IoT Hacking - Netgear AC1750 NightHawk - Backdoor Reverse Shell

Matt Brown
Matt Brown
6,658
0
Published 2024-05-01
In this video we cross compile a reverse shell program to create a backdoor on the Netgear router that will run on boot.

IoT Hackers Hangout Community Discord Invite:
discord.com/invite/vgAcxYdJ7A

🛠️ Stuff I Use 🛠️

🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB

🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx

🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb

About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.

- Soli Deo Gloria

💻 Social:
twitter: twitter.com/nmatt0
linkedin: www.linkedin.com/in/mattbrwn/
github: github.com/nmatt0/

#hacking #iot #cybersecurity #reverseengineering #firmware #supplychainsecurity
All Comments (21)
  • @cocusar
    I'd do this just for the laughs, but my hoarding doesn't let me throw away this kind of devices because "you might need it some day" lol
  • @garridomonfrero
    It will be so cool if instead of overwriting other binary from the firmware , unpack the firmware , rewrite it and pack it again generate the crc and flash it on the hardware. Nice video man!
  • @thedizsilent5188
    Ive needed to cross compile pkgs from x86 to arm for my Raspberry-Pi 4 and failed miserably got uninterested and gave up i learned alot from this thank you
  • @NewbLuck
    The Zig compiler is an awesome tool for C/C++ cross-compiling, it has GCC+MUSL baked in and supports pretty much any arch LLVM does. Much easier than maintaining various CC tool chains (and is a great systems language to boot).
  • @Trvkivde
    great understanding of things.. easy.. straight.. and oriented! keep going!
  • @russjr08
    Great work Matt, I really enjoy going through these!
  • @theskelet4r
    Another Amazing Video Matt, Thank you for sharing your skills with the community
  • @feff6754
    Love this series of videos, thanks!
  • @zekebohannon6058
    This was an awesome video. First time I've seen your channel before, subscribed
  • @Mimo0xCool
    Keep it up, thank you for the well done content 🙏
  • @renify_
    Thanks matt, i would never buy resell modem anymore 🤣
  • @tonkofonko
    Looks so good when it can be modified with backdoor or that stuff.
  • @SteltekOne
    19:30 That's actually a typical firmware recovery process for when you've bricked your firmware with an update. The goal is to let you flash back a valid firmware that way. (Many manufacturers lock this behind a button press, but some will just initiate it on boot as seen. Ideally there's also a signature check to ensure it only loads valid firmware from the manufacturer, but few go that far.)
  • @gergopap7207
    hi, I would like to ask if there will be a video where you present a binary reverse engineering process and a binary exploitation, exploit development process in mips or arm architecture?
  • @ItsAuver
    Thanks for another video Matt! Question, would this kind of reverse shell survive the device being factory reset? I imagine it would not, but I am unsure. Thanks again!
  • @alexk4894
    What's the purpose of renaming root to admin? Is it used for authentication via web UI?