This one is not for routers, but every windows admin should be aware if you don't use two factor auth your password hashes can be extracted from memory from every windows computer on your network that you logged into (until reboot).
"Ranger is a command-line driven attack and penetration testing tool, which has the ability to use an instantiated catapult server to deliver capabilities against Windows Systems. As long as a user has -ONE- set of credentials or a hash set (NTLM, LM, LM:NTLM) he or she can gain access to systems that are apart of the trust.
Using this capability a security professional can extract credentials out of memory in clear-text, access SAM tables, run commands, execute PowerShell scripts, Windows Binaries, and other tools.
At this time the tool bypasses the majority of IPS vendor solutions unless they have been custom tuned to detect it. The tool was developed using our home labs in an effort to support security professionals doing legally and/or contractually supported activities."
Thanks for the shout out. This is Dev from the team that just released Ranger at BSides Charm this weekend. Happy to get Chris and Jon involved if anyone has some questions.
I begin by saying promise I read the README :-) but is that something that is run on an attackers machine, or does it rely on running on the target machine itself?
No worries - Ranger would run on the "attackers" machine. You have to specify the delivery method (wmiexec, psexec, smbexec or atexec) which Ranger utilizes to access the target machine and execute the attack.
Can anyone tell me why this shouldn't be a set of modules for metasploit? I appreciate the effort put in, the python/ruby argument and that the MIPS_LE shellcode for meterpreter breaks on a lot of boxes, but is there a specific reason why the wheel is being reinvented here instead of putting efforts into extending and improving what's already there?
In the least abrasive way possible – If you're a self-described 'noob', I feel like investigating router exploits is going to be more confusing than anything. Embedded devices can be quite different from what you're used to.
Without wanting to encourage script kiddies in any way, but how would a noob go from noob to informed? Genuine question, I promise no snark intended :-)
https://github.com/funkandwagnalls/ranger
"Ranger is a command-line driven attack and penetration testing tool, which has the ability to use an instantiated catapult server to deliver capabilities against Windows Systems. As long as a user has -ONE- set of credentials or a hash set (NTLM, LM, LM:NTLM) he or she can gain access to systems that are apart of the trust.
Using this capability a security professional can extract credentials out of memory in clear-text, access SAM tables, run commands, execute PowerShell scripts, Windows Binaries, and other tools. At this time the tool bypasses the majority of IPS vendor solutions unless they have been custom tuned to detect it. The tool was developed using our home labs in an effort to support security professionals doing legally and/or contractually supported activities."