E2 po ang modem ko linux lang daw accessible telnet.
GEMTEK modem GUI
192.168.1.1
password:witribe
telnet:Accessible Linux
tpos e2 nkuha ko additional info and tweaks po cguro to.
WIXB175 Misc Notes
WebUI Tricks (courtesy of [email protected] )
Engineering Menu: move your mouse over the device image, then hold ctrl+shift+e and click
Software Menu: move your mouse over the device image, then hold ctrl+alt+h
LFI: http://192.168.15.1/cgi-bin/sysconf.cgi?page=../../[afile]&action=request&sid=[valid_sid]×tamp=[valid_timestamp]
Remote Command Execution
load up TamperData, Charles, or some other tampering proxy
log into the device and change the Basic->Device Name to FOO
in your tampering proxy, change FOO to <!--#exec cmd="<your command>" -->
using the LFI above, get /etc/hosts
your command will be run, and you should see your results
Software Unlock (enable telnet)
Using the above Remote Command execution trick, run the command: fw_setenv factory 1
reboot, and you can telnet right in.
this disabled most the startup scripts, so you need to set your own IP - try 192.168.15.2
Filesystem
/mnt/jffs2/conf/app/lighttpd.conf
/mnt/jffs2/conf/app/ipkg.conf
/bin/ipkg_verify.sh
/etc/conf/app/pubkey
mtd5 & mtd6 are squashfs, but wierd. use unsquashfs from http://deb.grml.org/pool/main/s/squashfs-lzma/
maglabas npo sana ung mga mamaw jan.
tnx mga ka sb!
GEMTEK modem GUI
192.168.1.1
password:witribe
telnet:Accessible Linux
tpos e2 nkuha ko additional info and tweaks po cguro to.
WIXB175 Misc Notes
WebUI Tricks (courtesy of [email protected] )
Engineering Menu: move your mouse over the device image, then hold ctrl+shift+e and click
Software Menu: move your mouse over the device image, then hold ctrl+alt+h
LFI: http://192.168.15.1/cgi-bin/sysconf.cgi?page=../../[afile]&action=request&sid=[valid_sid]×tamp=[valid_timestamp]
Remote Command Execution
load up TamperData, Charles, or some other tampering proxy
log into the device and change the Basic->Device Name to FOO
in your tampering proxy, change FOO to <!--#exec cmd="<your command>" -->
using the LFI above, get /etc/hosts
your command will be run, and you should see your results
Software Unlock (enable telnet)
Using the above Remote Command execution trick, run the command: fw_setenv factory 1
reboot, and you can telnet right in.
this disabled most the startup scripts, so you need to set your own IP - try 192.168.15.2
Filesystem
/mnt/jffs2/conf/app/lighttpd.conf
/mnt/jffs2/conf/app/ipkg.conf
/bin/ipkg_verify.sh
/etc/conf/app/pubkey
mtd5 & mtd6 are squashfs, but wierd. use unsquashfs from http://deb.grml.org/pool/main/s/squashfs-lzma/
maglabas npo sana ung mga mamaw jan.
tnx mga ka sb!