Ch, list, chrisdat_private <chrisdat_private> wrote in 0.7K bytes: > I read the black hat presentation on exploiting printers: > http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-phenoelit-network.pdf > , good stuff & a real eye opener! [SNIP] > My question, could something similar to exploiting printers be done to > routers or would the hardware be totally incompatible ? As you can see in the second half of the presentation, it is most definitely possible. There are currently several different approaches: 1) Exploiting a design failure to upload code This was proved using the HP Chai services. 2) Exploiting a hole and writing code to run on the hardware, hereby ignoring the operating system totally and replacing information on permanent storage (such as NVRAM). This is how the Cisco IOS exploit works. 3) Exploiting a hole and writing code to modify the currently running embedded OS. That's not proved so far, but would involve returning cleanly from the "shell code" and keep the system running. 4) ... anything the bright guys out there come up with So, to answer you question: Yes. cheers FX -- FX <fxat_private> Phenoelit (http://www.phenoelit.de) 672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 08:35:47 PDT