Wednesday 19 November 2014

Exploiting CISCO Linksys Router WAG200G

Exploiting CISCO Router... Linksys WAG200G!

If you think that your Router can't be locally exploited, i will give you a hit!.

The OLD Modems can be easily exploited such as mine (Linksys WAG200G).

I've found this Great Exploit (valid also for other CISCO/Linksys Routers) developed by Eloi Vanderbeken :D

Let's now see what can we do with it!:

PoC Tool Link:

How it works?

First of all we need thus Requirement(s):

Python (for run the Script) & ZenMap (for do a quick Scan of our open ports!)

After we have them into our System, we can run ZenMap Port Scanning tool using the following Command:

nmap -p 1-32764

We can see that (after a while...) for thus who has this Router the Vulnerable Port :32764 will comes up as:

"Unknown Service"

Okay, now let's run the Script using the following Command: Command:

--ip --get_credentials

With this command you will be able to gather your Router Credentials without need to change the Password or having a direct access into it! (Good for *geek kids* that would have an access to teh internet when their parents blocks it!.) can do even more than discover your Router Credentials!

Into the Command Script, there's an option for enter directly into the Shell of our Local Target!

You can use this string (into the Script):

--ip --shell

This is our Result!

After we are inside it, of course, we can also deface it.

What can i say... HAPPY HACKING! ;-)

POC Video:

More Details:

Security Article -->

Technical Presentation -->

Brought to you By Christian Galeone, full credits goes to Eloi Vanderbeken - Thanks Dude for your finding!.

About the Author :
Christian Galeone is a Cyber Security Researcher from Italy, he's currently studying to ITCL Marco Polo ( Vocational Technical Institute | Vo-Tech ) attending the IT Programming Class.
He has been Acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc.
He is currently working with HOC as author of Cyber Security & Critical Tools Research Articles.



Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer