From 9a83b1bcd7f98372c7b1bc48d95c6dc2ca18562c Mon Sep 17 00:00:00 2001
From: David Westgate <davidjwestgate@gmail.com>
Date: Tue, 21 May 2024 15:35:05 -0700
Subject: [PATCH] update

---
 hw3/hw3.md | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/hw3/hw3.md b/hw3/hw3.md
index b56842e..f1f10d0 100644
--- a/hw3/hw3.md
+++ b/hw3/hw3.md
@@ -100,7 +100,7 @@ Bookworm is running rtmp and sun-answerbook services. This is interesting. I wil
 ### Open ports and services on khadas
 Upon scanning, the machine with MAC 70:F7:54:FF:1C:59 revealed its hostname as Khadas and has a port for ipp (printing) service open
 
-ssh connection can be made to khadas with default credentials (root/khadas)
+ssh connection can be made to khadas with default credentials (root/khadas). This is interesting, but I did not find anything related to this assigmnet while exploring the khadas file system. 
 
 ![khadas-scan](./khadas-scan.png)
 
@@ -109,17 +109,11 @@ The only interesting service running here is ssh. Moving on
 
 ![rpi-trading](./rpi-trading.png)
 
-### Access the RTMP(RTSP in assignment) stream
+### Access the RTSP stream
 
-As shown above, I have discovered an rtmp network video stream on the bookworm device. My research shows the stream url likely consists of a format like rtmp://192.168.0.139:1935/${path}/${key}
-I have tried various things to recover the stream url path and key. It seems like the path may be 'live', but I cannot figure out the key
-* Guess random plausible stream keys or default keys common on raspberry pi cameras
-* Try to see if the media stream is actually RTSP and not RTMP (it's on an rtmp port, but assignment suggests it should be rtsp)
-* brute force stream keys with a bash script using ffmpeg and rockyou.txt
-* poke around khadas (root and khadas user) to see any reference to rtmp streams
-* perform de-auth attack and try to capture handshakes on 802.11 to see if I can get the datagrams (via wireshark) for any clients who many be streaming from the stream (which streams would include the path and key)
+So far, it seems the RTSP stream likely resides on bookworm. I first explored the server on port 1935, testing RTMP and RTSP streaming, as well as HTTP requests but I did not find a feed.
 
-For now, this is as far as I have come
+I then tested the service on port 8888. It appears to be running an HTTP server, so I will take a look at this in a browser
 
 #### Screenshot - TODO