SQL Injection to MIPS Overflows: Rooting SOHO Routers

DEF CON 20

Presented by: Zachary Cutlip
Date: Sunday July 29, 2012
Time: 14:00 - 14:50
Location: Track 4 / Turbo

Three easy steps to world domination:

Pwn a bunch of SOHO routers. ??? Profit

I can help you with Step 1. In this talk, I'll describe several 0-day vulnerabilities in Netgear wireless routers. I'll show you how to exploit an unexposed buffer overflow using nothing but a SQL injection and your bare hands. Additionally, I'll show how to use the same SQL injection to extract arbitrary files from the file systems of the wifi routers. This presentation guides the audience through the vulnerability discovery and exploitation process, concluding with a live demonstration. In the course of describing several vulnerabilities, I present effective investigation and exploitation techniques of interest to anyone analyzing SOHO routers and other embedded devices.

Zachary Cutlip

Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation techniques targeting embedded systems and network infrastructure. Since 2003, Zach has worked either directly for or with the National Security Agency in various capacities. Before becoming a slacker, he spent six years in the US Air Force, parting ways at the rank of Captain. Zach holds an undergraduate degree from Texas A&M University and a master's degree from Johns Hopkins University. Twitter:@zcutlip


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats