Skip to main content
How We Hacked a TP-Link Router and Took Home $55,000 in Pwn2Own
Learn tricks and techniques like these, with us, on our embedded device hacking training! https://ift.tt/rFvfy1D In this video we will show you how we found and exploited vulnerabilities in the TP-Link Archer AC1750 to win $5,000 in Pwn2Own Tokyo 2019. We made a total of $55,000 hacking routers in this competition! 00:00 Intro 01:48 Finding debug interface 04:35 Finding the vulnerability 06:23 Vulnerability details 15:20 Exploit demo 16:33 Outro For in-depth details, refer to our advisories: https://ift.tt/xlgitOJ https://ift.tt/7l8XoIw The two advisories complement each other. The first one describes the process we used to pwn this router in 2019, and the second one how we found in 2020 that TP-Link improperly patched the command injection. We used that knowledge to improve the exploit so that it works on old and newer "patched" firmwares. The command injection described in this video is the improved one. The vulnerabilities exploited in this video are: - CVE-2020-10882 - CVE-2020-10883 - CVE-2020-10884 - CVE-2020-28347 All vulnerabilities have been fixed by TP-Link in current firmware versions. Please follow us on twitter! Flashback Team: https://twitter.com/FlashbackPwn Pedro: https://twitter.com/pedrib1337 Radek: https://twitter.com/RabbitPro Send us any comments or criticism! Intro material comes from the ZDI YouTube channel under CC-BY. ~ Flashback https://ift.tt/8THQLyb
Hello and welcome to the temple of cybersecurity. Now you are watching How We Hacked a TP-Link Router and Took Home $55,000 in Pwn2Own published at January 6, 2021 at 04:06AM.
For more hacking info and free hacking tutorials visit: https://ift.tt/MXuDVPv
follow us on:
Youtube: https://www.youtube.com/channel/UCiu1SUqoBRbnClQ5Zh9-0hQ/
Whatsapp: https://ift.tt/F9ftlvA
Reddit: https://ift.tt/65h3R9z
Telegram: https://ift.tt/sRNUV9z
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/wKuknQA
Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news
Comments
Post a Comment