-
Given is a data-stream to an SH1306-OLED display
-
SH1306 is slightly different to well known SSD1306, differences in Protocol
-
Basic explanation of SSD1306 display: lastminuteengineers.com
-
SSD1306 datasheet: adafruit.com
-
SH1306 seems to only support page addressing mode. This can also be seen on the data stream itself - 128 Bytes are transmitted in one go = 128 Lines*8 Rows at 1 bit 'color-depth' (black/white)
-
Correct Settings for
Saleae Logic
can be determined from the capture itself or the shematic given by HTB: -
After exporting the
Saleae Logic
analyser result as.csv
, the protocol can be reversed/display can be emulated and the pixel-stream can be saved to an image file
-
Port
31227
-> Basic Auth, no luck withadmin/admin, ...
& useradmin
+ rockyou.txt -
Port
32544
-> AMQP, requires auth, no luck withguest/guest
& useradmin
+rockyou.txt -
Ports change with restart of Docker-container + Services of other challanges are running on the same IP but different port ...
-
The authentication form tells us, this is a AppWeb Embedded Server
- Found common vuln for app web: https://lab.wallalarm.com
- Found working exploit for user
admin
at https://vulners.com:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import requests | |
import sys | |
import argparse | |
import os | |
import sqlite3 | |
import traceback | |
import re | |
# disable insecurerequestwarning |