Didn't think this fit anywhere else, hopefully someone already saw this - VERY helpful :)
GTVhacker Pogoplug Mobile
GTVhacker Pogoplug Mobile
The PogoPlug has an open bootloader and its kernel drops to a root shell making this a very open device. On top of that a user is also able to enable a SSHD server if they visit My.PogoPlug.com and enable it. Enabling SSHD not only sets dropbear to start on boot but also forces the user to change the root password. This however is only offered if a user opts to setup SSHD. This leaves a lot of users with a default root password, but seemingly without any services running that could use it. Lucky for us a diagnostic page runs on every pogoplug and can be accessed at:https://IP-OF-POGOPLUG-MOBILE/sqdiag/
This diagnostic pages uses the root credentials as its login/password.
After accessing this diagnostic page you will need to access the hidden command execution portion. This can be access by visiting the following
https://root:ceadmin@IP-OF-POGOPLUG-MOBILE/sqdiag/HBPlug?action=command
After visiting the above URL you should now have an input field that you can enter in any command which will execute with root privileges.
Accessing from CURL The below command will test a PogoPlug for the default login and command execution script. For a quick test substitute COMMANDHERE with reboot.
POC:
curl -k "https://root:ceadmin@IP-OF-POGOPLUG-MOBILE/sqdiag/HBPlug?action=command&command=COMMANDHERE"
Below are the default root credentials for the PogoPlug, these are only changed if a user enables SSHD through the PogoPlug cloud interface. Username: root Password: ceadmin
