Porting the Misfortune Cookie Exploit: A Look into Router Exploitation Using the TD-8817
By using just a few commonly available tools and a bit of time, it is possible to port the Misfortune Cookie exploit to exploit a TD-8817 V8 router running the latest firmware and gain reliable control over its web interface without crashing the router, even after repeated exploitation attempts.
In this whitepaper, I will discuss how I went about disassembling and debugging a TD-8817 v8 router to develop a compatible Misfortune Cookie exploit, which would allow me to gain reliable access to the admin control panel on the web interface without the need for a username or password. Along the way, I will show you how to extract the firmware from its original file using binwalk and disassemble the firmware in IDA Pro, how to identify the serial ports on the router’s board, how to set up a USB to TTY converter to connect into the board’s debugging ports, and how to make our own version of the exploit which will allow us to access the router’s web interface as an administrator without any credentials.
Once this is done, we will take a look back over what has been accomplished and reflect on two reasons why there are so many devices affected by this vulnerability, and on what needs to be done to secure them.
Authored by Grant Wilcox