Awox CamLight Pentest

From Embedded Lab Vienna for IoT & Security
Revision as of 19:30, 19 June 2021 by VHorvathova (talk | contribs)
Jump to navigation Jump to search

Summary

DRAFT - This is a report on pentest - the information gathering and vulnerability scans - performed on Awox CamLight.

Requirements

  • Operating system: Kali Linux 2021.1 amd64, Parrot Security 4.10 amd64

Disclaimer: all possible examples and tests done have been done in VMWare in a Kali Linux and ParrotOS VM.

Description

In an effort to evaluate the Awox CamLight and perform a pentest, there are certain steps to be followed. A penetration test in general consists of several stages:

  • Planning and reconnaissance

This is where the attacker/tester gets familiar with the target and gathers as much information as possible. Finding out what the network topology is (in case of networks), what the IP addresses, domain details or possible mail servers are etc.

  • Scanning

This is the phase where you interact with the target, in our case the target host CamLight. Probes are sent to the target and responses are recorded. This includes scanning the target with various scanning tools, identification of open ports, services that are running and much more. The goal is to identify vulnerable ports, functions or services.

  • Gaining Access

In this step the vulnerabilities are exploited to gain access to the target. However, not all vulnerabilities will lead to this stage, only those exploitable enough to grant access to the target host.

  • Maintaining access

For example to make sure that access is maintained after reboot or modifications of the target. This would be the case for attackers whose goal it is to stay in a system and collect information over longer periods of time to catch the perfect moment to exploit.

  • Exploitation

This would be the stage where an attacker/tester does the "actual damage". The goal is to get their hands on data, compromise a system, launch various attacks etc. During authorized penetration testing, this will take place in a very controlled environment.

Step 1

Step 2

Make sure to read

  • War and Peace
  • Lord of the Rings
  • The Baroque Cycle

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation


References

Retrieved from "https://wiki.elvis.science/index.php?title=Awox_CamLight_Pentest&oldid=7402"