Routerpwn.com is a application which helps you in the exploitation of vulnerabilities in routers.
routerpwn is a compilation of ready to run local and remote web exploits.
Programmed in Javascript and HTML in order to run in all "smart phones" and mobile internet devices.
It is only one page, so you can store it offline for local exploitation without internet connection.
It has collection of 103 router exploits listed below:
# 103 Total (2 Generators) 7/26/2011 #
Huawei HG5XX Mac2wepkey Default Wireless Key Generator
Backdoor password in Accton-based switches (3com, Dell, SMC, Foundry and EdgeCore)
20x 27x authentication bypass (xss + info disclosure)
17x 18x 20x 27x CRLF denial of service remote MDC
17x 18x 20x 27x CRLF denial of service
17x 18x 20x 27x password_required.html authentication bypass
17x 18x 20x 27x CD35_SETUP_01 authentication bypass
17x 18x 20x 27x CD35_SETUP_01 password reset
17x 18x 20x 27x DSL denial of service
17x 18x 20x 27x mgmt_data configuration disclosure
17x 18x 20x 27x H04 authentication bypass
17x 18x 20x 27x 38x Add domain to hosts table CSRF
Backdoor password in Accton-based switches (3com, Dell, SMC, Foundry and EdgeCore)
iMC Intelligent Management Center configuration disclosure
iMC Intelligent Management Center traversal
OfficeConnect command execution
AP 8760 auhentication bypass
OfficeConnect configuration disclosure
OfficeConnect 3CRWE454G72 configuration disclosure
3cradsl72 configuration disclosure
3cradsl72 information disclosure & authenication bypass
812 denial of service
812 denial of service 2
Arris Password of The Day (list.txt)
Arris password of the day web interface
F5D7234-4 v5 admin password md5
F5D8233-4 v3 configuration disclosure
F5D8233-4 v3 router reboot
F5D7230-4 factory reset
F5D7230-4 change dns servers
MIMO F5D9230xx4 configuration disclosure
WAG120N Change admin password
WAG120N Add admin user
WAP54Gv3 debug interface (Gemtek:gemtekswd)
WRT54G enable remote interface
WRT54G config disclosure
WRT54G restore factory defaults
WRT54G last password in plain text
WRT54G disable wifi encription
WRT54G change admin password
D-Link WBR-1310 Authentication Bypass set new password
D-Link DIR-615, DIR-320, DIR-300 Authentication Bypass
D-Link DAP-1160 Authentication Bypass
D-Link DIR-615 change password & enable remote admin
D-Link DIR-615 configuration disclosure
DSL-G604T change DNS servers
704P denial of service
DSL-G624T directory traversal
DWL-7x00AP configuration disclosure
DSL Routers "firmwarecfg" Authentication Bypass
HG5XX mac2wepkey default wireless key generator
HG520c HG530 enable remote management CSRF
HG520c HG530 Listadeparametros.html information disclosure
HG520c HG530 AutoRestart.html denial of service & factory reset
HG520 LocalDevicejump.html denial of service
SmartAX MT880 default password
SmartAX MT880 add administrator account
SmartAX MT880 disable firewall/anti-dos w/default pass
ZyNOS configuration disclosure
SBG900 change admin password
SBG900 turn off firewall
SBG900 enable remote access
SBG900 disable DHCP & add custom DNS server
FlexiISN auth bypass AAA Configuration
FlexiISN auth bypass Aggregation Class Configuration
FlexiISN auth bypass GGSN general Configuration
FlexiISN auth bypass Network Access & services
5200 Default administrator account
5200 Host authentication bypass
5200 Configuration disclosure /.cfg
SE461 denial of service
ST585, TG585n user.ini arbitrary download vulnerability
ST585 Redirect domain CSRF
ST585 Add administrator account CSRF
bthomehub call number (voice-jacking) auth bypass
bthomehub authentication bypass
bthomehub enable remote access and change tech password
bthomehub disable wifi
TEW-633GR A-to-C authentication bypass
TEW-633GR unauthorized factory reset
G-570S configuration disclosure
Prestige configuration disclosure
Prestige privilege escalation
Prestige default password
ZyWALL USG client side authorization config disclosure
ZyNOS configuration disclosure
Zywall2 Persistent Cross Site Scripting
Prestige unauthorized reset
WWNAP210 authentication bypass
WNDAP350, WNAP210 BackupConfig.php config disclosure
CG3100D privilege escalation
RP614v4 config disclosure
WNR2000 information disclosure
WNR2000 information disclosure
WNR2000 config disclosure
DG632 auth bypass (config disclosure)
DG632 auth bypass
DG632 'firmwarecfg' denial of service
WGR614v9 denial of service
SSL312 VPN denial of service
FVS318 content filtering bypass
FVS318 log file arbitrary content injection
DG834G enable telnet root shell
WG602 undocumented admin account (superman)
WG602 undocumented admin account (super)
We already have a whitepaper on router exploitation & its potential you can check it here
You can use the tool from this url: www.routerpwn.com
A very interesting article. The insights are really helpful and informative. Thanks for posting. Visit here for more info. Arris Tech Support
ReplyDelete