36 comments on “Hacking Ubiquiti AirOS with Metasploit

  1. Hi, nice work!

    I want to enter in a Nanostation M900, i know the user but i dont know the password, is there anyway i can bruteforce it?

    Thanks!

  2. Hello, help please, after entering the run appear “segmentation fault” on exit metasploit.
    how to solve this problem? thanks

    • @Shme, Is your system 32bit or 64 bit. Is your handler setup. You will normally get this error when you don’t have a handler setup. So restart Metasploit and try again. Inform me if the problem persists.

      • @kanishka10 Hi !

        Thanks for the help me !!

        My system kali linux install vmware workstation 12.

        Linux kali 4.6.0-kali-amd64 #1 SMP Debian 4.6.4-1kali1 (2016-07-21) x86_64 GNU/Linux.

        metasploit restart it did not help. the problem persists, run appear “segmentation fault” on exit metasploit.

        Thank you!

  3. I get:
    [*] Uploading /etc/passwd
    [*] Uploading /etc/dropbear/authorized_keys
    [*] Logging in as iebzzgkp
    [+] Logged in as iebzzgkp
    [*] Found shell.
    [*] Command shell session 6 opened (xxx.xxx.xxx.xxx:1033 -> xxx.xxx.xxx.xxx:22) at 2016-12-12 22:17:03 +0200

    [*] 172.30.3.229 – Command shell session 6 closed. Reason: Died from EOFError

    I tried many different targets but I get the same EOFError.

    • @bomberb17, EOF error may occur due to many reasons. Can you just update your Metasploit and try once again.

  4. Where is the module . I cant load exploit ubiquito airos or i know.
    Where i download or how i can install it . Sorry for my english. Tks

  5. Segmentation fault..
    How i can solve this problem.
    and my username and password has been changed i cant login to my device right now

    • Hi Molecule. There are many reasons why this error occurs. They are the exploit does’nt work against your target, the exploit may be f- or a different version, the code of exploit may be wrong, the payload you use may not have an option to create an interactive session and the target configuration is wrong.Check which one you did wrong.

  6. I still cannot determine why I am getting segmentation fault when I run this. Why would it be in bad memory location? I am assuming that means the bug is available on this system I am testing on, but the location it is over writting is off for some reason. I have updated meta and also looked over the code, but with no success. I am using 64bit msf BTW.

  7. i am getting this

    : [*] Uploading /etc/passwd
    [*] Uploading /etc/dropbear/authorized_keys
    [*] Logging in as rwikvnzq
    [*] Exploit completed, but no session was created.

    • The target version may not be vulnerable. Before running the exploit, check if it is vulnerable using the “check” command.

  8. I am having this issue.Please tell me to solve this problem.

    ] Uploading /etc/passwd
    [*] Uploading /etc/dropbear/authorized_keys
    [*] Logging in as hljalwkx
    [-] Exploit failed: NameError uninitialized constant Net::SSH::CommandStream
    [*] Exploit completed, but no session was created.

  9. is this exploit still good as of today i get the exploit started but no session was created do you have to set up multi/handler?

  10. I get

    Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (192.168.100.1:443).

    Is the firmware updated? Its an old NS2 *NO M*

  11. I got this error. Maybe who can help.
    msf exploit(ubiquiti_airos_file_upload) > run

    [*] Uploading /etc/passwd
    [-] Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (xxx.xxx.xxx.xxx:443).
    [*] Exploit completed, but no session was created.

    • Renato, This question of yours is ambigious. What do you mean by own IP address. If you want to set the IP address of the machine from which you are hacking, you can set it as 127.0.0.1. If you are in a LAN and want to set your gateway as target IP, then do “ipconfig”(if it is a Windows system) or “ifconfig”(if it is a Linux system) and find out your system’s local IP first. Then change the last bit to “1” or “2”. Still this can be answered better if the question was bit clear.

Leave a Reply

Your email address will not be published. Required fields are marked *