no one is safe ...
//secure it#

Metasploit Updates with some Home Network Horror stuff

The last two updates from #Metasploit include some new stuff to test your home network devices within your pentests.

You could find the original text of the following paragraph over here.

Consumer-Grade Hacking

Last month, I talked about community contributor Michael @m-1-k-3 Messner's nifty D-Link authentication bypass, and made the case that having Metasploit modules for consumer-grade access points is, in fact, useful and important.

Well, this week's update has a pile of new modules from m-1-k-3, all of which are targeting these kinds of consumer-grade networked devices: We now have a Linksys E1500 / E2500 remote command exec exploit, a Linksys 1500 directory traversal exploit, a directory traversal module for TP-Link's TL-WA701ND access point, a password extractor for the DLink DIR-645, and a directory traversal module for NetGear's weird single-purpose cordless phone device.

That's right, we have a Metasploit module for a cordless phone. The era of there being a difference between your "electronic devices" and your "computer devices" is coming to a close. What I said last month about these sorts of devices being in scope for a pen-test still stands -- if they're not in scope today, they really ought to be, at least for key personnel. Criminals don't particularly care about your scope doc.

You could find the original text of the following paragraph over here.

Getting a full Shell on D-Link DSL-320B

This time not a big thing ... more a nice detail on getting a shell on the DSL-320B device.

If you are doing a portscan on your local network with Nmap you will see the following output:

PORT   STATE SERVICE    VERSION
21/tcp open  ftp        D-Link or USRobotics ADSL router firmware update ftpd
22/tcp open  tcpwrapped
23/tcp open  telnet     D-Link DSL-2542B ADSL router telnetd
80/tcp open  http?

You could login with the credentials from the webinterface and you get a stripped access:


root@bt:~# telnet 192.168.178.111
Trying 192.168.178.111...

Auf ein Wort mit: Michael Messner #ffg2013

"Morgen beginnt mit den ersten Tutorials das Frühjahrsfachgespräch in Frankfurt. Letzter Appetithappen, bevor wir direkt vom FFG berichten: Ein Gespräch mit Michael Messner, ebenfalls schon lange im GUUG- und FFG-Umfeld bekannt und geschätzt. Er berichtet in diesem Interview über seinen Vortrag sowie das Metasploit-Tutorial, das er am Mittwoch hält."



read more

Das Programm findet ihr hier.

Multiple Vulnerabilities in Netgear DGN2200B

Device Name: DGN2200B
Vendor: Netgear

============ Vulnerable Firmware Releases: ============

Hardwareversion DGN2200B
Firmwareversion V1.0.0.36_7.0.36 - 04/01/2011
GUI Sprachversion: V1.0.0.25

============ Device Description: ============

Infos: http://www.netgear.com/home/products/wirelessrouters/work-and-play/dgn22...
http://www.netgear.de/products/home/wireless_routers/work-and-play/DGN22...

Firmware download: http://kb.netgear.com/app/answers/detail/a_id/18990/~/dgn2200%2Fdgn2200b...

Multiple Vulnerabilities in Edimax EW-7206-APg and EW-7209APg

Device Name: EW-7206APg / EW-7209APg
Vendor: Edimax

============ Vulnerable Firmware Releases: ============

Device: EW-7206APg
Hardware Version Rev. A
Runtime Code Version v1.32
Runtime Code Version V1.33

Device: EW-7209APg
Hardware Version Rev. A
Runtime Code Version 1.21
Runtime Code Version 1.29

============ Device Description: ============