- Vuln: MySQL OpenSSL Server Certificate yaSSL Security Bypass Vulnerability
- Vuln: Simple PHP Blog 'blog_language1' Parameter Local File Include Vulnerability
- Vuln: Intel BIOS SINIT Authenticated Code Module Local Privilege Escalation Vulnerability
- Vuln: Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
- Vuln: Ruby on Rails Session Fixation Vulnerability
- Vuln: Ruby on Rails Multiple Vulnerabilities
- Vuln: Ruby on Rails ':offset' And ':limit' Parameters SQL Injection Vulnerabilities
- Vuln: IBM Tivoli Storage Manager Multiple Vulnerabilities
- Vuln: IBM Access Support ActiveX Control 'GetXMLValue()' Buffer Overflow Vulnerability
- Vuln: HP OpenView Network Node Manager 'ovalarm.exe' Remote Buffer Overflow Vulnerability
Now for Part 2 of Kenny's Hacking Netgear router demo, but before we get to the part where we show what we can do, we need to know one thing.
What is Busybox ? In short, it is 'The Swiss Army Knife of Embedded Linux'
BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. BusyBox provides a fairly complete environment for any small or embedded system.
Kenny from GSO created this demo of gaining access to a Netgear Router... This is solely for educational purposes and usage.
By enabling the Debug option on Netgear routers, CLI access is available on the outside interface. The first part of this article will show how to remotely enable the debug feature. The second part will show what can be done once debug is enabled.
Site Search
Login Form
Disqus Tools
Twitter Updates
- feed:
- follow:
- bio:Information Security and Hacking at its best.
- web:
- location:NYC
- updates:537
- followers:683
- following:57
Last 4 tweets in past 30 days from gsogsecur:
People talking about '@gsogsecur OR "governmentsecurity.org"':