|
|
本帖最后由 adsluser11 于 2022-9-10 23:16 编辑
( D/ T! n$ C$ I" H7 x; H) Q% I9 E5 B+ u! T7 y
进了telnet,把闪存备份了出来,本着技术共享的原则,发出来给大家研究,看看有什么漏洞可以利用没! @/ A4 r& J# f; d$ [6 K
" P- [! k# U# G
( _% G+ _6 c- U+ Y& O
rootfs分区是jffs2格式,我在debian下挂在出来然后打包,方便大家直接研究:; x6 J9 k. J+ l3 S9 m
$ E. H( u+ C/ i$ f( X7 Z" }
有几个包含个人信息的无关紧要的分区我就没包含进去了,两个kernel分区是一模一样的,就只传了一个,userconfig目录在删除了个人配置后上传
9 W1 E! M' }: d3 V- q( b: k欢迎各位大神研究讨论,打倒奸商9 H# C* P9 {# { T4 R. w" e
5 ], g/ ]% G& A6 H0 N7 w+ R
' e0 s7 L3 T! M& k$ c* T7 e- R4 O
% v! N) [" O' c) E4 s0 ~* U% ^* t* a4 g2 l3 H
* u o k9 }0 Y _, c6 k0 R8 q) K ]# l
- <blockquote>/ # cat /proc/version
8 P: y1 [+ O1 e g8 t. r. Y- / # cat /proc/mtd1 j5 ]: U8 Y1 v$ B0 t8 f
- dev: size erasesize name
9 p0 F% i" [- R- Q0 T - mtd0: 10000000 00020000 "whole flash"
; x8 V y! k+ I1 T6 X - mtd1: 00200000 00020000 "u-boot"
- |6 W- l% n0 B9 O. _1 }3 U - mtd2: 00200000 00020000 "others"
" x5 B8 x( W9 p/ g% K! d' L - mtd3: 00200000 00020000 "parameter tags"
! w- d# I* z$ c5 ^ - mtd4: 00200000 00020000 "wlan"
( x H$ @! A1 q1 u# _- ?3 O - mtd5: 00800000 00020000 "usercfg"
( k8 d* k$ S5 w/ E) f/ a( b - mtd6: 00600000 00020000 "middle"& d8 z9 Y( d/ `$ A
- mtd7: 02800000 00020000 "kernel1"
7 Y! I, j# X: d7 ?( p: T: ~ - mtd8: 02800000 00020000 "kernel2"8 J8 j- B" |' V; X
- mtd9: 03200000 00020000 "osgi1"
+ Q" t: t0 b( r - mtd10: 03200000 00020000 "osgi2", a+ K& r3 ]' C- V: g
- mtd11: 03600000 00020000 "plugin_data"
6 @4 p6 P. r7 \0 P, R6 A% M- Z( m - mtd12: 024e0000 00020000 "rootfs"
- mount6 X1 d+ |% Q" X
- /dev/root on / type jffs2 (ro,relatime). {6 K) J8 r J. F" |
- proc on /proc type proc (rw,nosuid,relatime)$ k7 w' I8 r! L0 S$ }
- sysfs on /sys type sysfs (rw,nosuid,relatime)) k5 N! W& X6 j) V8 d; |; M3 \+ W% D0 C
- debugfs on /sys/kernel/debug type debugfs (rw,nosuid,relatime): G$ w2 I6 ]( w/ C' Q
- /dev/mtdblock3 on /tagparam type jffs2 (rw,relatime)
* c+ n5 p4 q0 u2 J - tmpfs on /var type tmpfs (rw,relatime,size=20480k)& B1 P6 f! ]8 E3 I0 ~+ @0 X
- tmpfs on /upgtempfile type tmpfs (rw,relatime,size=102400k)
. L" g/ I0 V7 G9 x0 C2 I- V) S - tmpfs on /var/osstmp type tmpfs (rw,relatime,size=2048k). |$ R* P' R6 y# ?9 v5 t5 d) r2 S
- tmpfs on /mnt type tmpfs (rw,relatime,size=2048k): C7 `; h9 C' }) s' M8 K
- tmpfs on /var/felix-temp type tmpfs (rw,relatime,size=16384k)9 V6 D3 N$ H. `7 \
- tmpfs on /tmp type tmpfs (rw,relatime,size=15360k)
e$ \! m1 c1 M1 m - /dev/mtdblock5 on /userconfig type jffs2 (rw,relatime)
* d% b. y/ N& c1 z - /dev/mtdblock6 on /usr/local/ct type jffs2 (rw,relatime)" Q9 l3 x' V0 ?% [0 k
- ubi0_0 on /usr/tmp type ubifs (ro,sync,relatime), [5 l$ d& @' }5 h Y
- /dev/loop0 on /usr/java type squashfs (ro,relatime)
, Q0 x" M) G( H% j( e! B5 L; X+ M - ubi1_0 on /usr/plugin type ubifs (rw,sync,relatime)6 o# r J. h8 x( A
- /dev/mtdblock4 on /wlan type jffs2 (rw,relatime)
0 n/ k; ?9 L& h8 x K8 F - cgroup_root on /sys/fs/cgroup type tmpfs (rw,relatime)
, q) s9 \$ K$ w' \2 J5 k - cpu on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
5 w0 n1 o; S; Y- n5 _6 a3 m - cpuacct on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
& Q' B$ Q% L) v" C - cpuset on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)' T L4 M7 B/ Z( r
- memory on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
9 U/ j% X" Y5 |( ^, B - /dev/sda on /mnt/usb1_1 type fuseblk (rw,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
- /usr/java/bin # ls /bin; z, k% D$ h5 A4 l) @9 L L( z! F: o
- ash gpon_omci netstat sleep) K5 b* \& Q/ T! [9 n3 @+ h
- bndmange gpontest nice smbd( D, p& H7 H' u( V, i8 b% w
- bobtest grep nmbd smbpasswd2 g) p0 z. \6 M: ]
- brctl gunzip ntfs-3g switchtst
$ y) |( p2 U, _, H. _" N - buservice gzip oamtest sync
5 B6 F7 B L2 J6 ]; Y: A - busybox hostname openl2tpd tar
+ a" p1 f, G7 a0 Y4 w/ _ - cat httpd opticaltst tc5 k* k7 f w, X8 ~$ n
- chgrp igmp_proxy osgid tcping
1 G% q' g- T, [) G; _, M' ^+ [ - chmod ip p910nd telnetd# j) D( R+ G B2 |6 a. l
- chown ip6tables pc test_minioltlib
% ^0 k+ o8 q1 Y: ~( R6 u% X - cmapidbg ipsec phddns testftp
) a B$ p8 q2 E6 Q4 h" `% j" ` - cp iptables ping touch l% \4 c W" H5 J( }* g9 `' W
- cpio ipv4protocol ping6 tr069d( I1 i; |) N6 ?& U2 t- O
- cspd ipv6protocol portmap traceroute1, O3 }3 ]% A" A
- ctsgw_proxyd kill pppd tso9 e! B8 F K+ I( p( f$ i
- date kshell pppoe-server umount+ X8 O2 Q: o: L
- dd l2tpconfig ps uname
& x: [2 K1 ~5 C' Q. o" f7 q) X! o - devmem2 ln pwd upgradetest4 y l6 O$ D, }4 n
- df login redir upnpd
5 ~/ Y/ W" [- b1 [4 \. ? - dipc logtousb rm usbtest8 A! Q1 o+ A3 i
- dmesg ls rmdir usbtool
8 B) [3 {: U" v8 o - dnsdomainname lzop routed voip
( R: k& {( n7 g5 k: t - dnsmasq memtest rpm voipstat
2 t5 m/ p) L; e7 J' s# p - ebtables minioltdebug sdtest vsftpd5 D9 W/ ~, I, |' L: ~) T' ~
- echo mkdir sed wbctl# z+ S8 z; l5 i5 G- e4 J2 z
- egrep mknod sendcmd wgets* N' l6 M0 C w# D" V5 N
- epontest mld_proxy setmac wput5 N% h/ H: {9 N; g6 u4 X( R7 J
- ethdriver_test mount sh wput_ftp* x! b* D L; Z5 T5 [8 j
- fgrep msntp shellproxy wput_tftp1 |( w0 V: n1 ^* \
- fpga multiapd shellproxy_getty xpondrvARM32.bin( s# |8 w5 F) a
- ftest multicast_test shellproxyctrl z3gateway
0 ?# D3 v& w- Y% x2 c - fw_flashing mv simulation zcat) B& H8 g- S8 S- \7 k; n
- getopt nand slctool zxspdtest( S0 _& P- @ D0 \1 ~. F" K( F
- b7 |2 k4 m7 A' n/ C. Z+ F& P- / v5 f1 m" e1 N0 c I C8 K
- /usr/java/bin # ls /sbin6 ]1 z4 i" J: K! k! T0 s0 M
- BCLSockServer hostapd lsmod swapon ubirename* ~, E! _% ?/ C1 K. Q- V# d& o4 S3 x
- band_steering hostapd_2.4g mtd_debug ubiattach ubirmvol1 Q. b9 f, j! a7 F+ }% y
- dump_handler hostapd_5g pivot_root ubicrc32 ubirsvol! Y+ }/ w$ n( d: e, X
- dutserver hostapd_cli poweroff ubidetach ubiupdatevol0 a4 i- j q" h
- dwpal_cli ifconfig reboot ubiformat! L8 d& x3 q& X0 w! G
- force_roaming init rmmod ubimkvol
6 x6 N- P+ P; }1 X - getty insmod route ubinfo
) f2 b; m! k) L8 Z9 Z' x - halt iw swapoff ubinize
: h; R: x% S( N! t
- /userconfig/cfg # cat /proc/cpuinfo Y- E7 R+ V- }$ P
- processor : 0
: Y Y P/ J3 z% }* a) f9 K; p - BogoMIPS : 50.00& |2 i8 o1 q8 N3 P' ~/ _7 e
- Features : fp asimd crc32& m F3 e- q$ p, a6 i& B
- CPU implementer : 0x41
& L/ X8 @* g3 z - CPU architecture: 8, ]% |- ?) F( J7 P C% P
- CPU variant : 0x0
# Y5 U$ m* F' T. v# t. g - CPU part : 0xd03
+ ]- i# P3 Z7 y - CPU revision : 4- C; d/ l; F, j8 Y; y: W) y
- " t% e& P& l* n" ?
- processor : 1
9 M4 @$ ^* G9 | - BogoMIPS : 50.00# h" E% K: ]5 h
- Features : fp asimd crc325 ^; h7 `3 K, W, P3 t4 g
- CPU implementer : 0x41
/ D+ i: H, z9 j - CPU architecture: 8
; Z$ D1 z. u* V- N7 ~0 c3 D - CPU variant : 0x0% x0 R$ v: h9 K0 r& b- z
- CPU part : 0xd03
1 T2 U- Q1 D! z# f - CPU revision : 4
# K7 x4 ~% m1 H+ |+ W7 @6 a# \$ j - # c# C+ j7 m! b7 M3 M$ V
- processor : 2
# N- z3 v1 \0 Q; p - BogoMIPS : 50.001 r' C: w) O/ B$ j# B D
- Features : fp asimd crc32' {- c. o( c5 h) }8 ]4 Z6 r) z
- CPU implementer : 0x41
1 }9 |" H' T" a! c$ f - CPU architecture: 8
$ Z g; ^2 q; T. v - CPU variant : 0x08 d' O- [$ ~& h6 @# h6 y' m4 o- X# |+ U9 [
- CPU part : 0xd03
" I. q( m( O, C8 x9 R - CPU revision : 4* F( p0 ?& P0 \+ z
- : q, j; C: D& X$ o/ v- d; `3 |
- processor : 31 o2 K. d2 B/ k7 e7 e6 S9 m( N- j
- BogoMIPS : 50.004 ]& o m; g# L' o! E
- Features : fp asimd crc32
* i e2 `: Q G8 t% a3 l9 c - CPU implementer : 0x414 Q% E0 A0 Q! R3 r2 c6 |
- CPU architecture: 8 m. o( z1 D/ B: s5 S, o. ~* f
- CPU variant : 0x01 E- O. d+ ], e9 r
- CPU part : 0xd038 ]8 }/ x% V6 F' C6 q2 J
- CPU revision : 4
$ h" W0 F+ i# F" y' C' r. R; ^+ H( T7 h" s+ ~' _
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
×
|
粤公网安备44152102000001号 
发表于 2022-9-10 23:11:41