Router Exploit Shovel

Sep 26, 2019

You can download it from here: https://github.com/arthastang/Router-Exploit-Shovel

Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the stack, generate the ROP chain, generate the encoded shellcode, and finally assemble them into a complete attack code. The user only needs to attach the attack code to the overflow location of the POC to complete the Exploit of the remote code execution.

The tool supports MIPSel and MIPSeb.Run on Ubuntu 16.04 64bit.

Automated Application Generation for Stack Overflow Types on Wireless Routers

Install

Make sure you have git, python3 and setuptools installed. Download source code from our Github:

$ git clone https://github.com/arthastang/Router-Exploit-Shovel.git

Set up environment and install dependencies:

$ cd Router-Exploit-Shovel/

$ python3 setup.py install

Usage

$ python3 Router_Exploit_Shovel.py -h

Usage: Router_Exploit_Shovel.py [options]


Options:

  -h, --help            show this help message and exit

  -b BINARYFILEPATH, --binaryFile=BINARYFILEPATH

                        input binary file path

  --ba=BINARYBASEADDR, --binaryBaseAddr=BINARYBASEADDR

                        input binary base address,default=0x00400000

  -l LIBRARYFILEPATH, --libraryFile=LIBRARYFILEPATH

                        input libc file path

  --la=LIBRARYBASEADDR, --libraryBaseAddr=LIBRARYBASEADDR

                        input library base address,default=0x2aae2000

  -o OVERFLOWFUNCTIONPOINTOFFSET, --overflowPoint=OVERFLOWFUNCTIONPOINTOFFSET

                        input overflow function....

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023