Originally posted by starshipeleven
View Post
If we imagine I'm attacking and I'm pretty serious about pwning you via BMC firmware I write, I would do e.g. memscan from time to time in my firmware, seeking for some distinct pattern telling it likely a control packet. Once found, you can parse control packet and do whatever it tells to. It is not even big deal how this control packet appeared in memory. Be it file in buffer or network packet - who really cares? When these pests will get idea (hint, hint, lets pwn "decent admins" as well, they are interesting targets!), I wonder how they are going to explain it. Advanced Driver/OS Independent Wake On Lan bugz? XD
Comment