Exploiting CISCO Linksys Router WAG200G


Exploiting CISCO Router... Linksys WAG200G!

If you think that your Router can't be locally exploited, i will give you a hit!.

The OLD Modems can be easily exploited such as mine (Linksys WAG200G).

I've found this Great Exploit (valid also for other CISCO/Linksys Routers) developed by Eloi Vanderbeken :D

Let's now see what can we do with it!:

PoC Tool Link:

https://github.com/elvanderb/TCP-32764/archive/master.zip

How it works?

First of all we need thus Requirement(s):

Python (for run the Script) & ZenMap (for do a quick Scan of our open ports!)

After we have them into our System, we can run ZenMap Port Scanning tool using the following Command:

nmap -p 1-32764 192.168.1.1

We can see that (after a while...) for thus who has this Router the Vulnerable Port :32764 will comes up as:

"Unknown Service"

Okay, now let's run the PoC.py Script using the following Command:

PoC.py Command:

--ip 192.168.1.1 --get_credentials





With this command you will be able to gather your Router Credentials without need to change the Password or having a direct access into it! (Good for *geek kids* that would have an access to teh internet when their parents blocks it!.)

But...you can do even more than discover your Router Credentials!

Into the PoC.py Command Script, there's an option for enter directly into the Shell of our Local Target!

You can use this string (into the PoC.py Script):

--ip 192.168.1.1 --shell

This is our Result!

After we are inside it, of course, we can also deface it.

What can i say... HAPPY HACKING! ;-)

POC Video:




More Details:

Security Article -->
https://github.com/elvanderb/TCP-32764


Technical Presentation -->
https://github.com/elvanderb/TCP-32764/blob/master/backdoor_description.pptx

Brought to you By Christian Galeone, full credits goes to Eloi Vanderbeken - Thanks Dude for your finding!.
--------------------------------------------------------------------------------------

About the Author :
Christian Galeone is a Cyber Security Researcher from Italy, he's currently studying to ITCL Marco Polo ( Vocational Technical Institute | Vo-Tech ) attending the IT Programming Class.
He has been Acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc.
He is currently working with HOC as author of Cyber Security & Critical Tools Research Articles.

-----------------------------------------------------