nixawk
commented
7 years ago @baitnfatty Delete words as follow:
# Exploit Title: Eir D1000 Wireless Router - WAN Side Remote Command Injection
# Date: 7th November 2016
# Exploit Author: Kenzo
# Website: https://devicereversing.wordpress.com
# Tested on Firmware version: 2.00(AADU.5)_20150909
# Type: Webapps
# Platform: Hardware
Description
===========
By sending certain TR-064 commands, we can instruct the modem to open port 80 on the firewall. This allows access the the web administration interface from the Internet facing side of the modem. The default login password for the D1000 is the default Wi-Fi password. This is easily obtained with another TR-064 command.
Proof of Concept
================
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
Put the module into your current msf directory.
msf > use exploit/linux/remote/40740
msf exploit(40740) > show options
Module options (exploit/linux/remote/40740):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST yes The target address
RPORT 7547 yes The target port
SSL false no Negotiate SSL/TLS for outgoing connections
VHOST no HTTP server virtual host
Payload options (linux/mipsbe/shell_bind_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Exploit target:
Id Name
-- ----
1 MIPS Big Endian
g0tmi1k
Hello, After trying to load the module by placing it -> "/root/.msf4/modules/exploit/remote/40740.rb" metasploit complains to me saying the following:
[-] WARNING! The following modules could not be loaded! [-] /root/.msf4/modules/exploits/linux/remote/40740.rb: Errno::ENOENT No such file or directory @ rb_sysopen - /root/.msf4/modules/exploits/linux/remote/40740.rb
Upon searching vigorously I was unable to find a solution, although i feel it has to do with these calls:
class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking
include Msf::Exploit::Remote::HttpClient
As the locations do not exist. Am I doing this wrong? or should I have these files as well? I could not locate the above locally or on Exploit-db or within this Git. Any help would be greatly appreciated.
Also, I checked the logs and Framework.log says the same exact information stated above, no further info to point me to the exact location or reason for the error.
Thanks,
Also, I forgot to mention, Im on a fresh install of Kali (All updated by Dist-Upgrade) and I also made sure exploitdb was updated as well as searchsploit. please let me know if any further info is needed.
After further i was able to get ruby to show me the following:
ruby -v .msf4/modules/exploit/40740.rb ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu] /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in'
require': cannot load such file -- msf/sanity (LoadError) from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:inrequire' from /usr/share/metasploit-framework/lib/msf/core.rb:14:in<top (required)>' from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:inrequire' from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:inrequire' from .msf4/modules/exploit/40740.rb:17:inI have sanity installed and jruby... also did a gem update. not sure what I am missing.
Also, I defined the require path to its absolute path as my environment is not the same as the scrip makers.. I am open to suggestions as far as setting environment variables as well... Just let me know what you need.
Thanks again. Bait.