Praetorian on exploiting MIPS devices, part 1

The Praetorian security blog has a very detailed and well-written blog post of a MIPS-based system, showing/discussing multiple tools (BowCaster, QIRA, BinWalk, Radare, …). And there is a Part 2 in the works!

Reversing and Exploiting Embedded Devices: The Software Stack (Part 1)
Over the course of the past few months I’ve been traveling around educating people on exploiting embedded devices. My slides alone aren’t able to provide enough information, so I wanted to write everything out for people to digest online. The following blog post is “Part 1”, which will introduce the reader to the software side of embedded devices. I decided to cover software first since most flaws reside within the software stack, ranging from binary applications to drivers. Part 2 will cover the Hardware stack with a focus on educating the reader on how JTAG actually works and how to leverage Hardware modifications to either bypass password protections or to extract secrets that may be baked into the targeted device. […]

https://www.praetorian.com/blog/reversing-and-exploiting-embedded-devices-part-1-the-software-stack

Bowcaster Exploit Development Framework, for MIPS

Zachary Cutlip has written an exploit framework for MIPS:

The Bowcaster Exploit Development Framework, implemented in Python, is intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc.  Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures.

https://github.com/zcutlip/bowcaster
https://github.com/zcutlip/exploit-poc/tree/master/dlink/dir-815-a1/hedwig_cgi_httpcookie