🖥️
Offensive security concepts
  • Introduction
  • 💿Virtualbox network setup
    • What is VirtualBox?
    • NAT
    • NAT network
    • Bridged adapter
    • Internal network
    • pfSense
    • vboxmanage
    • Overview
  • 🕵️OSINT
    • What is OSINT?
    • Google dorks
    • Metadata
    • Social media
      • osintagram
  • Tools
    • recon-ng
    • sherlock
    • maltego
    • theHarvester
    • photon
  • 😨Social Engineering
    • What is social engineering?
    • 7 tricks of social engineering
    • Email phishing
    • Typosquatting
    • Compiled resources
  • 😈MitM attack
    • What is MitM attack?
    • ARP spoof/poison
    • DNS spoof/poison
    • HTTP MitM attack
    • ICMP redirect attack
    • DHCP spoofing
    • Evil twin attack
    • Experiment (guest network)
    • Compiled resources
  • 🔌UPnP exploitation
    • What is UPnP?
    • What is SSDP?
    • IGD functions
    • LAN devices
    • Compiled resources
  • 🪚Network hacking
    • What is network hacking?
  • 1️⃣Network live host discovery
    • What is network live host discovery?
    • nmap
    • arp-scan
    • masscan
  • 2️⃣Network port scan/services enumeration
    • What is network port scan/services enumeration?
    • nmap
    • netcat
  • 3️⃣Network services vulnerability scanning & exploitation
    • What is network vulnerability scanning/exploitation?
    • 20/21 ~ FTP
    • 22 ~ SSH
    • 25 ~ SMTP
    • 53 ~ DNS
    • 80/443 ~ HTTP/HTTPS
    • 110 ~ POP3
    • 111/2049 ~ RPC/NFS
    • 139/445 ~ SMB
    • 143 ~ IMAP
    • 3389 ~ RDP
  • Vulnerability & exploitation
    • Database
    • Metasploit
    • Msfvenom
  • Misconfigurations
    • .DS_Store
  • Web Hacking
    • Introduction
    • Directories/URLs gathering
    • Subdomain enumeration
    • File inclusion & Path traversal
    • Insecure Direct Object Reference (IDOR)
    • Upload vulnerabilities
      • File extension cheat-sheet
    • SSRF
    • XSS
    • SQL injection
  • OWASP Top 10
  • General web knowledge
    • URI standard (RFC 3986)
    • HTTP headers
  • Webshell
  • Web API pentesting
    • jq
    • httpx
    • ParamSpider
  • Web app pentesting methodology
  • 🛣️Attacks on routing protocols
    • What are attacks on routing protocols?
    • BGP hijacking
  • 🏕️To explore
    • MQTT
    • Routersploit
    • DNS rebinding attack
    • LLMNR/mDNS poisoning
  • 👤Anonymity
    • VPN
    • Proxychains
    • TOR
    • Obfuscation
  • Credentials brute-force/cracking
    • Introduction
    • Windows SAM database
    • Dictionary attack
    • Rainbow attack
      • Hash database
    • Tools
      • Hydra
      • John the ripper
      • hash-identifier
  • Post-exploitation
    • Gaining shell
      • netcat
      • socat
      • powershell
      • bash
      • PHP
    • Repository
  • Privilege escalation
    • Linux
      • Repositories
      • Enumeration
      • Vulnerabilities exploit
        • General
        • Kernel exploit
        • Sudo
        • SUID
        • Capabilities
        • Cronjobs
        • $PATH
        • NFS
    • Windows
      • Password harvesting
      • Vulnerabilities exploit
        • Scheduled tasks
        • AlwaysInstallElevated
        • Service misconfigurations
          • Insecure permissions on service executable
          • Unquoted service path
          • Insecure service permission
        • Abusing privileges
  • Ⓜ️MITRE ATT&CK
    • Introduction
  • 🧰Tools/services
    • Introduction
    • Web hacking
      • Password brute-forcing
      • Web fuzzing
      • Burp Suite (Community)
      • nikto
    • Information gathering/reconnaissance
    • Network hacking
      • nmap (general overview)
      • scapy
      • bettercap
    • General
      • impacket
    • Wordlists
      • cewl
  • Professional report writing
    • OSCP
      • Report layout
      • Note taking on-the-go
  • Practice
    • Metasploitable 2
    • ...
  • Write-ups
    • TryHackMe
      • Silver Platter
      • Light
      • OWASP Top 10 - 2021 (task 22)
      • Pickle Rick
    • OverTheWire
      • Untitled
    • OWASP juice shop
  • AI prompt
    • ChatGPT
Powered by GitBook
On this page
  1. UPnP exploitation

What is UPnP?

What is Universal Plug and Play (UPnP), and what are the associated vulnerabilities and exploitation?

Universal Plug and Play (or some may call it Universal Pwn and Play) is a service that allows devices on the same network to discover and interact with each other using standard networking protocols such as TCP and UDP, without any prior configurations.

UPnP can also be utilized to view and modify router configurations, such as the following:

  1. Retrieve firewall port mapping configurations

  2. Modify firewall port mapping configurations

  3. Modify DNS server configurations

  4. Terminate connections

PreviousCompiled resourcesNextWhat is SSDP?

Last updated 9 months ago

🔌