|
|
本帖最后由 adsluser11 于 2022-9-10 23:16 编辑 9 H t0 M4 p1 Z) D5 a2 l# U
/ `7 i+ Q* Z( J% e$ e- v
进了telnet,把闪存备份了出来,本着技术共享的原则,发出来给大家研究,看看有什么漏洞可以利用没) k* Z% t/ `- [ n) p
' `0 z* u2 l5 }: ?, v
U9 y, S# d4 t6 R' ]3 t; lrootfs分区是jffs2格式,我在debian下挂在出来然后打包,方便大家直接研究:2 v* b+ z% w( m% O) i& Q8 `* O% t
4 p( }7 V; j, i0 B4 m有几个包含个人信息的无关紧要的分区我就没包含进去了,两个kernel分区是一模一样的,就只传了一个,userconfig目录在删除了个人配置后上传( W& G/ F1 N( B' K4 _
欢迎各位大神研究讨论,打倒奸商& z2 u C0 a* B* y
" [* y/ Y8 O: Y% Q$ O( N% d+ E+ Z; t* q: G2 C
6 B+ V- K) D0 }9 N5 |1 G( N) }0 m7 Z2 h% T3 E- d
2 d7 v! Q: }1 V: u
y, M$ p* j- Q+ V3 Z+ d/ p! ]. x6 M% X$ o# _: L* u
- <blockquote>/ # cat /proc/version
8 k. J6 B7 {* H, N8 A" Y
8 p! _5 ^! W7 M5 c- / # cat /proc/mtd4 @. p- q" @$ H# w8 L# Y. l* S) e
- dev: size erasesize name" t0 c7 O: u _' O% @0 N: M
- mtd0: 10000000 00020000 "whole flash"4 F: O7 c- t6 ~4 t8 k& e5 H4 F
- mtd1: 00200000 00020000 "u-boot"# s) N3 N4 l) U. n
- mtd2: 00200000 00020000 "others"+ V! `7 J9 ~6 J: \# ~
- mtd3: 00200000 00020000 "parameter tags"7 g! x8 M, T3 y# W0 g0 A# ]/ ^$ n& X! s
- mtd4: 00200000 00020000 "wlan"
. z% j; Q4 r5 c& h+ e- p, d7 P - mtd5: 00800000 00020000 "usercfg"
+ g, K5 v; {, b! F6 W0 {# h. _0 J - mtd6: 00600000 00020000 "middle". I# |5 S& b- q! T @# Q
- mtd7: 02800000 00020000 "kernel1"
S' B. @" q6 m) ]8 ^3 W& T - mtd8: 02800000 00020000 "kernel2". Y6 g7 X. |$ }$ S' X( o
- mtd9: 03200000 00020000 "osgi1"
{) _% _& ^4 ]0 e - mtd10: 03200000 00020000 "osgi2"
' t7 [! U* t. t+ U) P( a - mtd11: 03600000 00020000 "plugin_data"
6 I% @4 f! [+ z% P6 Z3 d3 R - mtd12: 024e0000 00020000 "rootfs"
- mount" x& w" j, k; G$ }, T
- /dev/root on / type jffs2 (ro,relatime)/ K/ r; V* A, x1 h0 j
- proc on /proc type proc (rw,nosuid,relatime)1 _0 k) Y; \* X
- sysfs on /sys type sysfs (rw,nosuid,relatime)
- I: K$ ]* M; Q - debugfs on /sys/kernel/debug type debugfs (rw,nosuid,relatime)
' c f+ L" C+ G( L - /dev/mtdblock3 on /tagparam type jffs2 (rw,relatime)/ W o" Y% b2 S/ ^
- tmpfs on /var type tmpfs (rw,relatime,size=20480k)* [4 i2 N" C# r2 v
- tmpfs on /upgtempfile type tmpfs (rw,relatime,size=102400k)
! L& v* T9 o0 z( w - tmpfs on /var/osstmp type tmpfs (rw,relatime,size=2048k)
" J/ h( Y+ ~; |- Q Q P6 h7 Q - tmpfs on /mnt type tmpfs (rw,relatime,size=2048k)* e1 z) K" }8 w9 R$ P) R
- tmpfs on /var/felix-temp type tmpfs (rw,relatime,size=16384k)
; x3 [; B& h: ~* V- K1 P - tmpfs on /tmp type tmpfs (rw,relatime,size=15360k)
# d9 D) F! R4 K% t) D - /dev/mtdblock5 on /userconfig type jffs2 (rw,relatime)
- h- u8 I( \- M - /dev/mtdblock6 on /usr/local/ct type jffs2 (rw,relatime)
7 f+ [- G/ }5 _2 s3 Y5 n - ubi0_0 on /usr/tmp type ubifs (ro,sync,relatime)5 i' X- s6 W" T' b( ^3 n( o
- /dev/loop0 on /usr/java type squashfs (ro,relatime)$ B# ]* q8 A2 E: I% V8 G
- ubi1_0 on /usr/plugin type ubifs (rw,sync,relatime)
/ |- A E* t4 w; w/ H - /dev/mtdblock4 on /wlan type jffs2 (rw,relatime)* B/ T A& \3 u) T
- cgroup_root on /sys/fs/cgroup type tmpfs (rw,relatime). W, _' p' E- }
- cpu on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
, K5 L* S% f' o! E+ N4 `) b9 w - cpuacct on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
) c4 J; C3 N" T+ U" V6 T - cpuset on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
+ f# N: t# E. K h - memory on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory). ?) |) m' @; z; m. H: d
- /dev/sda on /mnt/usb1_1 type fuseblk (rw,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
- /usr/java/bin # ls /bin
! _% n" L3 H+ U& X - ash gpon_omci netstat sleep3 e2 ~* c% f4 r+ k1 U& W
- bndmange gpontest nice smbd
- m9 n1 @: m8 e5 W+ Y1 H - bobtest grep nmbd smbpasswd! l- e# f: |4 j& C
- brctl gunzip ntfs-3g switchtst
7 p5 x' b; a7 i - buservice gzip oamtest sync
7 a% m9 ?' f, W! F V - busybox hostname openl2tpd tar! A) ]% T* y- Y$ s7 E6 l
- cat httpd opticaltst tc* ~, k0 Z; j8 U% j; [4 s3 D
- chgrp igmp_proxy osgid tcping
% e, D( Z1 \9 U! X - chmod ip p910nd telnetd8 c+ M( k8 O9 o7 z' D6 {+ I
- chown ip6tables pc test_minioltlib
0 y/ G* w" A# E+ s! K1 F/ C - cmapidbg ipsec phddns testftp
+ F/ @, c: F4 }- H/ Z' s - cp iptables ping touch6 D# N' e9 {/ @1 j; G; {
- cpio ipv4protocol ping6 tr069d
' h% u/ `( m3 X% E% I5 e - cspd ipv6protocol portmap traceroute1
; }3 `% \4 b+ U - ctsgw_proxyd kill pppd tso: E# g/ ~# u9 [2 T+ L( }
- date kshell pppoe-server umount% I# \. K4 ~- f1 ?) ?, h
- dd l2tpconfig ps uname
, u# a* b5 U# c: O9 v2 Q b. r - devmem2 ln pwd upgradetest6 K7 A! s( ?6 b0 i2 G1 b R* T
- df login redir upnpd
) v3 v8 h. m0 ^1 \% r. h - dipc logtousb rm usbtest
$ u4 @0 i+ B5 W0 h. E* B3 g - dmesg ls rmdir usbtool
) M6 n' ?; d5 D( v - dnsdomainname lzop routed voip. r' H& z: n# c3 R, q" T
- dnsmasq memtest rpm voipstat
/ V3 C# Y1 D7 \" ~% P/ p - ebtables minioltdebug sdtest vsftpd
( `! P4 J& k3 m - echo mkdir sed wbctl# F! L7 D" ]. D8 v+ s
- egrep mknod sendcmd wgets
9 A! j; F. [' E/ o: E - epontest mld_proxy setmac wput$ o. n& O, T7 \+ u+ t. l( L
- ethdriver_test mount sh wput_ftp* x \4 `2 M! o) d! E
- fgrep msntp shellproxy wput_tftp
: s2 k7 \/ f. ?& f9 n. c# m% V - fpga multiapd shellproxy_getty xpondrvARM32.bin
# O; T# }9 x2 Z( E6 i7 ^3 F - ftest multicast_test shellproxyctrl z3gateway
: B2 [0 \- o! y8 Z - fw_flashing mv simulation zcat
1 m7 G# Y0 Q# Y C0 S6 v! W - getopt nand slctool zxspdtest) ]- c+ [0 g! }8 M4 j
* ` S3 G0 J p9 ^- r( \3 \4 ~- 1 _+ X- Q E* |' i4 \% D
- /usr/java/bin # ls /sbin0 T+ {: ?: R5 b, ^9 b
- BCLSockServer hostapd lsmod swapon ubirename
! K6 e1 {3 J* u7 Q i5 j - band_steering hostapd_2.4g mtd_debug ubiattach ubirmvol) T9 t' x' P( T1 R6 u% E. y
- dump_handler hostapd_5g pivot_root ubicrc32 ubirsvol
+ m7 V) Q8 M2 C - dutserver hostapd_cli poweroff ubidetach ubiupdatevol0 q2 }' L9 ~6 y) _/ p
- dwpal_cli ifconfig reboot ubiformat
0 \0 [2 b( P e. j9 p! h O - force_roaming init rmmod ubimkvol
/ R% B% m3 s7 l5 U! ] - getty insmod route ubinfo
% O1 J4 N) c- U) a0 p& i5 v2 c - halt iw swapoff ubinize3 r% l1 M' [; A/ i" n) B% s7 b
- /userconfig/cfg # cat /proc/cpuinfo
( p e! E2 O! F1 y - processor : 0
3 O, A* b4 d4 d - BogoMIPS : 50.00+ e3 m' U" [" x) M# u. t- |
- Features : fp asimd crc32
$ L7 g/ N& i2 ^ - CPU implementer : 0x41
a( E; M, T3 T" e - CPU architecture: 8
$ ]$ k- ^" s( O+ {* u% l - CPU variant : 0x0# I9 ~! x/ U$ H' G) o
- CPU part : 0xd03
# p3 k# o7 q4 K% @2 E) z - CPU revision : 4
" z5 F k9 g# s( @
) e3 o* C8 p1 B# c; L& p0 f- processor : 1' I% c5 K: v! j' I# H
- BogoMIPS : 50.00
. B+ i( z3 L( S: H/ ^) P - Features : fp asimd crc32- U9 I& U J$ {. D' j) h" T* l
- CPU implementer : 0x41
. p/ J6 a- c* l, `5 D$ t9 ?6 l5 ~ - CPU architecture: 8' p! {/ j3 y7 ~; O0 H" [( L
- CPU variant : 0x0
! V4 M: s f& G, x - CPU part : 0xd03) F9 m F$ m0 w3 Z
- CPU revision : 43 ]2 a3 F) ^2 A/ h( y8 u
- * M6 [) g" I( ]$ D' j, b" [
- processor : 2* f6 |$ k9 c. x
- BogoMIPS : 50.001 p! v* k8 h; ^5 F
- Features : fp asimd crc32
% Z5 d' J1 j: E' f, Y& e K4 e; q2 i - CPU implementer : 0x41
( ]4 t4 N( H5 \6 ` - CPU architecture: 81 @8 }# J: n6 e# p& }
- CPU variant : 0x0
4 o6 b3 m0 L7 ~1 t9 P2 Z% a7 J - CPU part : 0xd03. ~. {, o# H+ x2 l6 s
- CPU revision : 4
+ ]8 p% v+ A: Z7 _& D1 k% C
0 x* i' G2 |/ D# F0 |- processor : 3
, L; \- K' S$ Z/ I) N% g - BogoMIPS : 50.002 |6 U- m. X' w
- Features : fp asimd crc32
% v& V) \1 x+ R( Y' N - CPU implementer : 0x41
4 M- S8 y! W. H( y - CPU architecture: 8" V7 |; `9 v4 e+ o* X
- CPU variant : 0x0
1 C! l0 F0 v0 {( ]( u6 N - CPU part : 0xd03
1 L# L( x+ w$ e/ t X$ | - CPU revision : 4
/ c& @. y, K0 w5 Q- l- { |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
×
|
粤公网安备44152102000001号 
发表于 2022-9-10 23:11:41