From 6e06c207a4459934e5b337e1a9e8212ceaec9c99 Mon Sep 17 00:00:00 2001 From: Conor Horan-Kates Date: Mon, 4 Jul 2016 17:50:43 -0700 Subject: [PATCH] cleanup markdown --- hootoo/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hootoo/README.md b/hootoo/README.md index c937c8b..2676c4b 100644 --- a/hootoo/README.md +++ b/hootoo/README.md @@ -5,13 +5,13 @@ i was initially interested in the HooToo TripMate Titan when someone on Twitter that sounds cool - not just for the surface use cases: road trips, airplane flights, etc - but also because the features required meant the TripMate was a $39 low power, wifi enabled computer with it's own battery. -my goal was always to gain access to this device in way it's manufacturer hadn't intended, but what i found was a bit excessive. +my goal was always to gain access to this device in ways it's manufacturer hadn't intended, but what i found was a bit excessive. some of the issues are as common as XSS vulnerabilities, others as serious as passing credentials/settings in plaintext over HTTP and a universally reused root password. # devices -name | model | description | version | rooted? | services | vulnerabilities -----|-----|-----------|-------|-------|---------------|--------- +name|model|description|version|rooted?|services|vulnerabilities +----|-----|-----------|-------|-------|--------------- [TripMate Titan](http://www.hootoo.com/hootoo-tripmate-ht-tm05-wireless-router.html)|HT-TM05|NAS/WiFi bridge/battery| firmware: `2.000.022`|yes|`telnet`, `http (80, 81)`, `unknown 85, 8200)`|easily guessable default passwords, universal root password, credential exposure, data exposure, HTTP - variety [TripMate](http://www.hootoo.com/hootoo-tripmate-ht-tm01-wireless-router.html)|HT-TM01|NAS/WiFi bridge/battery| firmware: `2.000.022`|yes|`telnet`, `http (80, 81)`|same as TripMate Titan [TripMate Elite](http://www.hootoo.com/hootoo-tripmate-elite-ht-tm04-wireless-portable-router.html)|HT-TM06|NAS/WiFi bridge/battery/outlet|firmware: `2.000.004`|no|`http (80, 81)`|easily guessable default passwords, HTTP - variety @@ -62,7 +62,7 @@ app|admin|``|allows login to web app ([default](http://10.10.10.254)) ### universal root password -while not easily guessable, the `root` password is triviable to obtain: +while not easily guessable, the `root` password is trivial to obtain: ``` $ telnet 10.10.10.254 @@ -144,9 +144,9 @@ parameters: # TODO need to talk about GET vs POST here -* `http://10.10.10.254/themes/HT-TM05/lge/us.js` - error codes to messages mapping +* `http://10.10.10.254/themes/HT-TM05/lge/us.js` - error code to message mapping * when no internet connection is available, all HTTP requests are blindly 301'd to [http://10.10.10.254/app/main.html](http://10.10.10.254/app/main.html) -* [hooto.com's 404](http://www.hootoo.com/foobarbaz) page is .. amusing +* [hootoo.com's 404](http://www.hootoo.com/foobarbaz) page is .. amusing #### protocol.csp fname|opts