Jump to content

Hacking "ZynOS" routers !


Recommended Posts

Posted

That's awesome! The config file is readable to everyone??? I laughed so hard when I read your article. Thank you so much!

I have actually been playing with my verizon router/modem combo at home and found something interesting. I was just fuzzing the web service today and it crashed. Not just the web service: the whole router. Like it turned off. So I went to try again and it worked again. The third time I tried it didn't work. Now I can't remember which header I was testing when I got the first crash so I'm back to square one. I have been working on it all day. I am now pulling my hair out.

Has anyone else had a similar result with their verizon router?

Hahaha .. man you have to save the process and the findings in text file next time XD

Posted (edited)

I usually do but this time I really wasn't expecting to find anything and the time after that my computer died (apparently fuzzing drains the battery pretty quickly) and I lost my data :( I'm new to wireless security.

Also, where did you get the firmware image to create the virtual machine?

I was running Ubuntu on the virtualbox, and the firmware i got it from the router vendor website : http://www.tp-link.com/en/products/details/?model=TD-W8951ND

Edited by MrNasro
Posted

Thanks. I'll download that and start playing. The firmware was posted on their website? I couldn't find verizon's when I looked.

Hmm, just login to the router's web interface and search for "firmware" page you'll find informations about the version and build number ... etc with a good google search you'll find download links. ;)

Posted (edited)

I tried something simillar not so long ago. I was able to retrieve the rom-0 file by typing in a special link.

Funny to see this exploit still works :P

ps. Just looked through your code.py, it was just like yours

"http://"+host+"/rom-0"

can't remember the model of the router though :/

Edited by spazi
Posted

". . .I opened an OLD OLD poc python script of mine that accessed routers via telnet using the default passwords."

Hmm. . .

Is there any way that I could have that code? I would like to update that to support http logins as well and combine it with a project of mine that scrapes usernames and passwords from routerpasswords.com.

If you read the article carefully you'll find my Github : https://github.com/MrNasro/zynos-attacker%C2'> , ;)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...