Root My Access Point

From wifi to root

Florian Charbonneau - @DrStache_ - HACK2G2

Whoami

http://www.aperikube.fr

https://twitter.com/DrStache_

Introduction

Introduction

Défaut de configuration

Exploitation PHP : RCE

Exploitation PHP

exec
passthru
system
shell_exec
`` (backticks)
popen
proc_open
pcntl_exec

Exploitation PHP

Exploitation PHP

Identification de la vulnérabilité et de l'entrée utilisateur
Exploitation, création du fichier /var/www/html/test.html

Reverse Shell

Send me your bash

Reverse Shell

Reverse Shell

Reverse Shell

Missing Authentication

Straight to the shell

Privilege Escalation

www-data to root

Thanks!

Questions?

HACK2G2 | Root My Access Point

By Florian Charbonneau

HACK2G2 | Root My Access Point

Workshop 26/09/2018

251

Florian Charbonneau

Loading comments...

More from Florian Charbonneau

HACK2G2 | Mass scam: from misstype to Facebook botnet

Florian Charbonneau

7
HACK2G2 | Honeypot and Malware Hunting

Florian Charbonneau

342
HACK2G2 | Privilege Escalation

Florian Charbonneau

554