Legoos Posted December 7, 2020 Posted December 7, 2020 Добрый день. Ради интереса просканировал свой роутер из локальной сети с помощью routersploit autopwn и обнаружилась уязвимость [+] 192.168.1.130 Device is vulnerable: Target Port Service Exploit ------ ---- ------- ------- 192.168.1.130 80 http exploits/routers/linksys/eseries_themoon_rce Пошёл дальше rsf (AutoPwn) > use exploits/routers/linksys/eseries_themoon_rce rsf (Linksys E-Series TheMoon RCE) > set target 192.168.1.130 [+] target => 192.168.1.130 rsf (Linksys E-Series TheMoon RCE) > run [*] Running module exploits/routers/linksys/eseries_themoon_rce... [+] Target is vulnerable [*] Invoking command loop... [*] It is blind command injection - response is not available [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload <payload>' commands. cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- mipsle/bind_tcp MIPSLE Bind TCP Creates interactive tcp bind shell for MIPSLE architecture. mipsle/reverse_tcp MIPSLE Reverse TCP Creates interactive tcp reverse shell for MIPSLE architecture. Может ложно сработало на похожую уязвимость у Linksys, я не разбираюсь в этом особо. Просьба проверить, на всякий случай. Quote
Le ecureuil Posted December 7, 2020 Posted December 7, 2020 Уже неоднократно проверялось - это false-positive. 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.