Hacking Ubiquiti AirOS with Metasploit

Good Morning friends. AirOS is the firmware maintained by Ubiquiti Networks for its airMAX products which include routers and switches. This firmware is Linux based. This module exploits a file upload vulnerability existing in the firmware to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. So let’s see hacking Ubiquiti AirOS. Start Metasploit and load the exploit as shown below. Type command “show options” to see what options we need to set.
airos1
The only option we need to set is our target IP address. If you have followed my previous howto’s you already know how to find the vulnerable targets. Set the target IP address as shown below. This module does not support check. No problem. Type command “show payloads to see the payloads we can use with this exploit. We normally have only one i.e interacting with the target’s shell. Set the payload.

airos2
Type “run”  to execute our exploit. We will get the command shell of our target as shown below.
airos3
Let’s check it. Type command “ls” to get contents of the present directory.
airos4
This is the passwd file of our target which has been overwritten by our exploit.

Comments

Popular Posts