|
本帖最后由 adsluser11 于 2022-9-10 23:16 编辑 . o' z/ G) X+ k- b
6 }2 p1 l3 S9 F5 J' O& H* H进了telnet,把闪存备份了出来,本着技术共享的原则,发出来给大家研究,看看有什么漏洞可以利用没5 |8 `$ W+ k6 V* k5 E
2 Q2 w% P% g) l2 O" u& u7 j
5 {3 @- T3 e+ A- U& E3 b% O% m" Trootfs分区是jffs2格式,我在debian下挂在出来然后打包,方便大家直接研究:& G# n+ r. L1 ^! ~) W
# ~8 Y2 P0 |" P- k8 d- p3 B有几个包含个人信息的无关紧要的分区我就没包含进去了,两个kernel分区是一模一样的,就只传了一个,userconfig目录在删除了个人配置后上传 C9 X* H4 o! x' e$ T q
欢迎各位大神研究讨论,打倒奸商
8 d w% _( N. K8 `3 H; T/ M( x/ U8 c' X. ^% K1 l
3 o4 R: O4 {3 ?/ V
, ^9 [0 j: Z. w9 X( X
: S( J) p6 w- x! M7 ^9 w/ g$ w) P2 }
6 K4 H4 C. T0 Y1 ~7 \9 V
! ~ a& j3 |" I) I# l$ P' ?* i; X' y4 v2 K& U- V0 D! l
- <blockquote>/ # cat /proc/version
复制代码 p# Y' f$ [$ L0 }8 v- n+ T6 \! j& |
; {; h9 I, F* z; W
- / # cat /proc/mtd
# M! o9 K+ v" j1 J - dev: size erasesize name% e0 x# B- x' }. N8 `6 e
- mtd0: 10000000 00020000 "whole flash"
* v# s0 I, q6 m" z - mtd1: 00200000 00020000 "u-boot"5 x( B5 _$ ?( o; m
- mtd2: 00200000 00020000 "others"
; P% F3 z1 h3 D - mtd3: 00200000 00020000 "parameter tags"
& U! D+ O9 C% t! g' C1 E* V/ ? - mtd4: 00200000 00020000 "wlan": ]: X8 H$ B N% T
- mtd5: 00800000 00020000 "usercfg"# b9 n' N! \( e
- mtd6: 00600000 00020000 "middle"7 s5 e) F% r7 S* r( C6 o, |
- mtd7: 02800000 00020000 "kernel1"
( y) N5 K$ G: l7 k4 @+ f( v - mtd8: 02800000 00020000 "kernel2"+ W( {) O! C" s2 A7 v( c& Y8 s& q
- mtd9: 03200000 00020000 "osgi1"
/ g N' A, A f; h' w3 m - mtd10: 03200000 00020000 "osgi2"
& o0 Q& P! v8 X/ G - mtd11: 03600000 00020000 "plugin_data"
* X: t8 a8 p8 A - mtd12: 024e0000 00020000 "rootfs"
复制代码- mount
7 Y3 c( C: i4 @9 A# c' L1 u/ s! v - /dev/root on / type jffs2 (ro,relatime)0 y4 W1 _6 |- y
- proc on /proc type proc (rw,nosuid,relatime) {9 w( y! c' D6 D2 K4 o0 s4 m
- sysfs on /sys type sysfs (rw,nosuid,relatime)9 r! {! O, J" `. z
- debugfs on /sys/kernel/debug type debugfs (rw,nosuid,relatime)2 N- J3 W( N! b' O1 M; B2 `
- /dev/mtdblock3 on /tagparam type jffs2 (rw,relatime)
# a {1 V! ]$ ]7 \ - tmpfs on /var type tmpfs (rw,relatime,size=20480k)
% i6 g; ?' h. j1 q m - tmpfs on /upgtempfile type tmpfs (rw,relatime,size=102400k)
0 v( Z7 r" o7 t) U& H# T - tmpfs on /var/osstmp type tmpfs (rw,relatime,size=2048k): R9 d, G1 X) V. T4 d0 M! v
- tmpfs on /mnt type tmpfs (rw,relatime,size=2048k)
( C( j) y$ f* s8 T7 V - tmpfs on /var/felix-temp type tmpfs (rw,relatime,size=16384k)
. Y# Z# K& o: t) s6 C0 I% y - tmpfs on /tmp type tmpfs (rw,relatime,size=15360k)7 B2 X- g2 ~; ~9 l
- /dev/mtdblock5 on /userconfig type jffs2 (rw,relatime)
- i2 x4 @: \" Z' G* z - /dev/mtdblock6 on /usr/local/ct type jffs2 (rw,relatime)2 j6 I& r% R- N, e% {# i& b
- ubi0_0 on /usr/tmp type ubifs (ro,sync,relatime)9 N9 F1 x$ [' d5 f! {+ w
- /dev/loop0 on /usr/java type squashfs (ro,relatime)
& y; X1 }; v5 K0 l/ d - ubi1_0 on /usr/plugin type ubifs (rw,sync,relatime)" A2 ~; j) F$ `1 A# |5 ^7 Y& b
- /dev/mtdblock4 on /wlan type jffs2 (rw,relatime)% m7 K0 q3 x* B: r& H- r( j
- cgroup_root on /sys/fs/cgroup type tmpfs (rw,relatime)3 y; Z x4 M: t% X$ P3 T2 X3 q
- cpu on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
; H h! {6 |3 e/ f; m - cpuacct on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
5 M# g: f( x. d6 @; l - cpuset on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
& B& | N0 w# t5 ]( Z - memory on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)6 b4 C! S) o0 T- R% d
- /dev/sda on /mnt/usb1_1 type fuseblk (rw,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
复制代码- /usr/java/bin # ls /bin% F2 @" Z! b. x& }) i
- ash gpon_omci netstat sleep
/ L7 F. k3 q" D% c( ?: m: c9 l% ? - bndmange gpontest nice smbd
* Z; u) A& g4 ^8 W/ f h: S - bobtest grep nmbd smbpasswd
% d8 c3 L0 a6 E) W+ x- r2 I9 x# I$ K+ A - brctl gunzip ntfs-3g switchtst
! b9 r$ z9 q0 C4 N1 y - buservice gzip oamtest sync6 c% E J }" p, E7 B$ N
- busybox hostname openl2tpd tar
7 s T& R1 f1 W1 F, q& r - cat httpd opticaltst tc5 r, w: |, Q+ F/ C" L7 O
- chgrp igmp_proxy osgid tcping
5 {' e. `! q* y0 Y3 i% U - chmod ip p910nd telnetd U% P2 o) a) w0 v( h! W8 s
- chown ip6tables pc test_minioltlib( [. d) [% f( @/ b8 M k
- cmapidbg ipsec phddns testftp
& s1 \# h9 B+ Z5 D( A. L - cp iptables ping touch
) b9 V8 x& n" P; r - cpio ipv4protocol ping6 tr069d
$ \4 F+ @* S0 l3 ~ - cspd ipv6protocol portmap traceroute1
I, M1 I- g! j - ctsgw_proxyd kill pppd tso
% m3 }* G7 ]) }. b+ W7 O - date kshell pppoe-server umount% e( S! b- E. ?" Y) R1 T
- dd l2tpconfig ps uname
6 m/ S% y2 x2 u- x# g9 S8 N - devmem2 ln pwd upgradetest
* m% H) R4 R- \! @ - df login redir upnpd
# y0 F& i% S) r - dipc logtousb rm usbtest
3 \+ _# S9 X' P2 J, M/ f7 ?$ G- n$ ~ - dmesg ls rmdir usbtool
6 K/ l% r- ~: | - dnsdomainname lzop routed voip
: R0 E$ G1 P' v+ ?7 E! e. _$ B - dnsmasq memtest rpm voipstat U) b3 I8 Y' E+ p6 W9 h
- ebtables minioltdebug sdtest vsftpd
2 N; r5 Z0 j; T; r8 [5 |1 j# x. n - echo mkdir sed wbctl8 Q4 i4 ]7 E8 n5 P
- egrep mknod sendcmd wgets* M. E6 c7 z$ ^* E/ ^* `( L8 h; @! }
- epontest mld_proxy setmac wput$ F- ]9 ^1 |0 i6 P/ S* ?
- ethdriver_test mount sh wput_ftp9 g* b" L v# C: p
- fgrep msntp shellproxy wput_tftp% a9 p& ^( a5 v% |
- fpga multiapd shellproxy_getty xpondrvARM32.bin
# V0 `' Y' h2 k; c - ftest multicast_test shellproxyctrl z3gateway! L; L ]' O2 o" n
- fw_flashing mv simulation zcat- `8 b9 m" l& f% q7 y
- getopt nand slctool zxspdtest9 N$ W1 J3 P- y1 R
- ( R ^: w. u1 ?/ X5 P' U+ H
- 8 D7 l* w$ d* O3 [
- /usr/java/bin # ls /sbin/ O7 [/ a7 v$ H) j" C- i6 \1 d+ l
- BCLSockServer hostapd lsmod swapon ubirename' g4 ]! B) n. c
- band_steering hostapd_2.4g mtd_debug ubiattach ubirmvol7 k1 S3 x/ @4 o- ?- H
- dump_handler hostapd_5g pivot_root ubicrc32 ubirsvol9 E! e' x) W1 j* k+ }( W7 h( G. k* j
- dutserver hostapd_cli poweroff ubidetach ubiupdatevol
4 @& E: W' [& B) [+ ~- O. T+ S - dwpal_cli ifconfig reboot ubiformat
" C5 Z u( e3 a* Q7 |$ E" ?4 H7 K* ? - force_roaming init rmmod ubimkvol6 a9 u; T) w3 b3 E4 @( v
- getty insmod route ubinfo
, S3 }8 H7 v3 ?+ k v - halt iw swapoff ubinize k2 z5 @) L E! h6 t; ~
复制代码- /userconfig/cfg # cat /proc/cpuinfo$ s4 [7 J: {: X9 y# p
- processor : 05 z' C. _; W: L9 T
- BogoMIPS : 50.00
& d5 x, }9 R3 n) I - Features : fp asimd crc329 L* w% g6 @/ j: t# d
- CPU implementer : 0x41
# r/ z L; y5 d1 a) w1 f9 ` - CPU architecture: 8
& E: a0 B" m! I, S9 @6 s5 @ - CPU variant : 0x0- a+ E U8 E2 E8 w
- CPU part : 0xd03* D3 Z7 r$ Q, C( ], Y
- CPU revision : 4
% T6 H. v2 M2 Q( e
$ i& O* M& a( F" E% Y- processor : 1
9 m& j! V) S; T F - BogoMIPS : 50.009 n. f9 f0 F4 [! j0 p3 O, Z
- Features : fp asimd crc322 _9 j8 o( H; L! `
- CPU implementer : 0x41
1 V! x3 D/ u- X" y3 x* g: b - CPU architecture: 8. R, t6 Y( G8 L! l* l* X9 H2 A
- CPU variant : 0x0
& }& Q. `: {1 m4 P4 G - CPU part : 0xd03
4 } t% N5 o3 I J1 _! o2 T - CPU revision : 4$ k( Z4 S/ O; x* f; g5 A+ C
- , m* y% ~2 y0 }4 d
- processor : 2
9 X5 T. h: ]6 [ - BogoMIPS : 50.00* G9 Z4 f' x$ s3 O3 D( i
- Features : fp asimd crc32
+ w$ Y! ~' B2 s& r# V" y - CPU implementer : 0x41: u3 H* \, a% S9 P" n
- CPU architecture: 80 s5 _8 d3 m5 {3 b7 o
- CPU variant : 0x0
0 H' h N4 l+ i2 Z4 D - CPU part : 0xd030 E7 J+ _2 j' r; g" N. C8 T5 d
- CPU revision : 4: {! n W8 T7 q6 c: A$ D
- % V5 \( O+ s9 `6 U# }/ d% d
- processor : 3; O2 U' f L. r$ ]1 x
- BogoMIPS : 50.00
- I0 |; s0 k2 c' X - Features : fp asimd crc32
1 N- t* j( \$ W9 j1 M: T* x - CPU implementer : 0x41
+ N/ U- E8 C/ a! T9 | - CPU architecture: 8) R- [) k( l* q. k/ O9 v9 v4 p
- CPU variant : 0x0
% t- p/ S. A& S) O0 l5 i I - CPU part : 0xd03
# _. B+ }' B& S0 M1 } - CPU revision : 4
复制代码
* i, r& J5 v5 C q. c1 x4 U) `+ p4 e
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
×
|