[ vidonk @ 09.04.2020. 12:53 ] @
Imam mips LEXRA ruter ali na njemu nemam chmod a treba mi da pokrenem noviji busybox pa se pitam da li moguće odraditi Code: chmod +x busybox ako nemam chmod na mašini ? |
[ vidonk @ 09.04.2020. 12:53 ] @
[ tuxserbia @ 09.04.2020. 16:17 ] @
[ vidonk @ 11.04.2020. 12:06 ] @
Citat: tuxserbia: A što nemaš? Stariji busybox? https://unix.stackexchange.com...to-chmod-without-usr-bin-chmod probao sam to što si naveo nemam ni dd tako da ne mogu da upakujem sadržaj busyboxa u fajl koji ima +x [ tuxserbia @ 11.04.2020. 15:41 ] @
Može malo više detalja? Sad si me zaintrigirao.
Šta ima? Odakle firmware? Ti si ga pripremao ili...? Šta ima od alata? Jesi root? Ima li stari busybox? mv, cp, perl, ld???? Malo mi čudno da baš ništa nema od svega ovoga? [ vidonk @ 11.04.2020. 17:39 ] @
Citat: tuxserbia: Može malo više detalja? Sad si me zaintrigirao. Šta ima? Odakle firmware? Ti si ga pripremao ili...? Šta ima od alata? Jesi root? Ima li stari busybox? mv, cp, perl, ld???? Malo mi čudno da baš ništa nema od svega ovoga? Code: # busybox BusyBox v1.01 (2016.11.25-10:01+0000) multi-call binary Usage: busybox [function] [arguments]... or: [function] [arguments]... BusyBox is a multi-call binary that combines many common Unix utilities into a single executable. Most people will create a link to busybox for each function they wish to use and BusyBox will act like whatever it was invoked as! Currently defined functions: [, ash, brctl, busybox, cat, cp, date, df, echo, free, fuser, getty, hostname, ifconfig, init, insmod, kill, killall, linuxrc, ln, login, ls, lsmod, mkdir, mknod, mount, mv, passwd, ping, ping6, ps, pwd, reboot, rm, rmdir, rmmod, setmac, sh, sleep, test, tftp, top, traceroute, umount, wget Firmware je stock ISP-ov, od alata ima Code: # cd bin/ # ls ash dnsmasq login ping6 tc boot_flashing ebtables ls pppd telnetd br2684ctl echo mkdir ps umount brctl fw_flashing mknod pwd usbtest busybox hostname mld_proxy rm verupload cat httpd mount rmdir voip cliagent igmp_proxy msntp sendcmd vsftpd cp inadyn mv setmac wbctl cpeserver ip nmbd sh wput cspd iptables ntfs-3g slctool date kill p910nd sleep df ledkeytest pc smbd dhcpc ln ping sweth_ctl Da rut je nalog [ Branimir Maksimovic @ 11.04.2020. 17:54 ] @
Ako imas dinamicki loader onda
/lib/ld-linux.so busybox [ tuxserbia @ 11.04.2020. 18:06 ] @
Probaj
Code: ls -l /bin/ ls-la /bin/ Da vidimo jesu li u stvari samo linkovi prema busybox-u Evo samo sa starim busybox-om Code: root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ls -al /bin/busybox -rwxr-xr-x 1 root root 673256 Apr 26 2017 /bin/busybox root@DebianStretchOpenBox:/home/UserTemp/Vidonk# /bin/busybox cp -a /bin/busybox busiboxStari root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ls -al total 668 drwxr-xr-x 2 UserTemp UserTemp 4096 Apr 11 09:54 . drwxr-xr-x 24 UserTemp UserTemp 4096 Apr 11 09:50 .. -rwxr-xr-x 1 root root 673256 Apr 26 2017 busiboxStari root@DebianStretchOpenBox:/home/UserTemp/Vidonk# /bin/busybox cat /bin/chown > busiboxStari root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ls -al total 72 drwxr-xr-x 2 UserTemp UserTemp 4096 Apr 11 09:54 . drwxr-xr-x 24 UserTemp UserTemp 4096 Apr 11 09:50 .. -rwxr-xr-x 1 root root 64456 Apr 11 09:55 busiboxStari root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ./busiboxStari ./busiboxStari: missing operand Try './busiboxStari --help' for more information. root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ./busiboxStari --help Usage: ./busiboxStari [OPTION]... [OWNER][:[GROUP]] FILE... or: ./busiboxStari [OPTION]... --reference=RFILE FILE... Change the owner and/or group of each FILE to OWNER and/or GROUP. With --reference, change the owner and group of each FILE to those of RFILE. -c, --changes like verbose but report only when a change is made -f, --silent, --quiet suppress most error messages -v, --verbose output a diagnostic for every file processed --dereference affect the referent of each symbolic link (this is the default), rather than the symbolic link itself -h, --no-dereference affect symbolic links instead of any referenced file (useful only on systems that can change the ownership of a symlink) --from=CURRENT_OWNER:CURRENT_GROUP change the owner and/or group of each file only if its current owner and/or group match those specified here. Either may be omitted, in which case a match is not required for the omitted attribute --no-preserve-root do not treat '/' specially (the default) --preserve-root fail to operate recursively on '/' --reference=RFILE use RFILE's owner and group rather than specifying OWNER:GROUP values -R, --recursive operate on files and directories recursively The following options modify how a hierarchy is traversed when the -R option is also specified. If more than one is specified, only the final one takes effect. -H if a command line argument is a symbolic link to a directory, traverse it -L traverse every symbolic link to a directory encountered -P do not traverse any symbolic links (default) --help display this help and exit --version output version information and exit Owner is unchanged if missing. Group is unchanged if missing, but changed to login group if implied by a ':' following a symbolic OWNER. OWNER and GROUP may be numeric as well as symbolic. Examples: ./busiboxStari root /u Change the owner of /u to "root". ./busiboxStari root:staff /u Likewise, but also change its group to "staff". ./busiboxStari -hR root /u Change the owner of /u and subfiles to "root". GNU coreutils online help: <http://www.gnu.org/software/coreutils/> Full documentation at: <http://www.gnu.org/software/coreutils/chown> or available locally via: info '(coreutils) chown invocation' Prvo listam busybox u /bin. Ima execute, vlasnik je root. Samo uz pomoć njega ga kopiram. Proveravam - isti su. Uz pomoć njegovog internog cat kopiram sadržaj nekog drugog izvršnog fajla preko ovog starog. Listam. Vidimo da se veličina promenila, ali su svi ostali atributi zadržani. Na kraju, pokrećem taj "novi" da vidim šta prijavljuje. EDIT Da, ja sam pomenuo ld, mada nisam rekao gde se nalazi, ali i to je moguće. Hvala, Branimire. [ vidonk @ 11.04.2020. 20:39 ] @
Citat: Branimir Maksimovic: Ako imas dinamicki loader onda /lib/ld-linux.so busybox Neće probao sam i to [ vidonk @ 11.04.2020. 20:49 ] @
Citat: tuxserbia: Probaj Code: ls -l /bin/ ls-la /bin/ Da vidimo jesu li u stvari samo linkovi prema busybox-u Evo samo sa starim busybox-om Code: root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ls -al /bin/busybox -rwxr-xr-x 1 root root 673256 Apr 26 2017 /bin/busybox root@DebianStretchOpenBox:/home/UserTemp/Vidonk# /bin/busybox cp -a /bin/busybox busiboxStari root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ls -al total 668 drwxr-xr-x 2 UserTemp UserTemp 4096 Apr 11 09:54 . drwxr-xr-x 24 UserTemp UserTemp 4096 Apr 11 09:50 .. -rwxr-xr-x 1 root root 673256 Apr 26 2017 busiboxStari root@DebianStretchOpenBox:/home/UserTemp/Vidonk# /bin/busybox cat /bin/chown > busiboxStari root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ls -al total 72 drwxr-xr-x 2 UserTemp UserTemp 4096 Apr 11 09:54 . drwxr-xr-x 24 UserTemp UserTemp 4096 Apr 11 09:50 .. -rwxr-xr-x 1 root root 64456 Apr 11 09:55 busiboxStari root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ./busiboxStari ./busiboxStari: missing operand Try './busiboxStari --help' for more information. root@DebianStretchOpenBox:/home/UserTemp/Vidonk# ./busiboxStari --help Usage: ./busiboxStari [OPTION]... [OWNER][:[GROUP]] FILE... or: ./busiboxStari [OPTION]... --reference=RFILE FILE... Change the owner and/or group of each FILE to OWNER and/or GROUP. With --reference, change the owner and group of each FILE to those of RFILE. -c, --changes like verbose but report only when a change is made -f, --silent, --quiet suppress most error messages -v, --verbose output a diagnostic for every file processed --dereference affect the referent of each symbolic link (this is the default), rather than the symbolic link itself -h, --no-dereference affect symbolic links instead of any referenced file (useful only on systems that can change the ownership of a symlink) --from=CURRENT_OWNER:CURRENT_GROUP change the owner and/or group of each file only if its current owner and/or group match those specified here. Either may be omitted, in which case a match is not required for the omitted attribute --no-preserve-root do not treat '/' specially (the default) --preserve-root fail to operate recursively on '/' --reference=RFILE use RFILE's owner and group rather than specifying OWNER:GROUP values -R, --recursive operate on files and directories recursively The following options modify how a hierarchy is traversed when the -R option is also specified. If more than one is specified, only the final one takes effect. -H if a command line argument is a symbolic link to a directory, traverse it -L traverse every symbolic link to a directory encountered -P do not traverse any symbolic links (default) --help display this help and exit --version output version information and exit Owner is unchanged if missing. Group is unchanged if missing, but changed to login group if implied by a ':' following a symbolic OWNER. OWNER and GROUP may be numeric as well as symbolic. Examples: ./busiboxStari root /u Change the owner of /u to "root". ./busiboxStari root:staff /u Likewise, but also change its group to "staff". ./busiboxStari -hR root /u Change the owner of /u and subfiles to "root". GNU coreutils online help: <http://www.gnu.org/software/coreutils/> Full documentation at: <http://www.gnu.org/software/coreutils/chown> or available locally via: info '(coreutils) chown invocation' Prvo listam busybox u /bin. Ima execute, vlasnik je root. Samo uz pomoć njega ga kopiram. Proveravam - isti su. Uz pomoć njegovog internog cat kopiram sadržaj nekog drugog izvršnog fajla preko ovog starog. Listam. Vidimo da se veličina promenila, ali su svi ostali atributi zadržani. Na kraju, pokrećem taj "novi" da vidim šta prijavljuje. EDIT Da, ja sam pomenuo ld, mada nisam rekao gde se nalazi, ali i to je moguće. Hvala, Branimire. Nije mi jasno iz tvog koda ono što si napisao kasnije ali sam odradio istu stvar samo sa wget prvo sam kopirao ls u /var/tmp/tmp, zatim sam odradio [dode] wget -O ls http://lazni.url [/code] kako bih dobio 0 bajta fajl sa +x pa onda [dode] wget -O ls http://url-od-staticly-linked busyboxa [/code] i to je to sad imam noviji busybox sa svim neophodnim. Hvala na pomoći [ tuxserbia @ 11.04.2020. 22:06 ] @
Je l' to ovo
https://github.com/mzpqnxow/realtek-mips-sdks Super što si se snašao nekako. Da, ajde ako ti nije teško daj nam Code: ls -al /bin/ a i pogledaj pod /lib/ ima li nešto i gde je ld-linux.so [ vidonk @ 12.04.2020. 22:01 ] @
Citat: ne https://github.com/vido89/mips-binaries Super što si se snašao nekako. Da, ajde ako ti nije teško daj nam Code: ls -al /bin/ Code: # ls -la /bin/ drwxrwxr-x 2 zhangxia root 648 Nov 25 2016 . drwxrwxr-x 13 zhangxia root 142 Nov 25 2016 .. lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 ash -> /bin/busybox -rwxrwxr-x 1 zhangxia root 9652 Nov 25 2016 boot_flashing -rwxrwxr-x 1 zhangxia root 13988 Nov 25 2016 br2684ctl lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 brctl -> /bin/busybox -rwxrwxr-x 1 zhangxia root 363116 Nov 25 2016 busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 cat -> /bin/busybox -rwxrwxr-x 1 zhangxia root 188112 Nov 25 2016 cliagent lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 cp -> /bin/busybox -rwxrwxr-x 1 zhangxia root 66292 Nov 25 2016 cpeserver -rwxrwxr-x 1 zhangxia root 2150544 Nov 25 2016 cspd lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 date -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 df -> /bin/busybox -rwxrwxr-x 1 zhangxia root 40816 Nov 25 2016 dhcpc -rwxrwxr-x 1 zhangxia root 44744 Nov 25 2016 dnsmasq -rwxrwxr-x 1 zhangxia root 102872 Nov 25 2016 ebtables lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 echo -> /bin/busybox -rwxrwxr-x 1 zhangxia root 96392 Nov 25 2016 fw_flashing lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 hostname -> /bin/busybox -rwxrwxr-x 1 zhangxia root 831816 Nov 25 2016 httpd -rwxrwxr-x 1 zhangxia root 39312 Nov 25 2016 igmp_proxy -rwxrwxr-x 1 zhangxia root 39396 Nov 25 2016 inadyn -rwxrwxr-x 1 zhangxia root 5464 Nov 25 2016 ip -rwxrwxr-x 1 zhangxia root 120332 Nov 25 2016 iptables lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 kill -> /bin/busybox -rwxrwxr-x 1 zhangxia root 10044 Nov 25 2016 ledkeytest lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 ln -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 login -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 ls -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 mkdir -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 mknod -> /bin/busybox -rwxrwxr-x 1 zhangxia root 32440 Nov 25 2016 mld_proxy lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 mount -> /bin/busybox -rwxrwxr-x 1 zhangxia root 18316 Nov 25 2016 msntp lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 mv -> /bin/busybox -rwxrwxr-x 1 zhangxia root 239440 Nov 25 2016 nmbd -rwxrwxr-x 1 zhangxia root 489388 Nov 25 2016 ntfs-3g -rwxrwxr-x 1 zhangxia root 9712 Nov 25 2016 p910nd -rwxrwxr-x 1 zhangxia root 27312 Nov 25 2016 pc lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 ping -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 ping6 -> /bin/busybox -rwxrwxr-x 1 zhangxia root 142620 Nov 25 2016 pppd lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 ps -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 pwd -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 rm -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 rmdir -> /bin/busybox -rwxrwxr-x 1 zhangxia root 10360 Nov 25 2016 sendcmd lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 setmac -> /bin/busybox lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 sh -> /bin/busybox -rwxrwxr-x 1 zhangxia root 26644 Nov 25 2016 slctool lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 sleep -> /bin/busybox -rwxrwxr-x 1 zhangxia root 382812 Nov 25 2016 smbd -rwxrwxr-x 1 zhangxia root 14400 Nov 25 2016 sweth_ctl -rwxrwxr-x 1 zhangxia root 91988 Nov 25 2016 tc -rwxrwxr-x 1 zhangxia root 42988 Nov 25 2016 telnetd lrwxrwxrwx 1 zhangxia root 12 Nov 25 2016 umount -> /bin/busybox -rwxrwxr-x 1 zhangxia root 9656 Nov 25 2016 usbtest -rwxrwxr-x 1 zhangxia root 14408 Nov 25 2016 verupload -rwxrwxr-x 1 zhangxia root 1439240 Nov 25 2016 voip -rwxrwxr-x 1 zhangxia root 117788 Nov 25 2016 vsftpd -rwxrwxr-x 1 zhangxia root 5468 Nov 25 2016 wbctl -rwxrwxr-x 1 zhangxia root 9720 Nov 25 2016 wput Citat: tuxserbia a i pogledaj pod /lib/ ima li nešto i gde je ld-linux.so Code: # ls /lib/ ld-linux.so.2 libdl.so.0 libresolv.so.0 ld-uClibc-0.9.28.so libenv.so librt-0.9.28.so ld-uClibc.so.0 libgcc_s.so.1 librt.so.0 libatm.so libledkey.so libssl.so libc.so.0 liblog.so libssl.so.0.9.8 libcfapi.so libm-0.9.28.so libtagparamuserapi.so libcmapi.so libm.so.0 libthread_db-0.9.28.so libcmexpat.so libmaster.so libthread_db.so.1 libcommfun.so libmtduserapi.so libuClibc-0.9.28.so libcrypt-0.9.28.so libneon.so libutil-0.9.28.so libcrypt.so.0 libnsl-0.9.28.so libutil.so.0 libcrypto.so libnsl.so.0 libwpa_common.so libcrypto.so.0.9.8 liboamapi.so libwpa_ctrl.so libcsputil.so liboss.so modules libdb.so libpthread-0.9.28.so pppoatm.so libdbcspview.so libpthread.so.0 rp-pppoe.so libdl-0.9.28.so libresolv-0.9.28.so [ tuxserbia @ 13.04.2020. 11:08 ] @
Da, to je to. Linkovano prema busybox-u, čisto da ne bi morao da kucaš nešto tipa "busybox cp" nego direktno "cp".
Pod /lib imaš fajl, ali eto ima nastavak ld-linux.so.2 Znači, ispravno bi bilo upotrebiti na ovaj način Code: /lib/ld-linux.so.2 /bin/chmod +x /bin/chmod Nebitno, važno da si uradio. Kako sad stoje stvari? Možeš da modifikuješ sada sistem? Šta si planirao, ako nije tajna ;-) [ vidonk @ 13.04.2020. 12:22 ] @
Citat: tuxserbia: Da, to je to. Linkovano prema busybox-u, čisto da ne bi morao da kucaš nešto tipa "busybox cp" nego direktno "cp". Pod /lib imaš fajl, ali eto ima nastavak ld-linux.so.2 Znači, ispravno bi bilo upotrebiti na ovaj način Code: /lib/ld-linux.so.2 /bin/chmod +x /bin/chmod Nebitno, važno da si uradio. Kako sad stoje stvari? Možeš da modifikuješ sada sistem? Šta si planirao, ako nije tajna ;-) Sad stvari stoje odlično, prvo ću da bakapujem trenutni firmware Code: # cat /proc/mtd dev: size erasesize name mtd0: 00800000 00010000 "Whole_Flash" mtd1: 00020000 00010000 "Bootloader" mtd2: 00010000 00010000 "defcfg" mtd3: 00020000 00010000 "curcfg" mtd4: 00010000 00010000 "log" mtd5: 00180000 00010000 "kernel1" mtd6: 00620000 00010000 "filesystem1" Pa onda ide custom firmware noviji busybox, ext4 umjesto squashfs-a, noviji dropbear, nažalost ruter nije podržan od strane OpenWrt-a pa moram koristiti Realtekov SDK https://github.com/vido89/RTL8672 Takođe imam gdbserver za ovaj moj LEXRA varijanta MIPS-a pa ću da vidim na napišem par običnih aplikacija u C-u i da ih pokrenem na boxu sa gdbserverom pa ću na kompu sa gdb-om da vidim šta koja assembler instrukcija radi da naučim mips assembly :) A posle će da završi kao ripiter na drugom kraju stana [ tuxserbia @ 13.04.2020. 13:40 ] @
Odlično. Ako i kad uradiš nešto, baci i ovde neke informacije, o procu, memoriji, šta može da uradi, baš nema puno informacija o njima.
[ vidonk @ 13.04.2020. 15:14 ] @
Citat: tuxserbia: Odlično. Ako i kad uradiš nešto, baci i ovde neke informacije, o procu, memoriji, šta može da uradi, baš nema puno informacija o njima. Pa procesor je LEXRA Code: R3000) CPU type ~ 500Mhz (RLX5181) Sub-type Code: # cat /proc/cpuinfo system type : RTL8672 processor : 0 cpu model : 56322 BogoMIPS : 619.31 tlb_entries : 64 mips16 implemented : yes ROM:SPI-NOR 32MBRAM:DDR2 SDRAM128MB [ vidonk @ 13.04.2020. 17:36 ] @
Citat: tuxserbia: Odlično. Ako i kad uradiš nešto, baci i ovde neke informacije, o procu, memoriji, šta može da uradi, baš nema puno informacija o njima. Ako te još nešto interesuje ili imaš neku ideju predlog piši/pišite slobodno [Ovu poruku je menjao vidonk dana 13.04.2020. u 18:55 GMT+1] [ vidonk @ 13.04.2020. 19:11 ] @
Evo jedno teorijsko pitanje: Da imate pristup 50+ ovih uređaja šta bi ste pokrenuli na njima ?
[ Branimir Maksimovic @ 13.04.2020. 19:36 ] @
Malo je 32MB rama, da bi bilo sta pokrenuo. Ja imam 128mb na ruteru pa mi samo 6mb slobodno :P
[ vidonk @ 13.04.2020. 20:20 ] @
Citat: Branimir Maksimovic: Malo je 32MB rama, da bi bilo sta pokrenuo. Ja imam 128mb na ruteru pa mi samo 6mb slobodno :P Moja greška stavio sam pogrešan broj, evo kako izgleda situacija Code: # cat /proc/meminfo MemTotal: 56828 kB MemFree: 14984 kB [ Branimir Maksimovic @ 13.04.2020. 20:53 ] @
Mozes da stavis dnscrypt on uzima 12mb
Copyright (C) 2001-2024 by www.elitesecurity.org. All rights reserved.
|