search

HackTricks-wiki / hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
http://book.hacktricks.xyz/
Other
8.95k stars 2.67k forks source link

Ideas for pentesting Infotainment system #58

Closed vk-gst closed 3 years ago

vk-gst commented 3 years ago

Unfortunately, I did not find any information for my question online, hence I am posting the question here with some positive hope. :)

I am pentesting an infotainment platform that is still under development. I am using Kali Linux and my system and Infotainment system(Linux) is on the same private network. I did a nmap scanning(for all ports with option -p-) of the platform and found a few open ports. 

111/tcp   open  rpcbind
3490/tcp  open  colubris
5355/tcp  open  llmnr
8888/tcp  open  sun-answerbook
9999/tcp  open  abyss
16509/tcp open  unknown
51331/tcp open  unknown
58485/tcp open  unknown

Doing a netcat on the ports, did not yield any information except for port 3490. On port 3490, I could read some logs that are being used by the IVI-Graphics, someIP logs(with service IDs),etc. I have also obtained some process and thread IDs of applications that are running on the system. I have also tried telnet on all open ports and it did not yield me any more information. I have done service version scans on all ports as well, it did not yield any significant information.

  1. However, now I am stuck and unable to proceed any further. Does anyone have any other suggestions on approaching further?
  2. Secondly, I know that the IVI system runs Linux and Android. Right now I am in the subnet of Linux. Linux and Android have a private virtual network between them. Is there any way, I can reach the virtual network and perform further pentest of android?

P.S. Since the system is still under development, I have a UART connection available with root access. However this will be disabled in the real production environment.

carlospolop commented 3 years ago

Hi @venkatesh-kuppan,

I can't help you as I don't have much experience with the mentioned services. However, feel free to add some sections regarding those services in hacktricks and send a push request. I'm closing this issue because github issues aren't for asking technical questions, however, there is a telegram group of hacktricks where you can ask the question an probably more people will read it: https://t.me/peass