Начну с того, что провайдер подключил меня к сети через принимающий роутер NanoStation M2, который через lan раздает на мой домашний роутер. Я хочу зайти в админку. Брутфорс на SSH ничего не дал. Провайдер оказался хитрым, он поменял и логин, и пароль на какой-то уникальный. Остается только уязвимости, XSS, SQL - то есть то в чем я https://txgate.io/images/smilies/prankster.gif ... Маршрутизаторы у провайдера обновляютя на актуальную прошивку, старые уязвимости airos не работают. Armitage тоже ничего не дал. Куда копать, подскажите?
На роутере открыты 3 порта:
22/tcp open ssh Dropbear sshd 2016.74 (protocol 2.0)
53/tcp open domain dnsmasq 2.47
80/tcp open http lighttpd 1.4.39
Nmap:
Code:
<pre class="alt2" dir="ltr" style="
margin: 0px;
padding: 6px;
border: 1px solid rgb(0, 0, 0);
width: 640px;
height: 498px;
text-align: left;
overflow: auto;
background: rgb(37, 37, 37) none repeat scroll 0% 0%;
border-radius: 5px;
font-size: 11px;
text-shadow: none;">Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-28 12:35 EET
NSE: Loaded 146 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 12:35
Completed NSE at 12:35, 0.00s elapsed
Initiating NSE at 12:35
Completed NSE at 12:35, 0.00s elapsed
Initiating Ping Scan at 12:35
Scanning 192.168.10.1 [4 ports]
Completed Ping Scan at 12:35, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:35
Completed Parallel DNS resolution of 1 host. at 12:35, 0.00s elapsed
Initiating SYN Stealth Scan at 12:35
Scanning 192.168.10.1 [1000 ports]
Discovered open port 80/tcp on 192.168.10.1
Discovered open port 22/tcp on 192.168.10.1
Discovered open port 53/tcp on 192.168.10.1
Completed SYN Stealth Scan at 12:35, 1.37s elapsed (1000 total ports)
Initiating Service scan at 12:35
Scanning 3 services on 192.168.10.1
Completed Service scan at 12:36, 6.02s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 192.168.10.1
Initiating Traceroute at 12:36
Completed Traceroute at 12:36, 0.01s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 12:36
Completed Parallel DNS resolution of 2 hosts. at 12:36, 0.00s elapsed
NSE: Script scanning 192.168.10.1.
Initiating NSE at 12:36
Completed NSE at 12:36, 30.41s elapsed
Initiating NSE at 12:36
Completed NSE at 12:36, 0.00s elapsed
Nmap scan report for 192.168.10.1
Host is up (0.0064s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Dropbear sshd 2016.74 (protocol 2.0)
53/tcp open domain dnsmasq 2.47
| dns-nsid:
|_ bind.version: dnsmasq-2.47
80/tcp open http lighttpd 1.4.39
|_http-favicon: Unknown favicon MD5: 6DCAB71E60F0242907940F0FCDA69EA5
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: lighttpd/1.4.39
| http-title: Error 404 - Page Not Found
|_Requested resource was /nocookies.html
Device type: WAP
Running: Linux 2.6.X, Ubiquiti embedded
OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/h:ubnt:airmax_nanostation
OS details: Ubiquiti AirMax NanoStation WAP (Linux 2.6.32)
Uptime guess: 0.932 days (since Sat Jan 27 14:13:58 2018)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 25/tcp)
HOP RTT ADDRESS
1 7.22 ms OpenWrt.lan (192.168.8.1)
2 3.01 ms 192.168.10.1
NSE: Script Post-scanning.
Initiating NSE at 12:36
Completed NSE at 12:36, 0.00s elapsed
Initiating NSE at 12:36
Completed NSE at 12:36, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 42.33 seconds
Raw packets sent: 1057 (47.566KB) | Rcvd: 1194 (91.582KB)</pre>
https://2crd.cc/attachment.php?attac...p;d=1517142177
</img>