Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Kill-Router
Search
Matheus Fidelis
January 30, 2018
Technology
0
260
Kill-Router
Talk ministrada no SecurityTricks #1 sobre a ferramenta Kill-Router
Matheus Fidelis
January 30, 2018
Tweet
Share
More Decks by Matheus Fidelis
See All by Matheus Fidelis
Engenharia de Confiabilidade - Roadmap
msfidelis
1
220
Sobrevivendo a Cenários de Caos com Istio Service Mesh
msfidelis
1
150
Road to Serverless
msfidelis
0
77
Docker para Maiores - Superlógica
msfidelis
0
120
Escalando e Consumingo Queues com NodeJS, Docker e RabbitMQ
msfidelis
0
130
Desmistificando a AWS
msfidelis
0
58
Criando API's de verdade com HapiJS
msfidelis
0
120
Desbravando o REST com Python
msfidelis
0
46
O Fantástico Mundo de GIT
msfidelis
0
92
Other Decks in Technology
See All in Technology
SQLAlchemy の select(User).where(User.id =="123") を理解してみる/sqlalchemy deep dive
3l4l5
3
260
それでも私が品質保証プロセスを作り続ける理由 #テストラジオ / Why I still continue to create QA process
pineapplecandy
0
170
旅で応援する✈️ NEWTが目指すコミュニティ支援とあたらしい旅行 / New Travel: Supporting by NEWT on Your Journey
mii3king
0
140
Implementing and Evaluating a High-Level Language with WasmGC and the Wasm Component Model: Scala’s Case
tanishiking
0
170
Zephyr(RTOS)にEdge AIを組み込んでみた話
iotengineer22
1
280
Introduction to Bill One Development Engineer
sansan33
PRO
0
300
ソフトウェアエンジニアの生成AI活用と、これから
lycorptech_jp
PRO
0
840
Wasmの気になる最新情報
askua
0
180
OpenTelemetry が拡げる Gemini CLI の可観測性
phaya72
2
1.9k
サイバーエージェント流クラウドコスト削減施策「みんなで金塊堀太郎」
kurochan
4
2.3k
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
9k
QA業務を変える(!?)AIを併用した不具合分析の実践
ma2ri
0
110
Featured
See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.9k
Product Roadmaps are Hard
iamctodd
PRO
55
11k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.7k
Thoughts on Productivity
jonyablonski
70
4.9k
Designing for humans not robots
tammielis
254
26k
Practical Orchestrator
shlominoach
190
11k
How to Think Like a Performance Engineer
csswizardry
27
2.1k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
10
880
Context Engineering - Making Every Token Count
addyosmani
8
300
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
9
930
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
Transcript
Kill-Router- “De um trabalho da faculdade a 2000 dispositivos hackeados”
@fidelissauro https://github.com/msfidelis/Kill-Router-
$ whoami_ Matheus Fidelis Developer / Cloud / DevOps Superlógica
/ PJBank Github: /msfidelis Twitter: @fidelissauro Email:
[email protected]
Blog: http://nanoshots.com.br
$ Kill-Router • Mineração e brute force em massa em
dispositivos • Trabalho de faculdade • Quebrar senhas dos roteadores dos prédios • Desbloquear Ah Negão, Não Salvo e etc (foda) https://github.com/msfidelis/Kill-Router-
$ Kill-Router • KISS (Keep it Simple, Stupid…) • HTTP,
SSH, FTP Attack • Mode: Standalone (Target) • Mode: Shodan Dork Search Engine (API) • Minerar dispositivos conectados a internet • Weak Passwords • Roteadores, Câmeras, Switches, Painéis e lalala
$ Stand Alone ./kill-router.py -t 192.168.0.1 -u admin -l passlist.txt
./kill-router.py -t 192.168.0.1 -u root -l passlist.txt -p 22 -m ssh
$ Default Passlists • Top 10 Passwords • Top 100
Passwords • Stupid Passwords • Ashley Madison ( ͡° ͜ʖ ͡°)
$ SHODAN • Indexador de dispositivos conectados a internet. •
Fingerprint de serviços, versões e portas • Banners HTTP, FTP, SSH, Telnet, SNMP, SIP, etc • Dork Search • API Aberta https://www.shodan.io/
$ SHODAN
None
$ SHODAN 0.0.0.0/0
$ SHODAN
None
$ Searchs • RomPager/4.07 UPnP/1.0 —– router • uc-httpd 1.0.0
—– CCTV camera • DVRDVS-Webs —– CCTV camera • microhttpd —– router • Webs —– CCTV camera • Hikvision-Webs —– CCTV • camera iBall-Baton —– CCTV camera
$ Dorks • Nginx Servers in São Paulo nginx country:
"São Paulo" • Apache Server in Subnet Range apache net:“216.219.143.0/24” • Google Servers "Server: gws"
Kill-Router- ./kill-router.py --shodan geovision
None
None
None
None
OBRIGADO!