This repository holds interesting bits and pieces related to research I performed on wireless presentation devices manufactured by Awindinc and OEM'ed to multiple manufacturers.
The repository is split into these subsections:
- hardware - hardware hacking stuff, mostly for MMC dumping and pinout documentation
- networking - PIN code bruteforcer, custom Nmap scripts and fingerprints
- exploits - Metasploit modules and Python-based exploits.
The following devices were OEM'ed by Awind and are therefore affected by the same issues.
- Crestron Airmedia AM-100
- Crestron Airmedia AM-101
- Awind wePresent WiPG-1000
- Awind wePresent WiPG-1500
- Awind wePresent WiPG-2000
- Barco WiPG-1000
- Barco WiPG-1600w
- Barco WiCS-2100
- Newline Trucast 1
- Newline Trucast 2
- Newline Trucast 3
- InFocus Liteshow 1
- InFocus Liteshow 2
- InFocus Liteshow 3
- InFocus Liteshow 4
- Black Box Network Services WPS
- Black Box Network Services WPS-Interactive
- Black Box Network Services WPS-IPro2
- Extron ShareLink 200
- Extron ShareLink 250 W
- Haworth WPS
- Teqavit WiPS710-ENT
- Teqavit WiPS710-EDU
- Teqavit WiPS710-NET
- Teqavit WiD510-EDU
- Teqavit WiD510-ENT
- Teqavit WiD510-NET
This list is non-exhaustive as it is based on devices observed on the public Internet. If you are aware of other brand/model, just shoot me an email.
Default credentials exported from installation manuals.
| Manufacturer | Username | Password |
|---|---|---|
| Airmedia | admin | admin |
| Extron | admin | configure |
| Teqavit | admin | Admin&11 |
| Infocus | admin | admin |
| Barco | admin | admin |
| Newline | admin | admin |
- Man-in-the-conference-room - Part I (Intro)
- Man-in-the-conference-room - Part II (Hardware Hacking)
- Man-in-the-conference-room - Part III (Network Assessment)
- Man-in-the-conference-room - Part IV (Vulnerability Research & Development)
- Man-in-the-conference-room - Part V (Huntin OEMs)
- Man-in-the-conference-room - Part VI (Conclusion)