 19:25, 19 June 2021

Summary

DRAFT - This is a report on pentest - the information gathering and vulnerability scans - performed on Awox CamLight.

Requirements

  • Operating system: Kali Linux 2021.1 amd64, Parrot Security 4.10 amd64

Disclaimer: all possible examples and tests done have been done in VMWare in a Kali Linux and ParrotOS VM.

Description

In an effort to evaluate the Awox CamLight and perform a pentest, there are certain steps to be followed. A penetration test in general consists of several stages:

  • Planning and reconnaissance

This is where the attacker/tester gets familiar with the target and gathers as much information as possible. Finding out what the network topology is (in case of networks), what the IP addresses, domain details or possible mail servers are etc.

  • Scanning

This is the phase where you interact with the target, in our case the target host CamLight. Probes are sent to the target and responses are recorded. This includes scanning the target with various scanning tools, identification of open ports, services that are running and much more. The goal is to identify vulnerable ports, functions or services.

  • Gaining Access

In this step the vulnerabilities are exploited to gain access to the target. However not all vulnerabilities will lead to this stage, only those exploitable enough to grant access to the target host.

Step 1

Step 2

Make sure to read

  • War and Peace
  • Lord of the Rings
  • The Baroque Cycle

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation


References