Good Morning friends. AirOS is the firmware maintained by Ubiquiti Networks for its airMAX products which include routers and switches. This firmware is Linux based. This module exploits a file upload vulnerability existing in the firmware to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. So let’s see hacking Ubiquiti AirOS. Start Metasploit and load the exploit as shown below. Type command “show options” to see what options we need to set.
The only option we need to set is our target IP address. If you have followed my previous howto’s you already know how to find the vulnerable targets. Set the target IP address as shown below. This module does not support check. No problem. Type command “show payloads” to see the payloads we can use with this exploit. We normally have only one i.e interacting with the target’s shell. Set the payload.
Type “run” to execute our exploit. We will get the command shell of our target as shown below.
Let’s check it. Type command “ls” to get contents of the present directory.
This is the passwd file of our target which has been overwritten by our exploit.