Root My Access Point

From wifi to root

Florian Charbonneau - @DrStache_ - HACK2G2

Whoami

http://www.aperikube.fr

https://twitter.com/DrStache_

Introduction

Introduction

Défaut de configuration

Exploitation PHP : RCE

Exploitation PHP

exec
passthru
system
shell_exec
`` (backticks)
popen
proc_open
pcntl_exec

Exploitation PHP

Exploitation PHP

Identification de la vulnérabilité et de l'entrée utilisateur
Exploitation, création du fichier /var/www/html/test.html

Reverse Shell

Send me your bash

Reverse Shell

Reverse Shell

Reverse Shell

Missing Authentication

Straight to the shell

Privilege Escalation

www-data to root

Thanks!

Questions?

HACK2G2 | Root My Access Point

By Florian Charbonneau

HACK2G2 | Root My Access Point

Workshop 26/09/2018

220

Florian Charbonneau

Loading comments...

More from Florian Charbonneau

Energy Company

Florian Charbonneau

5
deck

Florian Charbonneau

62
HACK2G2 | Honeypot and Malware Hunting

Florian Charbonneau

304
HACK2G2 | Privilege Escalation

Florian Charbonneau

506