hacker

turmio

Hacking Yamaha RX-V475

nmap

$ sudo nmap -sT -p 1-65535 -v -A 192.168.2.33
Initiating OS detection (try #1) against 192.168.2.33
NSE: Script scanning 192.168.2.33.
Initiating NSE at 15:28
Completed NSE at 15:29, 30.12s elapsed
Nmap scan report for 192.168.2.33
Host is up (0.00051s latency).
Not shown: 65529 closed ports
PORT      STATE SERVICE     VERSION
80/tcp    open  tcpwrapped
|_http-favicon: Unknown favicon MD5: 731538E62E7F79E7418995F493609777
|_http-title: Site doesn't have a title (text/html).
1024/tcp  open  rtsp        Apple AirTunes rtspd 141.9 (Apple TV)
| rtsp-methods: 
|_  ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER, POST, GET
1900/tcp  open  tcpwrapped
8080/tcp  open  http-proxy?
|_http-open-proxy: Proxy might be redirecting requests
|_http-title: Site doesn't have a title (text/html).
10200/tcp open  unknown
50000/tcp open  ibm-db2?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8080-TCP:V=6.40%I=7%D=12/3%Time=529DDBF2%P=x86_64-apple-darwin13.0.
SF:0%r(GetRequest,145,"HTTP/1\.1\x20200\x20OK\r\nCONTENT-TYPE:\x20text/htm
SF:l\r\nCONTENT-LENGTH:\x20260\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//
SF:W3C//DTD\x20HTML\x204\.01\x20Frameset//EN\"\x20\"http://www\.w3\.org/TR
SF:/html4/frameset\.dtd\">\r\n<html>\r\n<head>\r\n<meta\x20http-equiv=\"Co
SF:ntent-Type\"\x20content=\"text/html;\x20charset=iso-8859-1\">\r\n</head
SF:>\r\n\r\n<body>\r\n\r\n<H1>PRESENTATION\x20PAGE</H1>\r\n</body>\r\n</ht
SF:ml>\r\n")%r(FourOhFourRequest,1A,"HTTP/1\.1\x20404\x20Not\x20Found\r\n\
SF:r\n");
MAC Address: 00:A0:DE:A1:A4:84 (Yamaha)
Device type: media device
Running: Denon embedded
OS CPE: cpe:/h:denon:avr-2113
OS details: Denon AVR-2113 audio receiver
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=17 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Mac OS X; Device: media device; CPE: cpe:/o:apple:mac_os_x

Chips

curl -v 10.0.2.52 > /dev/null                               
* Rebuilt URL to: 10.0.2.52/
* Hostname was NOT found in DNS cache
*   Trying 10.0.2.52...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 10.0.2.52 (10.0.2.52) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.37.0
> Host: 10.0.2.52
> Accept: */*
> 
< HTTP/1.1 200 OK
* Server AV_Receiver/3.1 (RX-V475) is not blacklisted
< Server: AV_Receiver/3.1 (RX-V475)
< Content-Encoding: gzip
< Content-Type: text/html
< Content-Length: 15819
< Content-Language: en
< 
{ [data not shown]
100 15819  100 15819    0     0  87857      0 --:--:--

curl -v 10.0.2.52:8080                                      
* Rebuilt URL to: 10.0.2.52:8080/
* Hostname was NOT found in DNS cache
*   Trying 10.0.2.52...
* Connected to 10.0.2.52 (10.0.2.52) port 8080 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.37.0
> Host: 10.0.2.52:8080
> Accept: */*
> 
< HTTP/1.1 200 OK
< CONTENT-TYPE: text/html
< CONTENT-LENGTH: 260
< 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<H1>PRESENTATION PAGE</H1>
</body>
</html>
description
Yamaha RX-v475 reverse engineering
started
2013-12-03


CategoryProjekti