|
|
本帖最后由 adsluser11 于 2022-9-10 23:16 编辑
V o# u1 X7 L. N0 P$ a! v
1 R+ `7 {$ b# f进了telnet,把闪存备份了出来,本着技术共享的原则,发出来给大家研究,看看有什么漏洞可以利用没
! s; c/ Z3 C, C3 @
9 V) z- E J. Z l% Q6 o4 Q$ }) f4 ?1 `4 F4 U" A
rootfs分区是jffs2格式,我在debian下挂在出来然后打包,方便大家直接研究:
' b6 `+ _9 F3 X+ ?! K
/ M9 A$ W& ], L( J) Z, e; o# M有几个包含个人信息的无关紧要的分区我就没包含进去了,两个kernel分区是一模一样的,就只传了一个,userconfig目录在删除了个人配置后上传- I3 d+ U7 S+ p! F) J% g0 @
欢迎各位大神研究讨论,打倒奸商
9 V. G' L% {" `" `5 c- a" R" k0 ~0 M
, c$ C2 X# X$ b8 x
5 X4 B/ x4 i4 ^; B- Q ]4 ^
4 ^6 R! A7 c" @% {6 T& ?; |& B W0 A5 }3 [
$ [4 o5 k2 U0 d& z/ C1 G
/ j( z; k Z+ b( z( w- <blockquote>/ # cat /proc/version
: R* l+ g) P2 J5 o8 n! d$ u+ d- / # cat /proc/mtd
$ p9 ~; Q+ k( U - dev: size erasesize name/ E1 r, h7 G: j$ A2 w* }
- mtd0: 10000000 00020000 "whole flash"
# q9 }" z+ l$ B v: A# ^5 S- f - mtd1: 00200000 00020000 "u-boot"
2 y b* `( _5 m4 B3 J - mtd2: 00200000 00020000 "others"
- c5 n: v' R) y2 w - mtd3: 00200000 00020000 "parameter tags"! B: ^7 _' S) }
- mtd4: 00200000 00020000 "wlan"
' _( W' ?6 p6 S, r" U9 U - mtd5: 00800000 00020000 "usercfg"
6 V* E& W+ Q! h% f) k - mtd6: 00600000 00020000 "middle"; K* {. w/ X, Z9 e
- mtd7: 02800000 00020000 "kernel1"/ V1 o: h$ p8 x: t8 |; A
- mtd8: 02800000 00020000 "kernel2"# B1 s- _$ W- l/ B# t2 A& e5 a' m
- mtd9: 03200000 00020000 "osgi1"' W' l6 B8 M' s
- mtd10: 03200000 00020000 "osgi2"
! r4 i7 ^+ r2 \ - mtd11: 03600000 00020000 "plugin_data"9 N( T; @/ G3 N) Y0 B4 z
- mtd12: 024e0000 00020000 "rootfs"
- mount0 S) V! b5 M1 q
- /dev/root on / type jffs2 (ro,relatime)4 h( U( o: Q% h) p; i
- proc on /proc type proc (rw,nosuid,relatime)" d' `. H" Y! p8 T: v
- sysfs on /sys type sysfs (rw,nosuid,relatime)
$ n8 Y( p. C% P$ x9 A' `- ~0 C4 u - debugfs on /sys/kernel/debug type debugfs (rw,nosuid,relatime)
N" @) ^! b: H3 s j+ k: g - /dev/mtdblock3 on /tagparam type jffs2 (rw,relatime)9 h8 ^! P w, [+ m7 ?1 o
- tmpfs on /var type tmpfs (rw,relatime,size=20480k)
% g5 L" Y! x0 s, x+ { - tmpfs on /upgtempfile type tmpfs (rw,relatime,size=102400k)
+ {; M' q# @# D) a$ a2 L1 w - tmpfs on /var/osstmp type tmpfs (rw,relatime,size=2048k)
/ h8 B) M, e/ g* a - tmpfs on /mnt type tmpfs (rw,relatime,size=2048k)
, }% v/ B j& W% H - tmpfs on /var/felix-temp type tmpfs (rw,relatime,size=16384k)5 A y. O+ e9 V
- tmpfs on /tmp type tmpfs (rw,relatime,size=15360k)! j5 C8 |3 q- ^* n' j+ c1 Q! @
- /dev/mtdblock5 on /userconfig type jffs2 (rw,relatime)
% k; D4 y* V! I. B' d - /dev/mtdblock6 on /usr/local/ct type jffs2 (rw,relatime)
: {- B" `5 m* |0 h* g - ubi0_0 on /usr/tmp type ubifs (ro,sync,relatime) n; ~! R( G0 }3 u
- /dev/loop0 on /usr/java type squashfs (ro,relatime)4 |* `2 Q4 O8 p
- ubi1_0 on /usr/plugin type ubifs (rw,sync,relatime)
+ Q1 x0 Z# e. D - /dev/mtdblock4 on /wlan type jffs2 (rw,relatime)5 Z! @' U" J" `# k# Z
- cgroup_root on /sys/fs/cgroup type tmpfs (rw,relatime)
8 u; t" a; G/ d% @9 o2 E" N - cpu on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
2 {' V: E/ ~8 s* |7 r8 m - cpuacct on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
% v, H, ~$ ^9 |! M B: X3 G! r - cpuset on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
% ?) Z# E6 y0 D% I. U3 j - memory on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)) p9 Y2 p& G9 [. x
- /dev/sda on /mnt/usb1_1 type fuseblk (rw,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
- /usr/java/bin # ls /bin
! H. G3 S" @' o - ash gpon_omci netstat sleep, Q3 a1 l6 Z( v4 f! J
- bndmange gpontest nice smbd) i& D& w. T; g& I9 t
- bobtest grep nmbd smbpasswd% [0 W3 ?8 M- K/ e/ w
- brctl gunzip ntfs-3g switchtst* p) Z9 u% L( k2 x; p+ q5 @
- buservice gzip oamtest sync
6 Z! h& F) P! u% ?" c* Y6 q2 f - busybox hostname openl2tpd tar
1 T9 U5 G# C: s6 [$ F% G - cat httpd opticaltst tc
/ p; L; \; ]; p0 m0 g - chgrp igmp_proxy osgid tcping
3 ?7 z2 P) }+ T; n4 @. w - chmod ip p910nd telnetd( w1 Z0 T1 K7 L$ Q; Z6 B: w" q
- chown ip6tables pc test_minioltlib$ f; o0 k! w. s# B* R0 K- e
- cmapidbg ipsec phddns testftp" k) r m2 T! T2 ~' g
- cp iptables ping touch: |4 Z2 C3 L, ? z* d
- cpio ipv4protocol ping6 tr069d! p* @' B. E' Y) g
- cspd ipv6protocol portmap traceroute1$ F7 F6 _8 \+ g; }3 l* Z
- ctsgw_proxyd kill pppd tso( m( h7 D! n2 h7 d$ n4 R7 i/ H
- date kshell pppoe-server umount3 w0 h4 ~: p5 a" S# R/ k5 L
- dd l2tpconfig ps uname
: f9 e3 g' W* e9 h8 O* _7 E - devmem2 ln pwd upgradetest6 Z" k& [* S! x
- df login redir upnpd
, ~& e; q# {& b - dipc logtousb rm usbtest
- [* f e8 [6 q4 }) F - dmesg ls rmdir usbtool( P0 E* u+ V! X: N. u0 G' x6 W
- dnsdomainname lzop routed voip4 E# W. N4 R4 h U
- dnsmasq memtest rpm voipstat
5 y5 V3 @# h I4 B1 u - ebtables minioltdebug sdtest vsftpd
* d% w* h( ?0 b; w% z8 ^) X! z - echo mkdir sed wbctl$ k; N7 ^- ^2 w8 [
- egrep mknod sendcmd wgets
' t- N' e0 S. {3 S, z# |8 x3 h - epontest mld_proxy setmac wput
! z0 |2 Q6 z( V- w( a - ethdriver_test mount sh wput_ftp
5 w: q' @5 |1 ~- V& t. w - fgrep msntp shellproxy wput_tftp
8 {+ b& g- ^0 o - fpga multiapd shellproxy_getty xpondrvARM32.bin8 {" y- _" V9 j( t$ v1 J/ _
- ftest multicast_test shellproxyctrl z3gateway. [, Z4 G4 k1 Z* r7 ?
- fw_flashing mv simulation zcat
, _5 E9 e# A. x. c - getopt nand slctool zxspdtest
" t& \0 I. U5 j$ ~ R; w& J; t h - 6 |6 H. q" f' ^/ d5 a7 t8 f( V2 M# X
- 2 j( y0 \* \" u. ^& W
- /usr/java/bin # ls /sbin
% x% ^3 v4 c* T+ o3 b - BCLSockServer hostapd lsmod swapon ubirename& ^) P H$ m P* s4 ~- T% P9 [! Q7 Y P
- band_steering hostapd_2.4g mtd_debug ubiattach ubirmvol
7 R: j. S4 g1 Q1 T - dump_handler hostapd_5g pivot_root ubicrc32 ubirsvol3 `7 F( J8 S" j
- dutserver hostapd_cli poweroff ubidetach ubiupdatevol5 v0 w3 n+ U3 \( G% T! @2 r* p; p
- dwpal_cli ifconfig reboot ubiformat
" r) ^; V0 c/ O) U2 R9 \3 G! {1 C - force_roaming init rmmod ubimkvol
9 k5 d! p3 j1 t0 {5 X - getty insmod route ubinfo
5 i" F e: r; d$ S" d* I/ F5 T - halt iw swapoff ubinize
" X8 c! D* y: W
- /userconfig/cfg # cat /proc/cpuinfo
. m- t0 l. \; S3 a2 a. | - processor : 0
2 l, G( f, v. ^2 |* J; E - BogoMIPS : 50.006 J# r. _/ P) |; p6 e
- Features : fp asimd crc32
; X6 F1 N2 N& R; p9 b5 `) G1 K( H - CPU implementer : 0x41
' j/ x" I1 x0 ^: J - CPU architecture: 8
5 ?& U+ _6 S; c/ D; y, a - CPU variant : 0x0# n% a6 q5 v$ u+ n. r7 K
- CPU part : 0xd03
' t3 h7 ]9 O' ~( O - CPU revision : 4
* q8 [, o2 u7 u: u( [( \# m - / m! g& i% N m: j
- processor : 1
( W& B- `$ J- s; ~" M5 a; v+ Y4 r3 p b5 c - BogoMIPS : 50.00
# j' ]. f3 i2 q; `0 u% I1 Z, @ - Features : fp asimd crc32
; V# G6 L9 T5 g5 v; ^4 f: E - CPU implementer : 0x41* s7 z& \! r4 s3 _9 m$ k
- CPU architecture: 8; K. n, H+ L# I7 l, d
- CPU variant : 0x0
9 M) ?' U5 @' r" d - CPU part : 0xd03
7 L, Q' L1 f+ `$ [: [' ` - CPU revision : 4
) O5 n' y9 d% q+ e
, u3 c. ?+ L! P L: V) x- W: t# I- processor : 20 Q- q2 C, @+ ~+ U) J
- BogoMIPS : 50.00
& o! U) E- B9 [! Q) x1 E - Features : fp asimd crc32
% x# G9 R6 w) @# ~" T1 h; t- p# q - CPU implementer : 0x41
0 t% b+ T* c# l, g/ h _ - CPU architecture: 89 u8 ~6 G! A( { b& P% X
- CPU variant : 0x0; I& G0 F( a" Z3 G
- CPU part : 0xd03$ A1 `3 G" d$ p8 Y
- CPU revision : 48 `& _& q# h1 h: c
- * w* F8 j( X; ?4 r, D. U* @' ?- D
- processor : 3
. Y: I1 A! B- Y5 X G! K1 J# r! Q - BogoMIPS : 50.008 n7 A5 Y5 R" A6 S/ n' g1 Q; ^1 q
- Features : fp asimd crc32" @! u9 s0 @% U# t* X) N2 f( S
- CPU implementer : 0x41
+ R5 u7 Q" s& X6 `1 r- K9 R# [6 { - CPU architecture: 8
9 n6 D' u m& e5 w - CPU variant : 0x06 J6 ]# S, h% t
- CPU part : 0xd03
# I, Y) ?9 \! R2 @8 u5 m: b - CPU revision : 4
- k: t+ N; a- A7 c$ ^" h0 k5 I
" P, m* X0 p7 N: M3 } |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
×
|
粤公网安备44152102000001号 
发表于 2022-9-10 23:11:41