You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/generic-methodologies-and-resources/pentesting-wifi/README.md
+22Lines changed: 22 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -911,8 +911,30 @@ These methods, particularly PIN entry, are susceptible to the same vulnerabiliti
911
911
912
912
**EvilDirect Hijacking** is an attack specific to Wi-Fi Direct. It mirrors the concept of an Evil Twin attack but targets Wi-Fi Direct connections. In this scenario, an attacker impersonates a legitimate group owner with the aim of deceiving devices into connecting to a malicious entity. This method can be executed using tools like `airbase-ng` by specifying the channel, ESSID, and MAC address of the impersonated device:
Some consumer IoT relays/controllers keep the commissioning **open AP** active after joining the IoT WLAN (e.g., Shelly Gen4 SSIDs starting with `Shelly`). The device stays **dual-homed**: an AP interface with default IP `192.168.33.1` plus a client interface on the internal WLAN.
917
+
918
+
**Abuse flow (Wi‑Fi proximity required):**
919
+
920
+
1. Join the provisioning AP, obtain a DHCP lease, and browse the **AP-side HTTP API**.
921
+
2. Trigger relays via unauthenticated endpoints, e.g. `http://192.168.33.1/relay/0?turn=on` (door/gate/garage impact). Firmware upload endpoints can add persistence.
922
+
3. Use it as a **pivot**: Shelly scripting can send HTTP from the internal interface to other LAN hosts. Example pivot to another Shelly at `10.0.98.221`:
923
+
```javascript
924
+
Shelly.addEventHandler(function (event) {
925
+
if (event.component === "switch:0"&& event.info.state) {
0 commit comments