-
Notifications
You must be signed in to change notification settings - Fork 121
REXT usage
After starting REXT you are introduced to REXT console interface.
REXT:Router EXploitation Toolkit
Author:Ján Trenčanský
Email:jan.trencansky(at)gmail.com
Twitter:@j91321
Version:0.0
License:GNU GPL v3
================================
>
You can type help get list about available commands or help to get information and example usage on specific command.
>help
Documented commands (type help <topic>):
========================================
exit help load show unload update
>help update
Help: update REXT functionality
Usage: update <argument>
Available arguments:
no argument
update REXT using git
oui
update MAC vendor database
force
do git reset --hard and update
>
Command show will print list of directories or modules in current depth.
decryptors/zyxel/>show
rom-0_decrypt
decryptors/zyxel/>
You can press tab to autocomplete your command or tab tab to show available options. E.g. command load tab-tab will print all available modules disregarding your current path.
misc/>load
decryptors/draytek/vigor_config_old
decryptors/draytek/vigor_fw_decompress
decryptors/zyxel/rom-0_decrypt
exploits/linksys/ea6100_auth_bypass
exploits/netgear/n300_auth_bypass
exploits/zyxel/rom-0
harvesters/airlive/WT2000ARM
misc/accton/switch_backdoor_gen
misc/adb/a1_default_wpa_key
misc/adb/alice_cpe_backdoor
misc/arris/dg860a_mac2wps
misc/arris/tm602a_password_day
misc/belkin/mac2wps
misc/cobham/admin_reset_code
misc/draytek/vigor_master_key
misc/huawei/hg520_mac2wep
misc/huawei/hg8245_mac2wpa
misc/pirelli/drg_a255_mac2wpa
misc/sagem/fast_telnet_password
misc/sitecom/wlr-400X_mac2wpa
misc/vodafone/easybox_wpa2_keygen
scanners/allegrosoft/misfortune_cookie
misc/>load
You can use load command to start a specific module of REXT. When loading module not just changing directory new sub-console is actually created. You can see that by typing help command. The list of available commands changed. REXT modules always follow the same convention for paths type/vendor/module.
misc/>load misc/arris/dg860a_mac2wps
misc/arris/dg860a_mac2wps>help
Documented commands (type help <topic>):
========================================
exit help mac run set
misc/arris/dg860a_mac2wps>
Typing info when module is loaded will print basic information about module and its options.
misc/arris/dg860a_mac2wps>info
Name:ARRIS DG860A WPS PIN Generator
File:dg860a_mac2wps.py
Author:Ján Trenčanský
License: GNU GPL v3
Created: 23.7.2015
Description: Generates WPS pin for Arris DG860A router based on mac
Based on: Work of Justin Oberdorf https://packetstormsecurity.com/files/123631/ARRIS-DG860A-WPS-PIN-Generator.html
Options:
Name Description
mac MAC address used as input for WPS pin generation
misc/arris/dg860a_mac2wps>
Here you can use command mac to print current MAC address or use command set to set new MAC address. After you are done with configuration of module properties you can execute it with run command (this applies for all modules disregarding of their type). Some basic validations are in place that will prevent you in setting incorrect values.
misc/arris/dg860a_mac2wps>mac
00:00:00:00:00
misc/arris/dg860a_mac2wps>set mac 11:22:33:44:55
Error: please provide valid MAC address
misc/arris/dg860a_mac2wps>set mac 00:50:56:C0:00:08
MAC set to: 00:50:56:C0:00:08 (VMware, Inc.)
misc/arris/dg860a_mac2wps>run
Success:
WPS PIN: 62175401
Now that the module was executed you may wish to load different module. You can do this by typing back command. This command will exit only the current module and return you to the main REXT console. If you type exit it will exit REXT.
You can use unload command to get to REXT root directory. But this is not necessary since load command works with absolute paths you can use.
misc/arris/dg860a_mac2wps>back
misc/arris/>unload
>show
exploits
misc
harvesters
scanners
decryptors
>exit
Bye!