简介
Routersploit是一款集成了很多路由器已存在漏洞的工具,用python编写。可以快速扫描路由器存在的漏洞且可以快速利用漏洞攻击路由器。 其实和MSF(metasploit framework)相似,用法也基本一样。
kali安装
利用 apt-get 安装:
代码语言:javascript复制apt-get update
apt-get install routersploit
pip3 install routersploit
Bash
利用 git 安装:
代码语言:javascript复制git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
Bash
本人用第一种方式安装,方便快捷。
详解
模块功能介绍
模块名 | 功能 |
---|---|
exploits | 模块功能主要为识别到目标设备安全漏洞之后,对漏洞进行利用,实现提权等目的 |
creds | 模块功能主要针对网络服务的登录认证口令进行检测 |
scanners | 模块功能主要为检查目标设备是否存在可利用的安全漏洞 |
payloads | 负责为各种体系结构和注入点生成有效负载的模块 |
generic | 执行通用攻击的模块 |
命令介绍
show 模块名 | 显示该模块下存在的详细子模块列表(只能是上诉几个模块名) |
---|---|
show option | 显示参数设置 |
use 模块名 | 使用该模块 |
set 参数名 值 | 给参数设置值 |
run | 运行模块 |
search 查询内容 | 模糊查询模块 |
scanners模块
扫描路由器是否存在已知漏洞。
代码语言:javascript复制┌──(root㉿kali)-[~/Desktop]
└─# routersploit #进入routersploit 命令控制台
______ _ _____ _ _ _
| ___ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __ `--. _ __ | | ___ _| |_
| // _ | | | | __/ _ '__|`--. '_ | |/ _ | | __|
| | (_) | |_| | || __/ | /__/ / |_) | | (_) | | |_
_| ____/ __,_|_____|_| ____/| .__/|_|___/|_|__|
| |
Exploitation Framework for |_| by Threat9
Embedded Devices
Codename : I Knew You Were Trouble
Version : 3.4.1
Homepage : https://www.threat9.com - @threatnine
Join Slack : https://www.threat9.com/slack
Join Threat9 Beta Program - https://www.threat9.com
Exploits: 132 Scanners: 4 Creds: 171 Generic: 4 Payloads: 32 Encoders: 4
rsf > use scanners/ #使用scanners模块,按 tab 键补全,再按可以查看子模块列表
scanners/autopwn scanners/cameras/ scanners/misc/ scanners/routers/
rsf > use scanners/autopwn #使用scanners模块下的autopwn模块,autopwn是一个自动扫描模块
rsf (AutoPwn) > show options #查看模块参数设置,发现需要设置target参数
Target options:
Name Current settings Description
---- ---------------- -----------
target Target IPv4 or IPv6 address
Module options:
Name Current settings Description
---- ---------------- -----------
vendor any Vendor concerned (default: any)
http_use true Check HTTP[s] service: true/false
http_ssl false HTTPS enabled: true/false
ftp_use true Check FTP[s] service: true/false
ftp_ssl false FTPS enabled: true/false
ssh_use true Check SSH service: true/false
telnet_use true Check Telnet service: true/false
snmp_use true Check SNMP service: true/false
threads 8 Number of threads
rsf (AutoPwn) > set target 192.168.1.1 #设置target参数为路由器地址192.168.1.1,可以使用IP命令查看
[ ] target => 192.168.1.1
rsf (AutoPwn) > run #运行模块
[*] Running module scanners/autopwn...
[*] 192.168.1.1 Starting vulnerablity check...
[-] 192.168.1.1:80 http exploits/generic/heartbleed is not vulnerable
[*] 192.168.1.1:80 http exploits/routers/shuttle/915wm_dns_change Could not be verified
[-] 192.168.1.1:80 http exploits/routers/huawei/hg530_hg520b_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/bhu/bhu_urouter_rce is not vulnerable
[*] 192.168.1.1:80 http exploits/routers/billion/billion_5200w_rce Could not be verified
[-] 192.168.1.1:80 http exploits/routers/huawei/e5331_mifi_info_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/huawei/hg866_password_change is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/billion/billion_7700nr4_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/ubiquiti/airos_6_x is not vulnerable
[-] 192.168.1.1:21 ftp exploits/routers/technicolor/tg784_authbypass is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/technicolor/tc7200_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/generic/shellshock is not vulnerable
[*] 192.168.1.1:80 http exploits/routers/asus/asuswrt_lan_rce Could not be verified
[-] 192.168.1.1:22 ssh exploits/generic/ssh_auth_keys is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/asus/rt_n16_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/technicolor/tc7200_password_disclosure_v2 is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/technicolor/dwg855_authbypass is not vulnerable
[*] 192.168.1.1:23 custom/tcp exploits/routers/cisco/catalyst_2960_rocem Could not be verified
[-] 192.168.1.1:80 http exploits/routers/netsys/multi_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/cisco/dpc2420_info_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/cisco/firepower_management60_path_traversal is not vulnerable
[*] 192.168.1.1:80 http exploits/routers/cisco/secure_acs_bypass Could not be verified
[-] 192.168.1.1:80 http exploits/routers/cisco/unified_multi_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/cisco/firepower_management60_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/linksys/wrt100_110_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/linksys/smartwifi_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/cisco/ucs_manager_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/linksys/1500_2500_rce is not vulnerable
[*] 192.168.1.1:80 http exploits/routers/3com/officeconnect_rce Could not be verified
[-] 192.168.1.1:80 http exploits/routers/linksys/eseries_themoon_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/linksys/wap54gv3_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/3com/imc_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/3com/ap8760_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/comtrend/ct_5361t_password_disclosure is not vulnerable
[*] 192.168.1.1:80 http exploits/routers/netgear/dgn2200_dnslookup_cgi_rce Could not be verified
[-] 192.168.1.1:80 http exploits/routers/netgear/n300_auth_bypass is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/netgear/multi_password_disclosure-2017-5521 is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/3com/officeconnect_info_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/netgear/wnr500_612v3_jnr1010_2010_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/3com/imc_info_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/netgear/jnr1010_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/netgear/prosafe_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/netgear/dgn2200_ping_cgi_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/netgear/multi_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/netgear/r7000_r6400_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/tplink/wdr740nd_wdr740n_backdoor is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/tplink/wdr740nd_wdr740n_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/tplink/archer_c2_c20i_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/ipfire/ipfire_shellshock is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/ipfire/ipfire_proxy_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/ipfire/ipfire_oinkcode_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dgs_1510_add_user is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dir_300_600_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dsl_2750b_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dsp_w110_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dwl_3200ap_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dir_850l_creds_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dcs_930l_auth_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dsl_2750b_info_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dsl_2730_2750_path_traversal is not vulnerable
[*] 192.168.1.1:80 http exploits/routers/dlink/dsl_2640b_dns_change Could not be verified
[-] 192.168.1.1:80 http exploits/routers/dlink/dir_300_320_600_615_info_disclosure is not vulnerable
[*] 192.168.1.1:1900 custom/udp exploits/routers/dlink/dir_815_850l_rce Could not be verified
[-] 192.168.1.1:80 http exploits/routers/dlink/dvg_n5402sp_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dir_300_320_615_auth_bypass is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dir_645_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/multi_hedwig_cgi_exec is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dwr_932_info_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dns_320l_327l_rce is not vulnerable
[*] 192.168.1.1:80 http exploits/routers/dlink/dsl_2740r_dns_change Could not be verified
[-] 192.168.1.1:80 http exploits/routers/dlink/dir_645_815_rce is not vulnerable
[*] 192.168.1.1:80 http exploits/routers/dlink/dsl_2730b_2780b_526b_dns_change Could not be verified
[-] 192.168.1.1:80 http exploits/routers/dlink/multi_hnap_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dir_8xx_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/dlink/dir_825_path_traversal is not vulnerable
[-] 192.168.1.1:22 ssh exploits/routers/mikrotik/routeros_jailbreak is not vulnerable
[-] 192.168.1.1:8291 custom/tcp exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/belkin/g_plus_info_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/belkin/g_n150_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/belkin/auth_bypass is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/belkin/play_max_prce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/belkin/n750_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/belkin/n150_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/zyxel/d1000_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/zyxel/p660hn_t_v1_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/zyxel/p660hn_t_v2_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/zyxel/d1000_wifi_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/zyxel/zywall_usg_extract_hashes is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/multi/rom0 is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/multi/misfortune_cookie is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/cisco/ios_http_authorization_bypass is not vulnerable
[-] 192.168.1.1:32764 custom/tcp exploits/routers/multi/tcp_32764_info_disclosure is not vulnerable
[-] 192.168.1.1:32764 custom/tcp exploits/routers/multi/tcp_32764_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/2wire/gateway_auth_bypass is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/2wire/4011g_5012nv_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/multi/gpon_home_gateway_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/thomson/twg850_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/asmax/ar_804_gu_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/asmax/ar_1004g_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/zte/f460_f660_backdoor is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/zte/zxhn_h108n_wifi_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/zte/zxv10_rce is not vulnerable
[-] 192.168.1.1:22 ssh exploits/routers/fortinet/fortigate_os_backdoor is not vulnerable
[-] 192.168.1.1:80 http exploits/routers/movistar/adsl_router_bhs_rta_path_traversal is not vulnerable
[-] 192.168.1.1:23 telnet exploits/cameras/grandstream/gxv3611hd_ip_camera_sqli is not vulnerable
[-] 192.168.1.1:23 telnet exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/siemens/cvms2025_credentials_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/avigilon/videoiq_camera_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/cisco/video_surv_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/mvpower/dvr_jaws_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/xiongmai/uc_httpd_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/honeywell/hicc_1100pt_password_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/brickcom/corp_network_cameras_conf_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/brickcom/users_cgi_creds_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/dlink/dcs_930l_932l_auth_bypass is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/multi/P2P_wificam_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/multi/P2P_wificam_credential_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/multi/dvr_creds_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/multi/netwave_ip_camera_information_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/cameras/jovision/jovision_credentials_disclosure is not vulnerable
[-] 192.168.1.1:80 http exploits/misc/asus/b1m_projector_rce is not vulnerable
[-] 192.168.1.1:80 http exploits/misc/miele/pg8528_path_traversal is not vulnerable
[-] 192.168.1.1:80 http exploits/misc/wepresent/wipg1000_rce is not vulnerable
[-] 192.168.1.1:43690 custom/udp exploits/routers/huawei/hg520_info_disclosure is not vulnerable
[-] 192.168.1.1:53413 custom/udp exploits/routers/netcore/udp_53413_rce is not vulnerable
[-] 192.168.1.1:69 custom/udp exploits/routers/cisco/ucm_info_disclosure is not vulnerable
[-] 192.168.1.1:1900 custom/udp exploits/routers/dlink/dir_300_645_815_upnp_rce is not vulnerable
[-] 192.168.1.1:39889 custom/udp exploits/routers/dlink/dwr_932b_backdoor is not vulnerable
[-] 192.168.1.1:22 snmp exploits/routers/thomson/twg849_info_disclosure is not vulnerable
[-] 192.168.1.1:9999 custom/udp exploits/routers/asus/infosvr_backdoor_rce is not vulnerable
[*] Elapsed time: 40.6700 seconds
[*] 192.168.1.1 Starting default credentials check...
[-] 192.168.1.1:22 ssh creds/generic/ssh_default is not vulnerable
[-] 192.168.1.1:80 http creds/routers/pfsense/webinterface_http_form_default_creds is not vulnerable
[-] 192.168.1.1:21 ftp creds/generic/ftp_default is not vulnerable
[-] 192.168.1.1:23 telnet creds/generic/telnet_default is not vulnerable
[-] 192.168.1.1:80 http creds/generic/http_basic_digest_default is not vulnerable
[-] 192.168.1.1:80 http creds/cameras/axis/webinterface_http_auth_default_creds is not vulnerable
[-] 192.168.1.1:80 http creds/cameras/acti/webinterface_http_form_default_creds is not vulnerable
[-] 192.168.1.1:80 http creds/cameras/basler/webinterface_http_form_default_creds is not vulnerable
[-] 192.168.1.1:80 http creds/cameras/canon/webinterface_http_auth_default_creds is not vulnerable
[-] 192.168.1.1:80 http creds/routers/asmax/webinterface_http_auth_default_creds is not vulnerable
[-] 192.168.1.1:80 http creds/cameras/brickcom/webinterface_http_auth_default_creds is not vulnerable
[*] Elapsed time: 0.0900 seconds
[*] 192.168.1.1 Could not verify exploitability:
- 192.168.1.1:80 http exploits/routers/shuttle/915wm_dns_change
- 192.168.1.1:80 http exploits/routers/billion/billion_5200w_rce
- 192.168.1.1:80 http exploits/routers/asus/asuswrt_lan_rce
- 192.168.1.1:23 custom/tcp exploits/routers/cisco/catalyst_2960_rocem
- 192.168.1.1:80 http exploits/routers/cisco/secure_acs_bypass
- 192.168.1.1:80 http exploits/routers/3com/officeconnect_rce
- 192.168.1.1:80 http exploits/routers/netgear/dgn2200_dnslookup_cgi_rce
- 192.168.1.1:80 http exploits/routers/dlink/dsl_2640b_dns_change
- 192.168.1.1:1900 custom/udp exploits/routers/dlink/dir_815_850l_rce
- 192.168.1.1:80 http exploits/routers/dlink/dsl_2740r_dns_change
- 192.168.1.1:80 http exploits/routers/dlink/dsl_2730b_2780b_526b_dns_change
[-] 192.168.1.1 Could not confirm any vulnerablity
[-] 192.168.1.1 Could not find default credentials
rsf (AutoPwn) > #运行结束,可以看到输出很多信息,[ ]存在漏洞[-]漏洞不存在[*]无法确定
Bash
[ ] | 存在漏洞 |
---|---|
[-] | 漏洞不存在 |
[*] | 无法确定 |
exploits模块
检测 scanners 扫描到的漏洞,是否能利用。
代码语言:javascript复制┌──(root㉿kali)-[~/Desktop]
└─# routersploit
______ _ _____ _ _ _
| ___ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __ `--. _ __ | | ___ _| |_
| // _ | | | | __/ _ '__|`--. '_ | |/ _ | | __|
| | (_) | |_| | || __/ | /__/ / |_) | | (_) | | |_
_| ____/ __,_|_____|_| ____/| .__/|_|___/|_|__|
| |
Exploitation Framework for |_| by Threat9
Embedded Devices
Codename : I Knew You Were Trouble
Version : 3.4.1
Homepage : https://www.threat9.com - @threatnine
Join Slack : https://www.threat9.com/slack
Join Threat9 Beta Program - https://www.threat9.com
Exploits: 132 Scanners: 4 Creds: 171 Generic: 4 Payloads: 32 Encoders: 4
rsf > show exploits #显示exploits模块exp列表
exploits/cameras/grandstream/gxv3611hd_ip_camera_sqli
exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor
exploits/cameras/siemens/cvms2025_credentials_disclosure
exploits/cameras/avigilon/videoiq_camera_path_traversal
exploits/cameras/cisco/video_surv_path_traversal
exploits/cameras/mvpower/dvr_jaws_rce
exploits/cameras/xiongmai/uc_httpd_path_traversal
exploits/cameras/honeywell/hicc_1100pt_password_disclosure
exploits/cameras/brickcom/corp_network_cameras_conf_disclosure
exploits/cameras/brickcom/users_cgi_creds_disclosure
exploits/cameras/dlink/dcs_930l_932l_auth_bypass
exploits/cameras/multi/P2P_wificam_rce
exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal
exploits/cameras/multi/P2P_wificam_credential_disclosure
exploits/cameras/multi/dvr_creds_disclosure
exploits/cameras/multi/netwave_ip_camera_information_disclosure
exploits/cameras/jovision/jovision_credentials_disclosure
exploits/routers/huawei/hg866_password_change
exploits/routers/huawei/e5331_mifi_info_disclosure
exploits/routers/huawei/hg520_info_disclosure
exploits/routers/huawei/hg530_hg520b_password_disclosure
exploits/routers/bhu/bhu_urouter_rce
exploits/routers/shuttle/915wm_dns_change
exploits/routers/ubiquiti/airos_6_x
exploits/routers/netsys/multi_rce
exploits/routers/billion/billion_5200w_rce
exploits/routers/billion/billion_7700nr4_password_disclosure
exploits/routers/technicolor/tc7200_password_disclosure_v2
exploits/routers/technicolor/tc7200_password_disclosure
exploits/routers/technicolor/dwg855_authbypass
exploits/routers/technicolor/tg784_authbypass
exploits/routers/asus/rt_n16_password_disclosure
exploits/routers/asus/infosvr_backdoor_rce
exploits/routers/asus/asuswrt_lan_rce
exploits/routers/netcore/udp_53413_rce
exploits/routers/cisco/ucm_info_disclosure
exploits/routers/cisco/ucs_manager_rce
exploits/routers/cisco/unified_multi_path_traversal
exploits/routers/cisco/catalyst_2960_rocem
exploits/routers/cisco/firepower_management60_path_traversal
exploits/routers/cisco/dpc2420_info_disclosure
exploits/routers/cisco/ios_http_authorization_bypass
exploits/routers/cisco/secure_acs_bypass
exploits/routers/cisco/firepower_management60_rce
exploits/routers/linksys/1500_2500_rce
exploits/routers/linksys/wrt100_110_rce
exploits/routers/linksys/smartwifi_password_disclosure
exploits/routers/linksys/wap54gv3_rce
exploits/routers/linksys/eseries_themoon_rce
exploits/routers/3com/officeconnect_rce
exploits/routers/3com/imc_path_traversal
exploits/routers/3com/officeconnect_info_disclosure
exploits/routers/3com/imc_info_disclosure
exploits/routers/3com/ap8760_password_disclosure
exploits/routers/comtrend/ct_5361t_password_disclosure
exploits/routers/netgear/dgn2200_dnslookup_cgi_rce
exploits/routers/netgear/n300_auth_bypass
exploits/routers/netgear/multi_password_disclosure-2017-5521
exploits/routers/netgear/multi_rce
exploits/routers/netgear/wnr500_612v3_jnr1010_2010_path_traversal
exploits/routers/netgear/jnr1010_path_traversal
exploits/routers/netgear/prosafe_rce
exploits/routers/netgear/dgn2200_ping_cgi_rce
exploits/routers/netgear/r7000_r6400_rce
exploits/routers/tplink/wdr740nd_wdr740n_backdoor
exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure
exploits/routers/tplink/archer_c2_c20i_rce
exploits/routers/tplink/wdr740nd_wdr740n_path_traversal
exploits/routers/ipfire/ipfire_oinkcode_rce
exploits/routers/ipfire/ipfire_shellshock
exploits/routers/ipfire/ipfire_proxy_rce
exploits/routers/dlink/dir_300_645_815_upnp_rce
exploits/routers/dlink/dsl_2750b_rce
exploits/routers/dlink/dgs_1510_add_user
exploits/routers/dlink/dir_300_600_rce
exploits/routers/dlink/dsp_w110_rce
exploits/routers/dlink/dir_850l_creds_disclosure
exploits/routers/dlink/dwl_3200ap_password_disclosure
exploits/routers/dlink/dcs_930l_auth_rce
exploits/routers/dlink/dsl_2750b_info_disclosure
exploits/routers/dlink/dsl_2730_2750_path_traversal
exploits/routers/dlink/dir_300_320_600_615_info_disclosure
exploits/routers/dlink/dsl_2640b_dns_change
exploits/routers/dlink/dir_645_password_disclosure
exploits/routers/dlink/dir_815_850l_rce
exploits/routers/dlink/dvg_n5402sp_path_traversal
exploits/routers/dlink/dir_300_320_615_auth_bypass
exploits/routers/dlink/dwr_932_info_disclosure
exploits/routers/dlink/multi_hedwig_cgi_exec
exploits/routers/dlink/dns_320l_327l_rce
exploits/routers/dlink/dwr_932b_backdoor
exploits/routers/dlink/dsl_2740r_dns_change
exploits/routers/dlink/dir_645_815_rce
exploits/routers/dlink/dsl_2730b_2780b_526b_dns_change
exploits/routers/dlink/multi_hnap_rce
exploits/routers/dlink/dir_8xx_password_disclosure
exploits/routers/dlink/dir_825_path_traversal
exploits/routers/mikrotik/routeros_jailbreak
exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure
exploits/routers/belkin/g_plus_info_disclosure
exploits/routers/belkin/g_n150_password_disclosure
exploits/routers/belkin/auth_bypass
exploits/routers/belkin/play_max_prce
exploits/routers/belkin/n750_rce
exploits/routers/belkin/n150_path_traversal
exploits/routers/zyxel/d1000_rce
exploits/routers/zyxel/p660hn_t_v1_rce
exploits/routers/zyxel/p660hn_t_v2_rce
exploits/routers/zyxel/d1000_wifi_password_disclosure
exploits/routers/zyxel/zywall_usg_extract_hashes
exploits/routers/multi/rom0
exploits/routers/multi/misfortune_cookie
exploits/routers/multi/gpon_home_gateway_rce
exploits/routers/multi/tcp_32764_info_disclosure
exploits/routers/multi/tcp_32764_rce
exploits/routers/2wire/gateway_auth_bypass
exploits/routers/2wire/4011g_5012nv_path_traversal
exploits/routers/thomson/twg849_info_disclosure
exploits/routers/thomson/twg850_password_disclosure
exploits/routers/asmax/ar_804_gu_rce
exploits/routers/asmax/ar_1004g_password_disclosure
exploits/routers/zte/f460_f660_backdoor
exploits/routers/zte/zxhn_h108n_wifi_password_disclosure
exploits/routers/zte/zxv10_rce
exploits/routers/fortinet/fortigate_os_backdoor
exploits/routers/movistar/adsl_router_bhs_rta_path_traversal
exploits/generic/shellshock
exploits/generic/heartbleed
exploits/generic/ssh_auth_keys
exploits/misc/asus/b1m_projector_rce
exploits/misc/miele/pg8528_path_traversal
exploits/misc/wepresent/wipg1000_rce
rsf > use exploits/misc/wepresent/wipg1000_rce #使用名为wipg1000_rce的exp
rsf (WePresent WiPG-1000 RCE) > show options #查看参数列表,有ssl、target、port三个需要设置,其中ssl和port有默认值
Target options:
Name Current settings Description
---- ---------------- -----------
ssl false SSL enabled: true/false
target Target IPv4 or IPv6 address
port 80 Target HTTP port
Module options:
Name Current settings Description
---- ---------------- -----------
verbosity true Verbosity enabled: true/false
rsf (WePresent WiPG-1000 RCE) > set target 192.168.1.1 #设置target为192.168.1.1
[ ] target => 192.168.1.1
rsf (WePresent WiPG-1000 RCE) > show options #target设置成功
Target options:
Name Current settings Description
---- ---------------- -----------
ssl false SSL enabled: true/false
target 192.168.1.1 Target IPv4 or IPv6 address
port 80 Target HTTP port
Module options:
Name Current settings Description
---- ---------------- -----------
verbosity true Verbosity enabled: true/false
rsf (WePresent WiPG-1000 RCE) > set port 8080 #修改port默认值,改为8080
[ ] port => 8080
rsf (WePresent WiPG-1000 RCE) > show options #port修改成功
Target options:
Name Current settings Description
---- ---------------- -----------
ssl false SSL enabled: true/false
target 192.168.1.1 Target IPv4 or IPv6 address
port 8080 Target HTTP port
Module options:
Name Current settings Description
---- ---------------- -----------
verbosity true Verbosity enabled: true/false
rsf (WePresent WiPG-1000 RCE) > run #运行模块,提示不存在漏洞
[*] Running module exploits/misc/wepresent/wipg1000_rce...
[-] Exploit failed - exploit seems to be not vulnerable
rsf (WePresent WiPG-1000 RCE) >
Bash
其他模块
其他模块的使用与着两模块一样。
结束语
没有一个存在漏洞的环境,学习也比较困难,有时间试着搭一个环境再详细学习。(使用的真实环境)