Eir D1000 Wireless Router – WAN Side Remote Command Injection Exploit

# Exploit Title: Eir D1000 Wireless Router – WAN Side Remote Command Injection # Date: 7th November 2016 # Exploit Author: Kenzo # Website: https://devicereversing.wordpress.com # Tested on Firmware version: 2.00(AADU.5)_20150909 # Type: Webapps # Platform: Hardware Description =========== By sending certain TR-064 commands, we can instruct the modem to open port 80 on the firewall. This allows access … Read more

Exploiting unlinked content using DirBuster, PHP Include() and getting Remote Command Execution (RCE)

This is a real world example – using DirBuster we were able to discover an unlinked file named sugar.php which we enumerated by requesting the  “sugar.php” resource file which returned an error message PHP error: “<b>Error</b>: include(): Filename cannot be empty in”. The valid parameter name “display=” was found using a custom parameter brute forcing script. The … Read more

*FOR RESEARCH* How Easy is it to find Webshells and basically have Root/Admin or User Level Access without “Hacking” Anything – PART 3

********RESEARCH ONLY – DO NOT TRY ANYTHING I AM ABOUT TO DO AS YOU WILL MOST LIKELY END UP IN JAIL, I DO NOT ENDORSE NOR CONDONE DoS ATTACKS OR HACKING WEBSERVERS YOU DO NOT HAVE PERMISSION TO DO SO – HOWEVER IF THEY ARE AGAINST IRAN OR NORTH KOREA I WOULD LOOK THE OTHER … Read more

*FOR RESEARCH* How Easy is it to find Webshells and basically have Root/Admin or User Level Access without “Hacking” Anything – PART 2

Sure enough, wevbshells were just as easy to find as DoS scripts on hacked webservers, the most common webshell that I found was the C99 or C999 or R57 (Modified by everyone) but the code is the same, I located 54 of those, 21 had full root access meaning people are still running apache as … Read more

*FOR RESEARCH* How Easy is it to find Webshells and basically have Root/Admin or User Level Access without “Hacking” Anything – PART 1

********RESEARCH ONLY – DO NOT TRY ANYTHING I AM ABOUT TO DO AS YOU WILL MOST LIKELY END UP IN JAIL, I DO NOT ENDORSE NOR CONDONE DoS ATTACKS OR HACKING WEBSERVERS YOU DO NOT HAVE PERMISSION TO DO SO – HOWEVER IF THEY ARE AGAINST IRAN OR NORTH KOREA I WOULD LOOK THE OTHER WAY – … Read more