no one is safe ...

Command Injection

New #Metasploit modules for attacking embedded devices are available

During the last few weeks a lot of new stuff in breaking embedded devices has arrived. There are some quite interesting vulnerabilities, exploits and some new payloads available.

Linksys WRT120N

First of all Craig Heffner has analyzed the Linksys WRT120N router and he has created a lot of detailed information about this work on his blog. The series of blogposts start with some details about breaking the hardware. Second he shows how it is possible to extract the firmware from the device. Finally Craig has found an interesting buffer overflow vulnerability and he has created a nice and shiny exploit for it. This exploit is able to reset the password for the web-interface of the router. So I thought this would be a quite nice Metasploit Auxiliary module.

The following code is the interesting part of the module – the full code is available on Github.

Within the main function (run) it starts with a first test of the login with the username admin and no password. If this test is successful there is no further need for this module and it is finished: