【 Grey Hack 】万金油脚本:在路由器上获取shell
生活随笔
收集整理的這篇文章主要介紹了
【 Grey Hack 】万金油脚本:在路由器上获取shell
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
目錄
- 腳本源碼
- 用法
- 效果及示例
版本:Grey Hack v0.7.3618 - Alpha
腳本源碼
if params.len != 2 or params[0] == "-h" or params[0] == "--help" then exit("<b>Usage: "+program_path.split("/")[-1]+" [ip_address] [LAN_address]</b>") metaxploit = include_lib("/lib/metaxploit.so") if not metaxploit thenmetaxploit = include_lib(current_path + "/metaxploit.so") end if if not metaxploit then exit("Error: Can't find metaxploit library in the /lib path or the current folder")address = params[0] net_session = metaxploit.net_use( address ) if not net_session then exit("Error: can't connect to net session") libKernel = net_session.dump_libprint("Founded " + libKernel.lib_name + " "+ libKernel.version)if not libKernel then exit("Error: " + libName + " not found.")lanIp = params[1]resultMem = "" resultKey = ""kernel_router_exploits = metaxploit.scan(libKernel) for kernel_router_exploit in kernel_router_exploitsprint(kernel_router_exploit)result_lists = metaxploit.scan_address(libKernel, kernel_router_exploit).split("Unsafe check: ")[1:]for result_list in result_liststarget_str = result_list.split(".")[0]target_key = target_str.split(" ")[-1]result = libKernel.overflow(kernel_router_exploit, target_key[3:-4], lanIp)print(target_key + ": " + typeof(result))if typeof(result) == "shell" thenroot_file = result.host_computer.File("/root")if root_file.has_permission("w") thenresult.start_terminalelse if root_file.has_permission("r") thenresultMem = kernel_router_exploitresultKey = target_key[3:-4]elseif resultMem == "" then resultMem = kernel_router_exploitif resultKey == "" then resultKey = target_key[3:-4]end ifend ifend for end for result = libKernel.overflow(resultMem, resultKey, lanIp) if typeof(result) == "shell" thenresult.start_terminal end if exit("Fail...")用法
【腳本名】 【公網(wǎng)IP】 【局域網(wǎng)IP】
效果及示例
先檢測(cè)目標(biāo)端口庫(kù)版本
再嘗試遍歷攻破漏洞以獲取shell
視情況不同,可能得到游客或root權(quán)限
如圖,本案例中目標(biāo)IP尚未開(kāi)放常見(jiàn)端口
得到了路由器游客權(quán)限的shell
總結(jié)
以上是生活随笔為你收集整理的【 Grey Hack 】万金油脚本:在路由器上获取shell的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: C#利用Socket实现客户端之间直接通
- 下一篇: 2021五一数学建模竞赛a,b,c题