Nytro Posted September 4, 2013 Report Posted September 4, 2013 [h=1]Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption[/h]During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component.Exploitation of this vulnerability will allow full access to the router device.This analysis describes the bug and includes a way to get developer access to recent versions of Mikrotik RouterOSusing the /etc/devel-login file. This is done by forging a modified NPK file using a correct signature and logginginto the device with username ‘devel’ and the password of the administrator. This will drop into a busybox shell forfurther researching the sshd vulnerability using gdb and strace tools that have been compiled for the Mikrotik busyboxplatform.Shodanhq.com shows >290.000 entries for the ROSSSH search term.The 50 megs Mikrotik package including the all research items can be downloaded here:http://www.farlight.org/mikropackage.ziphttp://www.exploit-db.com/sploits/28056.zipSursa: Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap CorruptionOk, acum am inteles. Zilele trecute am primit DDOS (cica) de pe 550+ IP-uri. ( Info )Asa cum Shocker a sugerat, acele IP-uri erau routere Microtik. Am o vaga impresie ca aceasta este metoda prin care cine nu ne place a obtinut acces la acele routere. Quote
