核心背景:华为HN8145x6电信版内置了三个容器,其中一个是openwrt。这个openwrt加载了一个overlay的rootfs,它的upper dir是可写的,所以可以玩。
1 F* t5 g+ \, ~( o/ J2 m* N1 O% C2 t
首先,要telnet或者ssh进去光猫,补全shell,登录之后执行su、shell,再su一次得到root权限,然后执行下列命令+ v: y6 B* o) T4 e% ?, y
( Q3 C% l5 b) h& G% O! P( X
#拷贝iptables套件到openwrt容器; S; n3 j( E( s( i6 B' a2 B8 w R
WAP(Dopra Linux) # cd /opt/upt/apps/apps/
6 k- D3 J2 v& R9 W& `WAP(Dopra Linux) # mkdir -p sbin" O, ]* G2 F0 }5 N6 M4 X
WAP(Dopra Linux) # chmod 755 sbin6 x2 r/ |. S. F. ^0 M
WAP(Dopra Linux) # cd sbin
! z4 p! m! }0 u, e' {WAP(Dopra Linux) # cp -a /sbin/*tables* .
# ^6 N, I" A$ s$ v- `WAP(Dopra Linux) # chown root:root *5 D0 w% B; e/ f9 ^2 s7 a
WAP(Dopra Linux) # chown root:root -h *1 v1 ]3 F" z, G% l+ ^( v0 w8 v5 H
; A a+ l- {3 g- n& O9 B5 {
#创建你自己的iptables规则,这里只是举例,切勿照抄
B5 B' \% G. ~' [# HWAP(Dopra Linux) # cd /opt/upt/apps/apps/etc
/ V8 k* E( A& c8 eWAP(Dopra Linux) # echo "#!/bin/sh" > rc.local
) i$ s! |, B9 e1 l6 PWAP(Dopra Linux) # echo "" >> rc.local8 z& T4 @8 |1 Y+ O4 s1 ]3 B- n; [" P
WAP(Dopra Linux) # echo "ip6tables -N FWD_PKU" >> rc.local- B) j1 H1 v O% O2 |: u& a
WAP(Dopra Linux) # echo "ip6tables -A FWD_PKU -s 2001:da8:201::/48 -j ACCEPT" >> rc.local5 z6 S5 O, C$ A5 s9 p6 {2 z
WAP(Dopra Linux) # echo "ip6tables -I FORWARD -j FWD_PKU" >> rc.local
& K' B6 y! I6 N4 V) ~9 WWAP(Dopra Linux) # chmod 755 rc.local [' c# l6 T& |/ m
f; {! U# h4 k/ }+ w
#重启,OK
/ u: G, M6 ]; m j" \WAP(Dopra Linux) # cd /6 u- m$ i# r* A5 u" L/ e' c- T
WAP(Dopra Linux) # reboot4 p( j7 x5 z: y4 W
) v7 x* t. Z) W' O3 x4 B% P思路来自于大佬achaoge的帖子[光猫] 玩机:激活华为光猫的小宇宙-openwrt |
粤公网安备44152102000001号 
发表于 2022-1-25 15:54:04