![]() ![]() ![]() It drops you into a kind of chrooted environment with limited capabilities.1. But I am not sure what this is.Įdit for clarification: I have ssh and telnet access but they do not give you access to the root-fs. I have no idea where the shell password prompt gets called from but I do know the text for it is stored inside /lib/private/libcms_cli.so. How does one add a password to a shell? I know you can with inittab but it doesn't seem like that is what they are doing. Yes I have looked at past tutorials but none of the fit my firmware specifically and I have hit a brick wall. I'm not asking for someone to do all of the work for me, mostly just some guidance as this is my first-attempt at reverse-engineering. I have hosted the extracted firmware root in a git repo at I've begun decompiling binaries using but that has't gotten me very far. ![]() I installed the old firmware hoping to get an idea of how the system worked and thought some of this info might prove useful: system type : 963168MBV_17A Running file on one of the binaries gives me:ĮLF 32-bit MSB executable, MIPS, MIPS32 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, corrupted section header size So far I have extracted the root-fs using binwalk and I've scoured many hours through each configuration, running strings to no end, I even tried to emulate MIPS using QEMU. Pulled from a configuration I have overlooked.Since this is a new feature, I have guessed that the password is either Now with the latest firmware, SSH seems to be severely broken/buggy, as does most of the CLI commands when you login over telnet (Cat,echo,netstat,etc. The past firmware did not have this feature and simply allowed you to login via ssh/telnet and then type 'sh' to drop into a simple Busybox shell. I have a Zyxel C1100Z DSL modem that I've purchased from my ISP and I have been trying to breakdown their newest firmware in order to bypass a new shell password feature they've implemented. For days I have been trying to bypass a password my ISP has added to their remote CLI with no luck. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |