iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)

EDB-ID:

49386

CVE:

N/A

EDB Verified:

Author:

h4cks1n

Type:

webapps

Exploit:   /  

Platform:

Hardware

Date:

2021-01-07

Vulnerable App: 
# Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
# Date: 07/01/2021
# Exploit Author: h4cks1n
# Vendor Homepage: iball.co.in
# Version: iBall-Baton WRA150N
#Tested on : Windows 7/8/8.1/10, Parrot Linux OS


# The iBall-Baton router version WRA150N is vulnerable to the Rom-0
Extraction exploit.

The rom-0 is a file which contains the ADSL Login credentials.

In the case of this router the access to this file is unusually not
encrypted.

The file can be accessed by following methods:


Method 1 : Type the WiFi IP address in the browser followed by /rom-0 (For
example - 192.168.1.1/rom-0). The rom-0 file will be downloaded. The file
is obfuscated,however.It needs to be deobfuscated using online decryptors

#Online Rom-0 decryptor - http://www.routerpwn.com/zynos/
#Offline Rom-0 decryptor - https://github.com/rootkick/Rom-0-Decoder

Method 2: (Linux)
This full process can be automated by using threat 9's routersploit

Routersploit Download- https://github.com/threat9/routersploit

Download and run routersploit and use router/multi/rom-0  module
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services