We build a IoT testbed to experiment with vulnerability exploitation and remote attestation of IoT devices. Right now, we are working on Raspberry Pi model 3 B+ (OS: Raspbian Buster) There are two primary files:
- A testbed server that starts and terminate different IoT projects
- A Client (Attacker) that exploits particular vulnerable project by sending payload remotely
There are four IoT projects:
- Irrigation Server
- Smart Home
- Remote control monitor car
- DNS server raspberry
And all these projects can be exploited using:
- Stack-based buffer overflow (TCP bind shell)
- Stack-based buffer overflow (TCP reverse shell)
- Heap Overflow (TCP bind shell)
- Heap Overflow (TCP reverse shell)
- Ret-to-libc (TCP bind shell)
- Ret-to-libc (TCP revese shell)
- Injecting Code using Mprotect()
To run the testbed, we need the following requirements:
- disable ASLR
- Install necessary libraries for IoT projects
- compile the main file of the projects enabling execution in stack and disabling stack protector
Run the following commands to meet project and environment dependencies:
chmod +x compile.sh
./compile.sh
You can download the interface.sh
file in any Linux machine and run it to access both the server and the client.
Note: You must have the University of Houston
VPN installed in your computer.
user@local:~$ ./testbed.sh
It will prompt users to start the server, client, and the verifier.
Note: For now, Verifier Node is not included.
Select any of the included projects after running the server
$ ./server.sh
Select particular project and related exploit after running the client
$ ./client.sh
In the utility folder we include the utility files and programs. Included resources are:
- Shellcode Generators
- Basic Server and Client program
- Thumb Mode Instructions
- Shellcode Testers
- Used NOP instruction
- Example Bind Shell
- Example Reverse Shell