|
本帖最后由 adsluser11 于 2022-9-10 23:16 编辑
s h$ E$ e) v$ M3 r- m
, `& u: b4 Y" o- O- ?2 @2 Y# c$ |进了telnet,把闪存备份了出来,本着技术共享的原则,发出来给大家研究,看看有什么漏洞可以利用没* R/ j. G0 S" l4 y9 U- Z# s
( k' |. Y( ~ Y- G, E, W/ ` E2 l
$ L5 @/ T6 j c5 [$ \- G- K
rootfs分区是jffs2格式,我在debian下挂在出来然后打包,方便大家直接研究:
' r4 `" }1 Z/ w1 V! S) [9 M9 L& c4 C6 ]6 a* k5 J( M0 g8 f; N- R [7 J
有几个包含个人信息的无关紧要的分区我就没包含进去了,两个kernel分区是一模一样的,就只传了一个,userconfig目录在删除了个人配置后上传3 [, R7 n3 g6 U1 b) s
欢迎各位大神研究讨论,打倒奸商
) p, ]3 |. G/ K- M- F2 l& f8 z( J# P# i
( T, ?9 m! S2 \2 w0 q W
7 {8 f! g: S( E5 P4 A# v+ M$ ~. j& b/ F5 B6 e( `# `* {
) V, M$ @( ?( P7 m6 g
- ?& H2 R a5 \3 J3 |
2 H& ~& Z4 R" q0 z" L- <blockquote>/ # cat /proc/version
复制代码 # k- b# ]; {: }9 y7 g
1 j3 ?6 i# f2 u1 ]! V2 v. ]: E
- / # cat /proc/mtd
6 Z( c+ c8 G6 j: P8 y3 ^ - dev: size erasesize name
4 e- f7 k4 x& t& r5 Z - mtd0: 10000000 00020000 "whole flash"" r7 t6 ~: C/ [/ E+ ^
- mtd1: 00200000 00020000 "u-boot" J8 v J/ N* f
- mtd2: 00200000 00020000 "others"
8 ]0 B F9 a8 _" b - mtd3: 00200000 00020000 "parameter tags"
& M0 U. @! ` `4 S+ @8 k - mtd4: 00200000 00020000 "wlan"
5 t3 O) U" \- j! C; N% P1 N - mtd5: 00800000 00020000 "usercfg"
4 q: |$ u, |5 {7 Z2 R0 M# A - mtd6: 00600000 00020000 "middle"
5 E: `3 H6 @; [# l; T - mtd7: 02800000 00020000 "kernel1"% I2 ^( `) R- J. O, `
- mtd8: 02800000 00020000 "kernel2"$ l+ R! k9 j" L
- mtd9: 03200000 00020000 "osgi1" j4 \+ s+ {* X2 Z
- mtd10: 03200000 00020000 "osgi2"3 u g% B! j8 n; A; \# }
- mtd11: 03600000 00020000 "plugin_data"
6 m( H! h5 \/ g; i. N [ - mtd12: 024e0000 00020000 "rootfs"
复制代码- mount* F5 O) f# q$ z, |5 T, C
- /dev/root on / type jffs2 (ro,relatime)
# h# v3 z) I% l/ r - proc on /proc type proc (rw,nosuid,relatime)
, m. {& g. I% x" n0 v& r, J - sysfs on /sys type sysfs (rw,nosuid,relatime)6 Z6 N4 Y" q0 j' y' T
- debugfs on /sys/kernel/debug type debugfs (rw,nosuid,relatime)* `- K2 L @$ U( a* L
- /dev/mtdblock3 on /tagparam type jffs2 (rw,relatime)
, c/ N! X4 ~% s. b" V1 n - tmpfs on /var type tmpfs (rw,relatime,size=20480k)
% U' U8 w6 u7 b3 M7 c& g, d5 e/ k - tmpfs on /upgtempfile type tmpfs (rw,relatime,size=102400k)
% Z7 G, Y' k8 Y, X( t1 c - tmpfs on /var/osstmp type tmpfs (rw,relatime,size=2048k)2 K. g# c; g9 z8 p* D3 `
- tmpfs on /mnt type tmpfs (rw,relatime,size=2048k)
2 d" F: P4 \( N: b( G+ {7 w1 P, R P - tmpfs on /var/felix-temp type tmpfs (rw,relatime,size=16384k)
8 Z& g2 p( t2 S0 a - tmpfs on /tmp type tmpfs (rw,relatime,size=15360k)
% h+ H* ?; K7 N0 ]3 y/ B/ W - /dev/mtdblock5 on /userconfig type jffs2 (rw,relatime), }0 D. _7 s% d8 A& L9 H% G1 Y5 g
- /dev/mtdblock6 on /usr/local/ct type jffs2 (rw,relatime); P$ Z5 [5 B0 \4 x5 F) z
- ubi0_0 on /usr/tmp type ubifs (ro,sync,relatime); C6 z7 n# I+ d$ G% m
- /dev/loop0 on /usr/java type squashfs (ro,relatime)4 Q0 M C& L i" K c, [
- ubi1_0 on /usr/plugin type ubifs (rw,sync,relatime)4 C* s6 u X; V2 S$ U: A+ k0 {* y
- /dev/mtdblock4 on /wlan type jffs2 (rw,relatime)
+ D2 k1 H0 Q; d* x! U - cgroup_root on /sys/fs/cgroup type tmpfs (rw,relatime)
1 _: t8 u* q: w" } - cpu on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu): Y0 n, u# P. E6 y9 ]8 v# @
- cpuacct on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)/ {% J" t7 `9 G/ N
- cpuset on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
' ^* |$ G2 t$ _1 c( a! z - memory on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)/ j1 r8 K" O. h4 ^) S# X$ t
- /dev/sda on /mnt/usb1_1 type fuseblk (rw,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
复制代码- /usr/java/bin # ls /bin
" K; O M) X6 A5 l+ F - ash gpon_omci netstat sleep
; k, r p' T& z, l - bndmange gpontest nice smbd
( u4 Y, u# y! s; I$ A - bobtest grep nmbd smbpasswd
' E2 h- y3 |7 V' p$ o - brctl gunzip ntfs-3g switchtst
7 h' j( a7 k' k) G - buservice gzip oamtest sync7 a% F P d8 j" Q; l
- busybox hostname openl2tpd tar
; [6 ^6 j0 K* e. |% l: e - cat httpd opticaltst tc
+ P3 ^: S7 `6 t5 ?2 A - chgrp igmp_proxy osgid tcping; j1 F9 n8 m' j, Y7 a2 Y+ [! |
- chmod ip p910nd telnetd8 t6 E: H5 K; D; ~- A: g" P' g
- chown ip6tables pc test_minioltlib* S& a0 P: l& D8 i
- cmapidbg ipsec phddns testftp
. b7 Y% [8 W, B7 x9 k' o0 [ - cp iptables ping touch+ ]2 }1 P/ P0 o$ a
- cpio ipv4protocol ping6 tr069d0 d( G' Y9 V% W; n5 m V! X8 d
- cspd ipv6protocol portmap traceroute1
3 L/ _; n7 y m8 M) K6 A - ctsgw_proxyd kill pppd tso: c* r. E" S3 `2 o# W
- date kshell pppoe-server umount X5 V' g+ I" m( \( g; N6 }
- dd l2tpconfig ps uname& i- V8 o$ Z R6 E) `0 n
- devmem2 ln pwd upgradetest- ^+ [8 b) _6 h
- df login redir upnpd+ s% F I ^( m x; v
- dipc logtousb rm usbtest/ F5 q7 _/ Z: ?
- dmesg ls rmdir usbtool [/ D5 f/ P7 r" q
- dnsdomainname lzop routed voip9 U- `3 ?% n8 e5 _# F! R' g6 S: l
- dnsmasq memtest rpm voipstat& j a! i2 h5 {% S$ z9 X3 I& k! N
- ebtables minioltdebug sdtest vsftpd
9 \$ J1 P" A. ~1 s7 p - echo mkdir sed wbctl% W4 R6 u5 J% w/ n6 B$ o
- egrep mknod sendcmd wgets
* N) k8 s) K4 g+ o+ r9 @ - epontest mld_proxy setmac wput
: @8 n- f, ^4 F0 A- k) e - ethdriver_test mount sh wput_ftp
1 O3 n* X; T m. C7 E" O9 u - fgrep msntp shellproxy wput_tftp
! X/ T( ^4 R3 |7 R - fpga multiapd shellproxy_getty xpondrvARM32.bin
9 t- G# s, u: N - ftest multicast_test shellproxyctrl z3gateway
( f8 w- N S8 R" o6 w# _2 K - fw_flashing mv simulation zcat
; v$ V i5 {0 K2 N - getopt nand slctool zxspdtest
7 r, u6 q5 U& {: }- J - ! e7 u3 t5 m; g! F2 ~ ~# F* }
- # j& [' h: z/ T9 Q; H
- /usr/java/bin # ls /sbin7 w; ?& N# L- |- P* u5 k. @
- BCLSockServer hostapd lsmod swapon ubirename3 h* q: x$ z2 V0 ~! s) z! ~& K* i
- band_steering hostapd_2.4g mtd_debug ubiattach ubirmvol
Y' t7 ~& d O. f+ p - dump_handler hostapd_5g pivot_root ubicrc32 ubirsvol
! T7 ~& L5 |' i F) D6 ^ - dutserver hostapd_cli poweroff ubidetach ubiupdatevol8 k8 ?/ o% U. A% z' N
- dwpal_cli ifconfig reboot ubiformat. w4 M+ ~* Q' w b: H. Y8 v
- force_roaming init rmmod ubimkvol
7 ^! S0 q5 ~/ |# M a - getty insmod route ubinfo
/ ^. r! o' B, q; I( B6 @ - halt iw swapoff ubinize; g8 k. Y. \; }- k
复制代码- /userconfig/cfg # cat /proc/cpuinfo3 M2 ^; l' _) ]
- processor : 07 W& k+ p% c# O# T% I1 V' l
- BogoMIPS : 50.003 W. k3 l/ l, s5 k6 c9 O
- Features : fp asimd crc32
9 n7 W! g* R1 j Z- }! ^& ?4 n - CPU implementer : 0x41
" u$ N7 U# ?" Y: K6 e: `5 @- q - CPU architecture: 8
: f- }# Y- F6 v7 f9 l* { - CPU variant : 0x0
: V$ O+ o: s4 i- B3 {) o - CPU part : 0xd03" O( X# O" O7 w: r
- CPU revision : 4
+ ~ v! w: w3 b6 O: Z8 ? - b5 j% L _ h1 M4 {
- processor : 10 H9 [# Z/ y: f6 @
- BogoMIPS : 50.00
3 }( }) Z6 v: Y8 P" L1 {4 q - Features : fp asimd crc32" e. K/ M8 r O9 t/ S
- CPU implementer : 0x41% a; s. s$ l1 a2 _" X- M$ [
- CPU architecture: 82 J) n# y9 n, [; p T
- CPU variant : 0x0
) e9 _- p$ h5 k# Z& y9 Y% e4 l - CPU part : 0xd03
; i G8 y) M. H0 t5 j T - CPU revision : 4' g7 R; m1 Y- k$ C3 h
, Q$ R( A* t4 E% p8 t8 [- processor : 2
% \7 z% g+ @' p( T - BogoMIPS : 50.00
) j5 D+ y( a0 } K5 M2 ~ - Features : fp asimd crc32% h1 v8 L8 F( C
- CPU implementer : 0x417 I4 M, L1 B; i B# b, U
- CPU architecture: 8: \: Z$ A* f3 J0 u+ @. J
- CPU variant : 0x0
- `6 O7 @! P/ V" h - CPU part : 0xd03
0 n+ p. H6 U* g3 F - CPU revision : 4
% o0 C _* O* p. [ - . b3 [( ^2 X4 C6 p% O3 @
- processor : 3
+ g: q& S, i: d7 Q' i7 A - BogoMIPS : 50.00
" n1 d' ?# k0 G9 |* g, O* o' D. Y - Features : fp asimd crc32# n M! _+ N3 \$ Y, e: c1 C5 T
- CPU implementer : 0x41
+ Y. l+ b7 c; I# [, P# ]. @ - CPU architecture: 8
' g+ a6 _( T! v: ]; h2 V5 ^, h - CPU variant : 0x0+ x7 o, x# c5 Q! J% D5 h
- CPU part : 0xd03
! f! H9 H- m5 t - CPU revision : 4
复制代码 6 T/ e6 n. V- S: |" ^' h2 f
! P" }: P& v) Y |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
×
|