module
Linksys WRT54GL Remote Command Execution
| Disclosed | Created |
|---|---|
| 01/18/2013 | 05/30/2018 |
Disclosed
01/18/2013
Created
05/30/2018
Description
Some Linksys Routers are vulnerable to OS Command injection.
You will need credentials to the web interface to access the vulnerable part
of the application.
Default credentials are always a good starting point. admin/admin or admin
and blank password could be a first try.
Note: This is a blind OS command injection vulnerability. This means that
you will not see any output of your command. Try a ping command to your
local system and observe the packets with tcpdump (or equivalent) for a first test.
Hint: To get a remote shell you could upload a netcat binary and exec it.
WARNING: this module will overwrite network and DHCP configuration.
You will need credentials to the web interface to access the vulnerable part
of the application.
Default credentials are always a good starting point. admin/admin or admin
and blank password could be a first try.
Note: This is a blind OS command injection vulnerability. This means that
you will not see any output of your command. Try a ping command to your
local system and observe the packets with tcpdump (or equivalent) for a first test.
Hint: To get a remote shell you could upload a netcat binary and exec it.
WARNING: this module will overwrite network and DHCP configuration.
Author
Michael Messner
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/admin/http/linksys_wrt54gl_exec
msf /(c) > show actions
...actions...
msf /(c) > set ACTION < action-name >
msf /(c) > show options
...show and set options...
msf /(c) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.