Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
zh:docs:guide-developer:adding_new_device [2020/09/09 02:11] – [通过PING或者NTP功能进入shell] star_twinklingzh:docs:guide-developer:adding_new_device [2020/09/09 02:44] – [从设备获取数据] star_twinkling
Line 115: Line 115:
 $( /bin/busybox telnetd -l/bin/sh -p23 & ) $( /bin/busybox telnetd -l/bin/sh -p23 & )
 </code> </code>
-==== Collecting relevant data ==== +== 如果需要远程登录,请使用HTTP获取密码哈希或使用“sed”删除/更改默认密码 == 
-On [[https://wikidevi.com/wiki/Main_Page|WikiDevi]] lots of information can be found, e.g. the FCC ID is very useful when searching for documentation, datasheets and internal photo's (to be able to distinguish used chips without having to open the casing).+<code bash> 
 +$( cp /etc/shadow /www ) 
 +$( cp /etc/passwd /www ) 
 +</code> 
 +然后尝试将他们下载到您的电脑并且破解哈希密码。 
 +== 降级固件 == 
 +某些路由器可能会在启动之初尝试从特定的专用IP下载固件文件(例如TP-Link Archer C2 AC750),从而允许用户降级到较旧的固件。 
 +== HTTP服务器漏洞 == 
 +一些路由器可能正在运行过时/不安全的HTTP服务器,并且可能容易受到缓冲区溢出或其他攻击的影响。 
 +== 网件 == 
 +使用 [[toh:netgear:telnet.console|netgear-telnetenable]] 许多网件设备都可以通过telnet进入,也可以查看 [[https://github.com/insanid/NetgearTelnetEnable|GitHub: insanid/NetgearTelnetEnable]]。如果无法使用这种方法,则可以尝试从启用了telnetd的供应商发布的源中刷新映像构建。
  
-Typically one can use the following commands:+通过 [[https://github.com/jclehner/nmrpflash|nmrpflash]]许多网件设备可以被烧录,但是无法确定能够使用该工具的设备有哪些。 
 +==== 收集相关数据 ==== 
 +在[[https://wikidevi.com/wiki/Main_Page|WikiDevi]]上面许多信息可以被查询到,例如:FCC ID:十分的有用处当你搜寻文件的时候,datasheets和网络照片:能够无需打开机壳就能区分使用过的芯片。 
 + 
 +通常可以使用以下的命令: 
 +<code bash>
   dmesg                          # log buffer might be to small, see note 1.   dmesg                          # log buffer might be to small, see note 1.
   cat /proc/cmdline   cat /proc/cmdline
Line 130: Line 145:
   ls /sys/class/net   ls /sys/class/net
   brctl show   brctl show
-   +  cat /sys/kernel/debug/gpio     # GPIO information 
-Note 1: Often the log buffer is to small and the earliest messages may be missing from the information retrieved with ''dmesg''If one build a stock image from the sources the vendor has published, a larger buffer size can be set within the kernel config.+</code> 
 + 
 +**注意1**:通过**dmesg**检索时,如果日志的缓存区太小,就会丢失掉最早的信息。如果从供应商发布的资源中构建库存及镜像文件,则可以在内核配置中设置更大的缓冲区大小。 
 + 
 +**注意2**:[[http://lxr.free-electrons.com/source/Documentation/ABI/testing/sysfs-class-mtd]] 
 + 
 +获取设置LED信息的另一个有用的工具是[[https://github.com/jclehner/gpiodump-mt7620|gpiodump]],它是MT7620 GPIOMODE寄存器转储器(RAMIPS)。 
 + 
 + 
 +==== 从设备获取数据 ==== 
 +由于空间有限,常见的文件传输实用程序(例如rsync/curl/ssh/scp/ftp/http/tftp)可能不可用,精简版version/applet可能在busybox中可用。 
 + 
 +假设路由器ip为192.168.0.123,要传输的文件位于/tmp/important-data.txt 
 + 
 +=== HTTP通过"httpd"和"busybox mount"=== 
 +  
 +如果从/www提供Web界面 
 + 
 +== Sender == 
 +<code bash> 
 +mount -o bind /tmp /www 
 +</code> 
 + 
 +== Receiver == 
 +<code bash> 
 +wget http://192.168.0.123/important-data.txt 
 +</code> 
 + 
 +=== FTP通过“busybox ftpput” === 
 +== Receiver == 
 +设置一个FTP服务器,添加一个具有写权限的匿名账号。 
 +<code bash> 
 +python -m pyftpdlib -w -p 21 
 +</code> 
 + 
 + 
 +== Sender == 
 +<code bash> 
 +busybox ftpput 192.168.0.123 important-data.txt /tmp/important-data.txt  
 +</code> 
 + 
 +=== netcat通过“buxybox nc” === 
 +== Receiver == 
 +<code bash> 
 +busybox nc -l -p 12345 > important-data.txt  
 +</code> 
 + 
 +== Sender == 
 +<code bash> 
 +cat /tmp/important-data.txt | busybox nc 192.168.0.123:12345  
 +</code>
  
-Note 2: http://lxr.free-electrons.com/source/Documentation/ABI/testing/sysfs-class-mtd+=== TFTP通过“busybox tftp” === 
 +== Receiver == 
 +Setup a tftp server
  
-Another useful tool for getting information for setting LEDs might be [[https://github.com/jclehner/gpiodump-mt7620|gpiodump]], a MT7620 GPIOMODE register dumper (RAMIPS).+== Sender == 
 +<code bash> 
 +busybox tftp -p -l /tmp/important-data.txt -r important-data.txt 192.168.0.123 
 +</code>
  
-==== Getting collected data from a device ==== +=== 通过终端(terminal)复制 === 
-Sometimes no normal means such as scp or ftp are available for retrieving files from a device. Still one could use httpd and busybox its mount command to do so. How? +如果上述所有工具/小工具都不可用,则可以从telnet终端进行复制,但不适用于二进制文件
-Assume the files with relevant data on the device with IP address ''192.168.0.123'' are stored under ''/tmp'' and pages of the web interface are served from ''/www''+
-On the device do: +
-  cp important-data.txt /tmp +
-  mount -o bind /tmp /www +
-After that the data on the host connected to the device do: +
-  wget http://192.168.0.123/important-data.txt+
      
  • Last modified: 2021/04/17 20:24
  • by guyezi