[+] Final aggregator
[+] Tested firmware: /home/genesis/firmwaretest/demo.bin
[+] EMBA start command: ./emba -l ../V2WEBCAM -f ../demo.bin -p ./scan-profiles/default-scan.emba -y
[+] Detected architecture and endianness (verified): MIPS / EL
[+] Operating system detected (verified): Linux / v3.10.14
[+] 154 files and 53 directories detected.
[+] Entropy analysis of binary firmware is: 7.805121 bits per byte.
[+] Entropy analysis of binary firmware is available: /logs/firmware_entropy.png
[+] Found 31 issues in 9 shell scripts.
[+] Found 3 successful emulated processes (user mode emulation).
[+] Found the following configuration issues:
Found 54 password related details via STACS (1 passwords cracked.)
Found 0 outdated certificates in 1 certificates.
Found 16 kernel modules with 0 licensing issues.
Found 0 interesting files and 1 files that could be useful for post-exploitation.
[+] Found 78 (99%) binaries without enabled RELRO in 79 binaries.
[+] Found 79 (100%) binaries without enabled NX in 79 binaries.
[+] Found 29 (37%) binaries without enabled PIE in 79 binaries.
[+] Found 43 (54%) stripped binaries without symbols in 79 binaries.
[+] Found 95 usages of strcpy in 79 binaries.
[+] STRCPY - top 10 results:
16 : iwpriv : common linux file: yes | No RELRO | Canary | NX disabled | Symbols | No Networking |
16 : iwlist : common linux file: yes | No RELRO | Canary | NX disabled | Symbols | No Networking |
16 : iwgetid : common linux file: yes | No RELRO | Canary | NX disabled | Symbols | No Networking |
12 : liblogserver.so : common linux file: no | No RELRO | Canary | NX disabled | No Symbols | Networking |
11 : libIOTCAPIs.so : common linux file: no | No RELRO | Canary | NX disabled | No Symbols | Networking |
6 : libcrypto.so.1. : common linux file: yes | No RELRO | Canary | NX disabled | No Symbols | Networking |
4 : libaudioProcess : common linux file: no | No RELRO | Canary | NX disabled | Symbols | No Networking |
3 : libmp.so : common linux file: no | No RELRO | Canary | NX disabled | Symbols | No Networking |
2 : miio_client : common linux file: no | No RELRO | Canary | NX disabled | No Symbols | Networking |
2 : libsysutils.so : common linux file: no | No RELRO | Canary | NX disabled | Symbols | No Networking |
[*] Identified the following software inventory, vulnerabilities and exploits:
[+] Found version details: sed : 4.0 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: mtd-utils : 1.5.2 : CVEs: 0 : Exploits: 0 : Source: UEMU
[+] Found version details: iperf : 2.0.2 : CVEs: 0 : Exploits: 0 : Source: STAT/UEMU
[+] Found version details: busybox : 1.22.1 : CVEs: 18 : Exploits: 15 : Source: STAT/UEMU
[+] Found version details: libcurl : 7.36.0 : CVEs: 33 : Exploits: 13 : Source: STAT
[+] Found version details: udhcp : 1.22.1 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: wpa_cli : 2.5 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: openssl : 1.0.2f : CVEs: 57 : Exploits: 47 : Source: STAT
[+] Found version details: openssl : 1.0.0 : CVEs: 80 : Exploits: 30 : Source: STAT
[+] Found version details: kernel : 3.10.14 : CVEs: 1394 : Exploits: 278 : Source: STAT
[+] Identified 10 software components with version details.
[+] Identified 1582 CVE entries.
Identified 538 High rated CVE entries / Exploits: 195
Identified 965 Medium rated CVE entries / Exploits: 160
Identified 79 Low rated CVE entries /Exploits: 15
370 possible exploits available (16 Metasploit modules).
Remote exploits: 0 / Local exploits: 24 / DoS exploits: 10 / Github PoCs: 318 / Known exploited vulnerabilities: 4 / Verified Exploits: 0