/Exploit2

Primary LanguagePython

Title: PoC: Detecting RSA in DCS-932L Firmware of Dlink (Novi Hogeschool Assessment)

Purpose: This Python script provides a foundational demonstration of how to automate the initial steps of searching for hardcoded credentials within the Dlink DCS-932L Firmware. It's designed as an educational Proof of Concept (PoC) for a Novi Hogeschool assessment.

Usage: To use the provided script, follow these steps:

  1. Install Python: Ensure Python is installed on your system.

Linux Install Python:

sudo apt install python3

Mac Install Python:

brew install python

  1. Install Required Modules: You need to install the requests module if it's not already installed. You can do this using pip, Python's package manager, by running the following command in your terminal or command prompt:

    pip install requests

  2. Run the Script: Open a terminal or command prompt, navigate to the directory containing the exploit2.py file, and run the script using the following command:

    python3 exploit2.py

  3. Check Output: After running the script, it will download the DCS932L Firmware, extract its contents, locate the /etc_ro/serverkey.pem file, read its content, and write it to a new file named rsa.txt. You can find the rsa.txt file in the same directory where you ran the script.

  4. Review Output: Open the rsa.txt file to review the contents of the /etc_ro/serverkey.pem file, which was retrieved.

How it Works

Downloads a Repository: The script downloads a specified GitHub repository as a ZIP file. Extracts the Archive: It extracts the contents of the downloaded ZIP file. Locates a Target File: The script navigates the extracted file structure to locate a specific file (in this example, 'etc_ro/serverkey.pem'). Copies File Content: The contents of the target file are copied to a new file ('rsa.txt') for further manual inspection.

Important Notes

Ensure you have the requests and zipfile libraries installed (pip install requests zipfile). Disclaimer: This script is intended for educational use within the scope of a Novi Hogeschool assessment. Always use code responsibly and ethically when interacting with GitHub repositories.

Author Georgio T