Difference between revisions of "PogoPlug Mobile"
m (Text replacement - "gtvcom-20" to "exploiteers-20") |
|||
Line 7: | Line 7: | ||
== Purchase == | == Purchase == | ||
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. | Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. | ||
[http://www.amazon.com/gp/product/B00DOAF8D2/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00DOAF8D2&linkCode=as2&tag= | [http://www.amazon.com/gp/product/B00DOAF8D2/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00DOAF8D2&linkCode=as2&tag=exploiteers-20&linkId=SFROHTJMB7OSDV6H Purchase the PogoPlug Mobile at Amazon] | ||
== Disassembly == | == Disassembly == |
Latest revision as of 01:22, 7 February 2016
"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."
This page will be dedicated to a general overview, descriptions, and information related to the PogoPlug Mobile.
Purchase
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the PogoPlug Mobile at Amazon
Disassembly
UART
The pin-out for UART can be found on the image below.
GPL
You can find GPL code for the PogoPlug Mobile Here
Gaining Root
The PogoPlug has an open bootloader and its kernel drops to a root shell making this a very open device. On top of that a user is also able to enable a SSHD server if they visit My.PogoPlug.com and enable it. Enabling SSHD not only sets dropbear to start on boot but also forces the user to change the root password. This however is only offered if a user opts to setup SSHD.
This leaves a lot of users with a default root password, but seemingly without any services running that could use it.
Lucky for us a diagnostic page runs on every pogoplug and can be accessed at:
https://IP-OF-POGOPLUG-MOBILE/sqdiag/
This diagnostic pages uses the root credentials as its login/password.
After accessing this diagnostic page you will need to access the hidden command execution portion. This can be access by visiting the following URL:
https://root:ceadmin@IP-OF-POGOPLUG-MOBILE/sqdiag/HBPlug?action=command
After visiting the above URL you should now have an input field that you can enter in any command which will execute with root privileges.
Accessing from CURL The below command will test a PogoPlug for the default login and command execution script. For a quick test substitute COMMANDHERE with reboot.
POC:
curl -k "https://root:ceadmin@IP-OF-POGOPLUG-MOBILE/sqdiag/HBPlug?action=command&command=COMMANDHERE"
Default Root Credentials
Below are the default root credentials for the PogoPlug, these are only changed if a user enables SSHD through the PogoPlug cloud interface.
Username: root
Password: ceadmin