xiconfjs/h4ck
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

cleaning up markdown

Browse Source
This commit is contained in:
Conor Horan-Kates 2018-05-22 22:08:31 -07:00
parent a22a6fb8a2
commit 7f2e0aee15
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
revolabs-flx_uc_1000/README.md
View File

@ -208,13 +208,13 @@ shows us that they are booting with ```mem=128M console=ttyS0,115200n8 root=/dev
}]) }])
``` ```
looking at this, it would appear that http://<device>/app/diag/diag.html exposes a mechanism to execute arbitrary commands. `/usr/sbin/telnetd` anyone? looking at this, it would appear that http://\<device\>/app/diag/diag.html exposes a mechanism to execute arbitrary commands. `/usr/sbin/telnetd` anyone?
### log mining and traffic sniffing ### log mining and traffic sniffing
using <dump logs?> functionality, and the high logging levels they provided, was able to determine a number of things: using <dump logs?> functionality, and the high logging levels they provided, was able to determine a number of things:
* it utilizes the [pjsua](http://www.pjsip.org/pjsua.htm) library/client * it utilizes the [pjsua](http://www.pjsip.org/pjsua.htm) library/client
* it sends a TFTP BOOT request for tftp://<primary SIP registrar>/<static hex string>.xml every 30 seconds * it sends a TFTP BOOT request for tftp://\<primary SIP registrar\>/<static hex string>.xml every 30 seconds
next step will be combining the information about the `telnet_enabled` kernel parameter, and crafting a TFTP configuration that will do just that. next step will be combining the information about the `telnet_enabled` kernel parameter, and crafting a TFTP configuration that will do just that.