![]() ![]() Next, AvediaStream encoders connect to devices that broadcast live video. An AvediaPlayer r9300 receiver that connects to displays. Additionally, they run embedded Linux with BusyBox tools and use some obscure CPU architecture designed for IoT devices called ARC (Argonaut RISC Core). These receivers include both a web interface and an SSH server to execute the serial commands. They can send serial commands to their respective device to turn the display on/off, change inputs/volume, switch channels, etc. The system is composed of three products:ĪvediaPlayers are small blue boxes that connect to projectors and TVs. Exterity IPTV Systemīefore moving on, I will briefly explain the IPTV system. ![]() This is where I state the disclaimer again: never access other systems in an unauthorized manner without permission. ![]() My 14-year-old self stares at the camera I remotely accessed from my iPad. These included printers, IP phones… and even security cameras without any password authentication. Of course, we did so immediately, but by then, we had finished scanning the first half of the district’s 10.0.0.0/8 address space - a total of 8,388,606 IPs.įrom the results, we found various devices exposed on the district network. I had a few friends help out with this project - and oh boy, did we scan! Our scanning generated so much traffic that our school’s technology supervisor caught wind of it and came in at one point to ask us to stop. And by “curious,” I mean port scanning the entire IP range of the internal district network. So obviously, I became curious about the technology at my high school. I didn’t understand basic ethics or responsible disclosure and jumped at every opportunity to break something. This story starts with my freshman year when I did not have much technical discipline - a time that I can only describe as the beginning of my script kiddie phase. We are grateful that the D214 administration was so understanding. With that said, what we did was very illegal, and other administrations may have pressed charges. We went a comprehensive 26-page penetration test report to the D214 tech team and worked with them to help secure their network. We prepared complete documentation of everything we did, including recommendations to remediate the vulnerabilities we discovered. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |