|
本帖最后由 adsluser11 于 2022-9-10 23:16 编辑
4 K$ a4 p6 H; U/ x; D( B; Z. Z8 H1 r. U8 M
进了telnet,把闪存备份了出来,本着技术共享的原则,发出来给大家研究,看看有什么漏洞可以利用没9 f; k+ F* [" E
4 T& X; ^8 {* _
) i4 j* ~3 l: J* u* s2 X1 g# ]rootfs分区是jffs2格式,我在debian下挂在出来然后打包,方便大家直接研究:' P H/ z/ N& J( l! ~
6 L. t0 n& E$ p" f
有几个包含个人信息的无关紧要的分区我就没包含进去了,两个kernel分区是一模一样的,就只传了一个,userconfig目录在删除了个人配置后上传: J, |9 G |8 H$ l4 L7 W9 x2 U
欢迎各位大神研究讨论,打倒奸商
/ k; V, {! M) D6 Z, V% [/ P* D7 T2 \* e5 i% ?+ j
6 B5 c5 J# Q# p" d1 l
! H1 E: P& T! q/ h. a
# U: [/ Z1 K- r
4 b( q5 i# `$ |' }/ y3 [) R7 ?% }* h) g4 s) D
1 i* J/ u0 ]5 I) ?1 i- <blockquote>/ # cat /proc/version
复制代码
9 [2 T8 ?0 X( v8 F, Y$ K) j o2 F i2 K( X' ]2 l. {
- / # cat /proc/mtd9 I& M0 f# z3 l Q
- dev: size erasesize name
& {$ Y2 k- L: M6 u - mtd0: 10000000 00020000 "whole flash"
% a! [5 }7 i& Q T - mtd1: 00200000 00020000 "u-boot"
( J& i, Z7 C3 X - mtd2: 00200000 00020000 "others"
' W# Q; T# Z4 d: S# L - mtd3: 00200000 00020000 "parameter tags"
( F4 _! e3 {( ]7 B/ o" e, I4 n - mtd4: 00200000 00020000 "wlan"7 R: F) B' H, r: f! S, u% e. _& A
- mtd5: 00800000 00020000 "usercfg"
$ W$ n8 @2 u& e2 Y% r. y - mtd6: 00600000 00020000 "middle"$ R6 C) h! G5 x4 z+ i. Z8 E: v ^
- mtd7: 02800000 00020000 "kernel1"* d% J! ~9 h4 E' v# q2 c
- mtd8: 02800000 00020000 "kernel2"
: v$ ]# J4 l( D# F - mtd9: 03200000 00020000 "osgi1"
9 ]9 s, g/ U a - mtd10: 03200000 00020000 "osgi2"- h; d9 n7 p# ~7 }* d( F
- mtd11: 03600000 00020000 "plugin_data"( h7 K- c- C/ a8 W* F
- mtd12: 024e0000 00020000 "rootfs"
复制代码- mount# u3 ] r y) ^; K5 S5 B
- /dev/root on / type jffs2 (ro,relatime)
& S& U+ O% p" g1 i% | - proc on /proc type proc (rw,nosuid,relatime), m0 F# ?! w( g4 [6 `
- sysfs on /sys type sysfs (rw,nosuid,relatime); x5 _9 R, C( |8 k
- debugfs on /sys/kernel/debug type debugfs (rw,nosuid,relatime)3 x7 L. U/ e, ~# s
- /dev/mtdblock3 on /tagparam type jffs2 (rw,relatime)
}9 b/ S0 c8 T# } - tmpfs on /var type tmpfs (rw,relatime,size=20480k)
7 t2 K' g% d- m/ H0 v - tmpfs on /upgtempfile type tmpfs (rw,relatime,size=102400k)) E/ ? K( q; X. s
- tmpfs on /var/osstmp type tmpfs (rw,relatime,size=2048k)
$ T6 [& Q6 l" h# M - tmpfs on /mnt type tmpfs (rw,relatime,size=2048k)( } d. X( }# q, q
- tmpfs on /var/felix-temp type tmpfs (rw,relatime,size=16384k)
& t$ D7 |4 z1 \7 z4 J" [ - tmpfs on /tmp type tmpfs (rw,relatime,size=15360k)
9 o- S3 l' F; f - /dev/mtdblock5 on /userconfig type jffs2 (rw,relatime)
3 ~4 L4 I _9 x* p- j7 o9 G - /dev/mtdblock6 on /usr/local/ct type jffs2 (rw,relatime)
% K: L9 N) m, O* P; P3 _# O7 Q - ubi0_0 on /usr/tmp type ubifs (ro,sync,relatime)8 ^) {/ o: C/ C( G% w
- /dev/loop0 on /usr/java type squashfs (ro,relatime)
3 a( K- o; A# V1 G - ubi1_0 on /usr/plugin type ubifs (rw,sync,relatime): Z% L! n: [9 H- y
- /dev/mtdblock4 on /wlan type jffs2 (rw,relatime)
4 [$ C. u) ` U - cgroup_root on /sys/fs/cgroup type tmpfs (rw,relatime)+ H P3 Y, E( j; S) G& F6 ^
- cpu on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)/ u) W: A# F( a2 U" w# q
- cpuacct on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)2 C3 X4 r3 T: _( s7 b* A
- cpuset on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset) H: X# W- k6 f! J9 H
- memory on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
* x% D( I, {/ I7 ^ ?7 g0 C; e - /dev/sda on /mnt/usb1_1 type fuseblk (rw,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
复制代码- /usr/java/bin # ls /bin
9 v5 t. q4 y, i. f - ash gpon_omci netstat sleep
/ e% X5 |0 R7 M2 v/ e - bndmange gpontest nice smbd
" e/ a3 r5 x' s! c) F1 O, Y - bobtest grep nmbd smbpasswd
4 I. P/ e6 ^1 k% r - brctl gunzip ntfs-3g switchtst$ w- {* a. r' K6 o9 i
- buservice gzip oamtest sync
- [1 J5 ?3 c" V, A5 P9 Z - busybox hostname openl2tpd tar/ x; @0 ^6 U( a! e8 Y8 R. ^ a
- cat httpd opticaltst tc" \4 Z6 I( J- l4 E9 Z8 [5 J( [/ n
- chgrp igmp_proxy osgid tcping
1 Q7 q, W: a6 S - chmod ip p910nd telnetd1 G7 h3 v, R' A+ ?
- chown ip6tables pc test_minioltlib3 {1 m! W6 L! t/ c$ ^0 t( c! J x
- cmapidbg ipsec phddns testftp3 w6 r0 j& `1 P, _' E& Q4 r
- cp iptables ping touch$ a6 Z, Z) @' U5 c4 r* T; X
- cpio ipv4protocol ping6 tr069d; w% N/ A. M# u9 |( t4 H. ^8 Y
- cspd ipv6protocol portmap traceroute1
% |+ I4 a* g0 Z- z" |2 J# F - ctsgw_proxyd kill pppd tso+ }3 u9 R$ G- m+ b* c3 N
- date kshell pppoe-server umount. k/ }& a. ?5 n$ [
- dd l2tpconfig ps uname
9 W" v" l/ @9 k3 M1 {1 h% Y9 | - devmem2 ln pwd upgradetest1 N' {2 B$ A! G
- df login redir upnpd
! Z1 X( U! s; ~8 J" n - dipc logtousb rm usbtest! \* K% q3 ]/ @
- dmesg ls rmdir usbtool
0 E. A2 Y9 k2 z" s3 z - dnsdomainname lzop routed voip |0 R( D$ K. F2 @
- dnsmasq memtest rpm voipstat
* {2 e- u" F3 L C - ebtables minioltdebug sdtest vsftpd
- g, B9 I7 `7 f% H5 z9 j8 o, h - echo mkdir sed wbctl
1 f1 _% d9 [/ B, r. H - egrep mknod sendcmd wgets" u5 F: d: e! {" w% s$ b) I" L
- epontest mld_proxy setmac wput
( S8 [4 V- R5 `3 h; V2 U - ethdriver_test mount sh wput_ftp3 V. F9 H+ Q$ e* G7 |, a, m* N
- fgrep msntp shellproxy wput_tftp2 w2 k" ], y0 E4 k5 p
- fpga multiapd shellproxy_getty xpondrvARM32.bin9 J$ A3 q2 M1 `; _* S% d) n5 h
- ftest multicast_test shellproxyctrl z3gateway
! d8 J9 c9 z5 o) N, i - fw_flashing mv simulation zcat3 h6 E4 A) o0 d0 v0 K2 K
- getopt nand slctool zxspdtest
: Z; C3 M4 k; J/ l" k0 f1 S4 i - - L2 ?2 y( Q; E% o& `6 B) b
- * B' O1 ^: A3 C6 J9 _$ S. L0 D
- /usr/java/bin # ls /sbin9 I! R0 z m5 I. F7 L. b0 g
- BCLSockServer hostapd lsmod swapon ubirename# f3 Z- E/ {: W" g+ v3 z8 K# ]4 u
- band_steering hostapd_2.4g mtd_debug ubiattach ubirmvol
2 \- X# \9 h R3 {) @3 t - dump_handler hostapd_5g pivot_root ubicrc32 ubirsvol: A/ J% N) A8 c d( R+ `
- dutserver hostapd_cli poweroff ubidetach ubiupdatevol
- A. a: o/ ]& u9 b9 Z& ] q7 D3 O. a, r - dwpal_cli ifconfig reboot ubiformat( q$ H$ B* k4 y7 f, U* U5 |" [
- force_roaming init rmmod ubimkvol
9 n1 m6 |0 @( ` - getty insmod route ubinfo) q! ~: _" V& h" _/ l, d
- halt iw swapoff ubinize
$ s6 e/ t( B6 Y$ r8 \7 r' }
复制代码- /userconfig/cfg # cat /proc/cpuinfo
0 z$ p' F: p l/ L8 R - processor : 08 x# y( d" i" B( k- p# W
- BogoMIPS : 50.00 u% _" b8 |( h+ |( r* [7 l- F
- Features : fp asimd crc32) J" @9 ]& X ^2 H- {- C8 J; Q: o
- CPU implementer : 0x41
7 ^/ N- |/ V: m" l - CPU architecture: 8
8 J) M, l V' l7 p - CPU variant : 0x0
6 @* A3 m: L. I% }1 k5 [0 P5 Z - CPU part : 0xd03
: ^1 c" _$ c3 B4 w* ^6 S - CPU revision : 4
" @& u; Z1 c' r/ b! `4 T; P - & ^, ~0 A; \7 r$ J1 W
- processor : 1; X0 [' B9 O% O2 e$ o; H
- BogoMIPS : 50.00
8 B* J1 V8 Z9 J& Q- @) `; J - Features : fp asimd crc32
2 Q, j! x& s& Z" |, ^9 z' O4 j5 Z' m: B - CPU implementer : 0x41* E l/ h. M# a: X
- CPU architecture: 85 N; y4 I8 A; i+ T! b$ X. E
- CPU variant : 0x0
2 u: X' E( I$ M6 k s% { - CPU part : 0xd03
# h/ m# a- y9 @; ]* o$ m - CPU revision : 41 `0 R9 O' D* ~( D
7 N, x# ?! s# G6 `2 h3 m- processor : 2' O8 I" U- m* S/ B" V) ?
- BogoMIPS : 50.00$ r4 D) q/ ?3 C
- Features : fp asimd crc32
8 Y0 e/ f: I7 ~; K - CPU implementer : 0x41
* j0 f/ d7 X+ J2 `( B7 _ - CPU architecture: 8# B* T; H- M$ f! W! h6 B
- CPU variant : 0x0
' V/ o7 `; _) [4 { - CPU part : 0xd03
6 x! ^! t) O. v5 O2 `* |$ H - CPU revision : 4
3 g5 o' w) B4 J( m) Y - ! u+ v/ I: Y, w. n
- processor : 3
3 W5 G3 w) A( a - BogoMIPS : 50.00
8 @+ y, U9 V# Q3 c3 y8 g" d - Features : fp asimd crc32
% u; N! t1 \! ?5 r& ^& c - CPU implementer : 0x41/ S* c3 o0 K9 p' S$ [; p
- CPU architecture: 8) H5 v$ f0 n |1 Z+ d
- CPU variant : 0x0. H3 n6 n% [( _! _
- CPU part : 0xd03
7 q3 b1 q+ _7 ?$ q) a; G. j! U - CPU revision : 4
复制代码 , r; Z% j0 d2 K& k& o h
9 C' a: [/ I! d |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
×
|