Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Kill-Router
Search
Matheus Fidelis
January 30, 2018
Technology
0
180
Kill-Router
Talk ministrada no SecurityTricks #1 sobre a ferramenta Kill-Router
Matheus Fidelis
January 30, 2018
Tweet
Share
More Decks by Matheus Fidelis
See All by Matheus Fidelis
Engenharia de Confiabilidade - Roadmap
msfidelis
0
170
Sobrevivendo a Cenários de Caos com Istio Service Mesh
msfidelis
1
110
Road to Serverless
msfidelis
0
63
Docker para Maiores - Superlógica
msfidelis
0
83
Escalando e Consumingo Queues com NodeJS, Docker e RabbitMQ
msfidelis
0
100
Desmistificando a AWS
msfidelis
0
44
Criando API's de verdade com HapiJS
msfidelis
0
110
Desbravando o REST com Python
msfidelis
0
26
O Fantástico Mundo de GIT
msfidelis
0
60
Other Decks in Technology
See All in Technology
MapLibreとAmazon Location Service
dayjournal
1
160
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
690
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
130
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
900
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
7
1.3k
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
1k
プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児
kenjikondobai
2
620
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
740
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
210
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
5
380
web-application-security
matsuihidetoshi
0
170
Featured
See All Featured
What's new in Ruby 2.0
geeforr
337
31k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
21
1.6k
A Tale of Four Properties
chriscoyier
151
22k
From Idea to $5000 a Month in 5 Months
shpigford
377
45k
Clear Off the Table
cherdarchuk
84
310k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
How STYLIGHT went responsive
nonsquared
92
4.8k
The Cost Of JavaScript in 2023
addyosmani
16
3.9k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
Transcript
Kill-Router- “De um trabalho da faculdade a 2000 dispositivos hackeados”
@fidelissauro https://github.com/msfidelis/Kill-Router-
$ whoami_ Matheus Fidelis Developer / Cloud / DevOps Superlógica
/ PJBank Github: /msfidelis Twitter: @fidelissauro Email:
[email protected]
Blog: http://nanoshots.com.br
$ Kill-Router • Mineração e brute force em massa em
dispositivos • Trabalho de faculdade • Quebrar senhas dos roteadores dos prédios • Desbloquear Ah Negão, Não Salvo e etc (foda) https://github.com/msfidelis/Kill-Router-
$ Kill-Router • KISS (Keep it Simple, Stupid…) • HTTP,
SSH, FTP Attack • Mode: Standalone (Target) • Mode: Shodan Dork Search Engine (API) • Minerar dispositivos conectados a internet • Weak Passwords • Roteadores, Câmeras, Switches, Painéis e lalala
$ Stand Alone ./kill-router.py -t 192.168.0.1 -u admin -l passlist.txt
./kill-router.py -t 192.168.0.1 -u root -l passlist.txt -p 22 -m ssh
$ Default Passlists • Top 10 Passwords • Top 100
Passwords • Stupid Passwords • Ashley Madison ( ͡° ͜ʖ ͡°)
$ SHODAN • Indexador de dispositivos conectados a internet. •
Fingerprint de serviços, versões e portas • Banners HTTP, FTP, SSH, Telnet, SNMP, SIP, etc • Dork Search • API Aberta https://www.shodan.io/
$ SHODAN
None
$ SHODAN 0.0.0.0/0
$ SHODAN
None
$ Searchs • RomPager/4.07 UPnP/1.0 —– router • uc-httpd 1.0.0
—– CCTV camera • DVRDVS-Webs —– CCTV camera • microhttpd —– router • Webs —– CCTV camera • Hikvision-Webs —– CCTV • camera iBall-Baton —– CCTV camera
$ Dorks • Nginx Servers in São Paulo nginx country:
"São Paulo" • Apache Server in Subnet Range apache net:“216.219.143.0/24” • Google Servers "Server: gws"
Kill-Router- ./kill-router.py --shodan geovision
None
None
None
None
OBRIGADO!