00:00 - Intro
01:00 - Start of nmap
02:54 - Discovering OpenPLC, looking for default credentials and logging in with openplc:openplc
05:10 - Uploading a C reverse shell to OpenPLC
08:20 - Talking about our shell hanging our webserver, showing a POC that runs system() to background a process which seems to be smart
09:55 - Discovering a Wireless NIC, running IW to see wireless networks and OneShot to attack WPS
12:30 - Joining the Wireless Network, showing how important it is to tell DHCLIENT to not update default routes
16:55 - Cheating to get a root shell, so we can show the routing table of the container that can no longer talk to us
19:20 - Adding unset new_routers to a DHCLIENT Enter Hook so it doesn't update routes
21:10 - Once we get on the Wireless Network we can SSH to OpenWRT and get the root flag
21:45 - Showing we could exploit OpenWRT through the web interface aswell, setting up a pivot with Chisel
23:20 - Logging into OpenWRT with a blank password, going to the Scheduled Tasks to create a cron
27:10 - Creating a Reverse Shell Payload with MSFVenom
29:20 - Getting multiple reverse shells so we can easily run multiple commands on the container
Support the originator by clicking the read the rest link below.
