File modification of Cisco RV325 router

Others 2021-03-19 02:55:58 views: null

1. Content overview:

Try to enter the file system with Cisco RV325 and make some modifications.

Full body appearance:

2. Web-side analysis process:

Account: cisco

password:......

First visit the web page of 192.168.1.1 (no Chinese option ~ hateful)

After entering the user name and password, the interface is as follows

Get it around and add a static routing table

Three, remote link RV325:

The purpose is to link to RV325 and restart the web

But there is no debugging interface,

1. Scan with nmap first

2. Found port 22, that is, SSH port is open, use putty link

 

But tried many commands: ls, ifconfig, insmod, uname, id, pwd, lsmod, sudo

 

Commod or filename not found error appears

There is no information on the Internet to explain the reason, but if the inquiry is learned that it is only a general operation, it will not enter the file system, so there will be no corresponding command

 

3. It is necessary to obtain root privileges through vulnerabilities (CVE-2019-1652 and CVE-2019-1653, etc.). After searching the information online, the available commands are as follows

The equipment commands include a collection of commands for installation and login, file processing, system management, network operation, system security, and other functions.

 

 

Four, mistakes

After canceling all services on the Firewall interface on the web side, I found that I cannot continue to log in with the web side.

Scanning the ports again, it is found that ports 443 and 22 have been closed. . Don't know how to link

1. Reset the router and try to remedy it

Remedial failure

2、

Call the after-sales service hotline 4006680046

The customer service lady said to register a Cisco account and provide the company address. It was a little troublesome, so she gave up this route.

3. Access through port 80 and 8008 is not possible, try to access port 8000

Via http://192.168.1.1:8000

Successful visit

Reopen the port

 

Five, use vulnerabilities to enter the file system

1. Find the POC about CVE-2019-1653 on the vulnerability website

https://www.exploit-db.com/exploits/46262

I.e. request https://192.168.1.1/cgi-bin/config.exp

After execution, you can get RV325 configuration information (including password hash and other information) without logging in

 

2. Use the POC of CVE-2019-1652

https://www.exploit-db.com/exploits/46655

Not very familiar with MSF for the time being, so I haven't finished

 

In the past two days, I completed the process and finished the blog, making some contributions to the eco-environment of the code farmer.

Guess you like

Origin blog.csdn.net/qq_42882717/article/details/111976666
Recommended
Ranking
2019 JD pen questions - Choir
Grafana installation & basic configuration
How to solve the high gas fee of Filecoin? The official attitude is bright!
Informatization development 59
Date,DateFormat,Calendar,
Introduction to MySQL - Understanding MySQL
win10 conexão de área de trabalho remota ubuntu20 (RDP)
52. Customize generics on methods
Detailed explanation of CAP, ACID, BASE theory and NWR practice strategy
UnknownHostException:XXX:Name or service not know
Daily
More
2024-08-01(0)
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)

Code World

© 2018 codetd.com