Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-developer:adding_new_device [2019/09/03 15:30] – [Getting a shell on the target device] brianpow | docs:guide-developer:adding_new_device [2024/10/22 09:39] – Add note about using curl as an option. evs | ||
|---|---|---|---|
| Line 24: | Line 24: | ||
| ==== Search by Git commit ==== | ==== Search by Git commit ==== | ||
| - | Browse the source | + | [[https:// |
| - | Search | + | |
| ===== Important files ===== | ===== Important files ===== | ||
| Line 117: | Line 117: | ||
| === Abuse Unsanitized User Input === | === Abuse Unsanitized User Input === | ||
| Some router offers ping test or NTP server configuration and may not properly sanitize user input. Try to enter shell script and see if you are lucky. You may need some '' | Some router offers ping test or NTP server configuration and may not properly sanitize user input. Try to enter shell script and see if you are lucky. You may need some '' | ||
| - | |||
| == Starting telnetd == | == Starting telnetd == | ||
| <code bash> | <code bash> | ||
| Line 130: | Line 129: | ||
| === Downgrade to older firmware === | === Downgrade to older firmware === | ||
| - | Some router may try to download a file from specific private IP when booting in the first few seconds, which allow user to downgrade to older firmware | + | Some router may try to download a firmware |
| === Downgrade by Serial access === | === Downgrade by Serial access === | ||
| Serial access may allow you to enter console mode of u-boot for flashing/ | Serial access may allow you to enter console mode of u-boot for flashing/ | ||
| + | See [[docs: | ||
| === HTTP Server Vulnerability === | === HTTP Server Vulnerability === | ||
| Line 219: | Line 219: | ||
| </ | </ | ||
| + | === Use Curl to upload === | ||
| + | Depending on what is compiled into your curl binary if available you may also be able to auth, use ftp/tftp etc. | ||
| + | "It supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, | ||
| + | HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, | ||
| + | and WSS. The command is designed to work without user interaction. | ||
| + | " | ||
| + | Extract from curl man page: | ||
| + | < | ||
| + | -T, --upload-file < | ||
| + | This transfers the specified local file to the remote URL. If there is no file part in the specified URL, curl will append | ||
| + | the local file name. NOTE that you must use a trailing / on the last directory to really prove to Curl that there is no | ||
| + | file name or curl will think that your last directory name is the remote file name to use. That will most likely cause the | ||
| + | upload operation to fail. If this is used on an HTTP(S) server, the PUT command will be used. | ||
| + | |||
| + | Use the file name " | ||
| + | riod) may be specified instead of " | ||
| + | uploaded. | ||
| + | |||
| + | You can specify one -T, --upload-file for each URL on the command line. Each -T, --upload-file + URL pair specifies what to | ||
| + | upload and to where. curl also supports " | ||
| + | files to a single URL by using the same URL globbing style supported in the URL. | ||
| + | |||
| + | When uploading | ||
| + | set of headers and mail body formatted correctly by the user as curl will not transcode nor encode it further in any way. | ||
| + | |||
| + | -T, --upload-file can be used several times in a command line | ||
| + | |||
| + | Examples: | ||
| + | curl -T file https:// | ||
| + | curl -T " | ||
| + | curl --upload-file " | ||
| + | |||
| + | See also -G, --get and -I, --head. | ||
| + | |||
| + | </ | ||
| === Copy from terminal === | === Copy from terminal === | ||
| - | If all of the above tools/ | + | If all of the above tools/ |
| + | |||
| + | base64 would be a common choice to work around this limitation, but many routers lack such a command. You can first escape binary data to screen-safe hexadecimal by piping to busybox hexdump on the router: | ||
| + | <code bash> | ||
| + | hexdump -v -e '/1 " | ||
| + | </ | ||
| + | You can then reverse it on the computer with the following command: | ||
| + | <code bash> | ||
| + | xxd -r -p | ||
| + | </ | ||
| + | |||