All Projects → tenable → Router_badusb

tenable / Router_badusb

BadUSB in Routers

Programming Languages

shell
77523 projects

Projects that are alternatives of or similar to Router badusb

Linux Router
Set Linux as router in one command. Support Internet sharing, redsocks, Wifi hotspot, IPv6. Can also be used for routing VM/containers
Stars: ✭ 129 (-16.77%)
Mutual labels:  router
Foxify
The fast, easy to use & typescript ready web framework for Node.js
Stars: ✭ 138 (-10.97%)
Mutual labels:  router
Vue Stack Router
Vue Stack Router
Stars: ✭ 146 (-5.81%)
Mutual labels:  router
React Resource Router
Configuration driven routing solution for React SPAs that manages route matching, data fetching and progressive rendering
Stars: ✭ 136 (-12.26%)
Mutual labels:  router
Esp slip router
A SLIP to WiFi router
Stars: ✭ 135 (-12.9%)
Mutual labels:  router
Dowse
The Awareness Hub for the Internet of Things
Stars: ✭ 139 (-10.32%)
Mutual labels:  router
Luthier Ci
Improved routing, middleware support, authentication tools and more for CodeIgniter 3 framework
Stars: ✭ 129 (-16.77%)
Mutual labels:  router
Redux Saga Router
A router for Redux Saga
Stars: ✭ 153 (-1.29%)
Mutual labels:  router
Grip
The microframework for writing powerful web applications.
Stars: ✭ 137 (-11.61%)
Mutual labels:  router
Nextjs Dynamic Routes
[Deprecated] Super simple way to create dynamic routes with Next.js
Stars: ✭ 145 (-6.45%)
Mutual labels:  router
Router5
Flexible and powerful universal routing solution
Stars: ✭ 1,704 (+999.35%)
Mutual labels:  router
Decouplingkit
decoupling between modules in your iOS Project. iOS模块化过程中模块间解耦方案
Stars: ✭ 136 (-12.26%)
Mutual labels:  router
Pimd
PIM-SM/SSM multicast routing for UNIX
Stars: ✭ 143 (-7.74%)
Mutual labels:  router
React Redux Bootstrap Webpack Starter
React 16.9 + Typescript + React-Router 4 + Redux + Bootstrap 4 + Hot Reload + redux-devtools-extension + Webpack 4 + styled-components STARTER
Stars: ✭ 133 (-14.19%)
Mutual labels:  router
Router
Router —— A substitute good of EventBus similar implemented by dynamic proxy
Stars: ✭ 147 (-5.16%)
Mutual labels:  router
Laravel Router
An organized approach to handling routes in Laravel.
Stars: ✭ 130 (-16.13%)
Mutual labels:  router
Pure Http
✨ The simple web framework for Node.js with zero dependencies.
Stars: ✭ 139 (-10.32%)
Mutual labels:  router
Familycloudspeederinshell
[ 天翼家庭云/天翼云盘提速 Shell 版 ] A Shell Implementation of FamilyCloudSpeeder, ESurfing
Stars: ✭ 154 (-0.65%)
Mutual labels:  router
Scene Router
A complete scene routing library for react native
Stars: ✭ 149 (-3.87%)
Mutual labels:  router
Yrv
Your routing! (for Svelte)
Stars: ✭ 143 (-7.74%)
Mutual labels:  router

BadUSB in Routers

Material found in this repository was originally presented at BSides Dublin on March 23, 2019. The slides are included here in pdf format.

This repository contains configuration files for P4wnP1, a BadUSB framework for the Raspberry Pi. The configuration files allow an attacker to execute BadUSB style attacks on certain routers.

The following hardware and software were used for the BadUSB attacks:


mikrotik_mitm

The mikrotik_mitm directory contains configuration files to man-in-the-middle outbound traffic from RouterOS LAN hosts. The configuration files were tested using RouterOS on an hAP using default configurations on 6.44.1 Stable. Presumably, it works on any RouterOS based router that supports 4g USB functionality. The attack will cause all internet bound traffic to be routed to the Raspberry Pi plugged into the USB port. The Pi will forward all of the internet traffic to a remote VPN server.

PoC Video:

PoC Video

As written the "remote" VPN server is at 192.168.1.64. If you are going to try this out for yourself, you'll need to adjust the openvpn connection and possibly the iptables / dhcp options depending on where your VPN server is. The VPN server configuration is fairly simple:

sudo sysctl -w net.ipv4.ip_forward=1
sudo openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --auth none
sudo iptables -I FORWARD -i tun0 -j ACCEPT
sudo iptables -I FORWARD -i tun0 -o ACCEPT
sudo iptables -t nat -A POSTROUTING -j MASQUERADE

As mentioned, RouterOS will recognize the USB device using the default configuration. However! For some reason, the router won't recognize the Pi until you first plug in something else. You only have to do it once and then you are good until the router reboots. I'm not sure of the root cause of this. I've been using this ethernet adapter (you can find it on Amazon):


mikrotik_wan_lan_access

This is a non-mitm version of the MikroTik attack. The Pi will be assigned 192.168.4.1 and it should have access to both the WAN and LAN. LAN devices should also be able to reach the Pi. This is kind of useful if you just want to plug in your Pi as some type of local server... or if you want a reverse shell out to the internet.


asus_bsides_routing_table

The asus_bsides_routing_table directory contains configuration files to hijack traffic bound for http://securitybsides.com. The attack relies on the ability of the USB WAN to insert arbitrary entries into the router's routing table via DHCP options.

This attack was tested against an Asus RT-AC51U with load balancing dual WAN configured.

PoC Video:

PoC Video


Traditional Attacks over IP

A variety of routers support printer sharing (Netgear, Linksys, and TP-Link). The way this works is that you plug your USB printer into the router and then you install client software on your LAN host which gives it the ability to talk to the printer via the router.

I've found that the router/client software will actually communicate with pretty much any USB device. For whatever reason, the device makers didn't limit the functionality to printers only.

As such, an attacker can execute any of the normal payloads that come with P4wnP1. In my PoC video, I'm using hid_keyboard2.txt. The downside to this attack is that it requires special software be installed and that the user actually click "connect".

PoC Video:

PoC Video

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].