Zero visibility into the indoors resisted soldiers from entering into the hotel with held up hostages.
Enumeration: –
Environment Automation Servers are used in commercial buildings to control and automate several systems including heating/cooling, ventilation, lighting, security, etc.
They can be enumerated as below.
Connecting to the Building Automation Server: –
The credentials (mostly set to default) once identified, the connection can be established as below.
With admin account greeting us, we look into available command options as below.
Ex. One of the commands is “reboot“, which may be useful in a DoS attack against this system.
By typing “uptime”, we can also see the time since the last reboot potentially hinting at last time the system was patched.
Pipe system commands to the underlying server hence, we can see the passwd file on the underlying server as below;
Privilege Escalation:
The root access could now enable us to control temperature, ventilation & lighting as required. Reducing the temperature would get the guests sleepy & reduce the panic. Stopping the ventilation eventually increases the CO2 level inside. The increased fatigue hence would thus slow down any response against counter actions.
Coordinated lighting “outages” leading to loss of visibility for those inside, thus facilitates entrance for the soldiers inside hotel to save the day.
Hits: 71
