TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

AppleTV & nmap -sV

BHIS · 2016-10-11 · Read original ↗

ATT&CK techniques detected

5 predictions
T1040Network Sniffing
99%
“open earlier. that ’ s 3689, 5000, 7000, 7100, 49152, 62078. and i ’ m going to stop collecting traffic by hitting ctrl - c as soon as i see the tv come on. down from 2869 to 122 packets. that ’ s a whole lot better. i open the packet capture in wireshark, and start at the bottom…”
T1046Network Service Discovery
98%
“going further towards the beginning, i see two bare get requests, to different ports. get / http / 1. 0 to port 3689 i can send that : $ echo - en " get / http / 1. 0 \ n \ n " | nc 192. 168. 10. 110 3689.. and the tv comes on! this turned out to be it. just a “ get / ” is all it…”
T1046Network Service Discovery
72%
“your tools interpret things, the better. i want to see “ port 22 ” not “ ssh ” because what ’ s there may not actually be ssh all the time. tcpdump up top, nmap down below i ’ m capturing the packets to a file ( - w appletv. pcap ) for later. i ’ m thinking there ’ s going to be …”
T1046Network Service Discovery
39%
“appletv & nmap - sv appletv & nmap - sv bbking / / advisory : the techniques and tools referenced within this blog post may be outdated and do not apply to current situations. however, there is still potential for this blog entry to be used as an opportunity to learn and to possi…”
T1040Network Sniffing
38%
“your tools interpret things, the better. i want to see “ port 22 ” not “ ssh ” because what ’ s there may not actually be ssh all the time. tcpdump up top, nmap down below i ’ m capturing the packets to a file ( - w appletv. pcap ) for later. i ’ m thinking there ’ s going to be …”

Summary

BBKing // So I’m working the other day, and my wife asks me why the TV is on. I don’t know. I didn’t turn it on. But it’s near my […]

The post AppleTV & nmap -sV appeared first on Black Hills Information Security, Inc..