bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/remote/28056.txt
Offensive Security d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00

16 lines
No EOL
1,001 B
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component.
Exploitation of this vulnerability will allow full access to the router device.
This analysis describes the bug and includes a way to get developer access to recent versions of Mikrotik RouterOS
using the /etc/devel-login file. This is done by forging a modified NPK file using a correct signature and logging
into the device with username devel and the password of the administrator. This will drop into a busybox shell for
further researching the sshd vulnerability using gdb and strace tools that have been compiled for the Mikrotik busybox
platform.
Shodanhq.com shows >290.000 entries for the ROSSSH search term.
The 50 megs Mikrotik package including the all research items can be downloaded here:
http://www.farlight.org/mikropackage.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/28056.zip
Reference in a new issue View git blame Copy permalink