Metasploit running on a WRT

metasploit

The folks from See-Security have gotten the Metasploit Framework running on a Linksys WRTSL54GS. They were inspired after seeing the Hacker Pimps pen-testing firmware, which we’ve covered before. The Metasploit Framework is used to develop and execute exploit code against target machines. The See-Security team ran into trouble getting Metasploit running due to RAM limitations. This particular model of router has a USB port so they were able to create swap space on a flash drive. The web interface worked as well once they set the bind address to the gateway IP. They’ve got all the steps you need to do this starting with OpenWRT.

[thanks muts and stillbourne]

Comments

  1. Nullsmack says:

    OT but what would people reading this site recommend for a hackable AP other than the WRT? I’ve been reading and looking at the openwrt docs but all the routers it supports are all discontinued/unavailable or very expensive.

  2. Remonster says:

    looks cool. Sorry about the stupid question, but what kind of stuff can one do with this kind of software on a router?

  3. Liam says:

    #2, click my name for a link to the wiki page

  4. RusH says:

    you can usee Asus WL-500g Deluxe, but asus fuxort GPL in the butt so I dont recommend it

  5. thesb says:

    #1 You might want to look at building your own with m0n0wall/pfsense (or any other router/fwall distro) they are very robust and the price can be very right if you use old hardware, or you can get small soho-formed hardware from PC Engines or Soekris(expensive)

  6. So what? Its running linux. You can compile linux code for it. Big deal. You can run any linux app that will fit in the memory available on this device. Its a linux box with a network port or 6.

  7. one says:

    i just flew over the articel….

    he might get problems because he uses a USB stick for a swap partition.
    But these have a limitation of ~10.000 – 100.000 read and write cycles!
    That’s not very much for a swap partition!

    Greetings one

  8. ydef says:

    So what was the conclusion? Was metasploit able to run on it or not? It seems like you’re saying that they were able to, yet at the same time you’re saying that they weren’t due to memory issues. I’m wondering whether it’s worth my time to read your article source if the whole effort was in vain due to memory constraints.

  9. ydef says:

    So what was the conclusion? Was metasploit able to run on it or not? It seems like you’re saying that they were able to, yet at the same time you’re saying that they weren’t due to memory issues. I’m wondering whether it’s worth my time to read your article source if the whole effort was in vain due to memory constraints.

  10. Baalpeteor says:

    metasploit is a library of exploits. Whats it use? It houses exploits you can launch with a payload on systems. Like lets say a pc has winamp, and of course it runs windows. I can boot up my linux pen test distro, Run metasploit, look under winamp apps and find winamp exploits, pick a payload, then launch it. Some might require the pc to go to a url (locally or remotely), and there’s ways to make a pc go to a url without them clicking. Why would we do this? Mainly to get command line, or root in linux. Another reason? Vnc injection also. It all depends on your needs.If your more of a newbie, or just want to quickly find an exploit, you can use the nice gui. If your a die hard cracker/hacker, or just learning how to fully use metasploit, you can also use it from the konsole.

    Now I will shutup before I tell you guys too much. And dont go emailing me asking me to hack your friends or how todo this and that :P

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,742 other followers