Blog

Triage SOHO device

SENIOR CHIEF EDITOR CHRISTOPHER VERA

Step-by-step guide

Info For Operators:

  1. Nmap all TCP/UDP on WAN/LAN/WLAN
  2. Wireshark capture for all WAN services and WEB UI
  3. Wireshark capture of normal boot an WAN/LAN
  4. Any UPNP requested ports/forwards

Info for VR:

  1. If serial, grab serial output of normal boot
  2. if console:
    1. /etc/init.d
    2. /etc/passwd
    3. /proc/mounts
    4. /proc/net/tcp
    5. /proc/net/udp
    6. uname -a
    7. sh -c `which busybox`
    8. ls /bin /sbin /usr/bin /usr/sbin 
    9. lsmod
    10. ps -ef
    11. get service bins off box (bind mount to graphic and fetch with web server, ssh, nc, ftp, tftp, over terminal? whatever works) 
  3. Take apart, catalog flash part #, SOC part#, radio part#, HDD?SSD?
  4. Dump Flash if necessary   
  5. source wikileaks.org
Rate This Article:
No comments

leave a comment