Comments (8)
coinsbarboss
commented on May 29, 2024
python3 remote_command_execution_vulnerability.py
****************
router_ip_address: 192.168.31.1
stok: a5445597af88bf26af058d7098e67208
****************
start uploading config file...
start exec command...
done! Now you can connect to the router using telnet (user: root, password: none)
In MacOS, execute in the terminal:
telnet 192.168.31.1
root@worktime:~/OpenWRTInvasion# telnet 192.168.31.1
Trying 192.168.31.1...
telnet: Unable to connect to remote host: Connection refused
from openwrtinvasion.
acecilia
commented on May 29, 2024
I am not sure if the exploit is compatible with the new firmware 3.0.24. I asked here. Please report if you manage to make it work :)
from openwrtinvasion.
coinsbarboss
commented on May 29, 2024
I am not sure if the exploit is compatible with the new firmware
3.0.24. I asked here. Please report if you manage to make it work :)
Actually I don't think that firmware is 3.0.24 ver.
And my question was about "stok version hashes". If I understand correctly each firmware ver has it's own stok hash. Right?
If I will use incorrect stok hash, it will not work. Correct?
Is there any database with stok hashes depending on firmware versions?
For example: If I need to know a stok hash for firmware 2.26.134?
from openwrtinvasion.
acecilia
commented on May 29, 2024
No. You get a new STOK every time you login to the router using the web interface. You get the STOK from the url. See the readme, it is explained there in a big picture with a red square.
from openwrtinvasion.
coinsbarboss
commented on May 29, 2024
So if I don't know the password from 192.168.31.1 - it's not possible to use the hack?
No. You get a new STOK every time you login you the router using the web interface. You get the STOK from the url. See the readme, it is explained there in a big picture with a red square.
from openwrtinvasion.
acecilia
commented on May 29, 2024
You are correct, itβs not possible to hack the router without knowing the password
from openwrtinvasion.
komplykated
commented on May 29, 2024
You are correct, itβs not possible to hack the router without knowing the password
Hi acecilia, in my case, it did not asked the stok, and auto generate the different stok compare to the one from the web browser. What can I do in this case please?
from openwrtinvasion.
acecilia
commented on May 29, 2024
See the README π
from openwrtinvasion.
Related Issues (20)
- [Success] Mi Router 4A 100M on firmware 3.0.12 (R4AC) HOT 17
- Hoddys Bricked video has malware-infested tools HOT 3
- Cyberduck vs SCP HOT 1
- Backup HOT 1
- where can i find the indian rom for this router? HOT 8
- Is there a way to downgrade from 2.30.500 rom
- 4C
- The green hand give up. Connection Refused. HOT 1
- Couldn't unzip, the file is corrupt on v3.2.13 - mi router 4c HOT 2
- cannot flash Mi Router 4A (non gigabit) | MiWiFi Release 3.0.10 HOT 2
- Cannot flash OpenWRT on Mi Router 4A 100M (Chinese version) firmware 2.28.62 HOT 1
- Doesn't work on the Mi Router 4A(gigabit) (Chinese version) which is using latest firmware(2.30.28) HOT 1
- MI Router 4A (Gigabytes) Version 2.30.500 is not supported HOT 3
- Xiaomi Router 3 Pro (R3P)
- stock after flash HOT 1
- Feature: Mark {"code":1629,"msg":"Unpacking failed. The file may be damaged"} as expected error HOT 2
- Download instead of clone
- Sharing my experience on success invasion
- Warning: the process has finished, but seems like ssh connection to the router is not working as expected. HOT 6
- Successful invasion on 4c 3.0.45 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openwrtinvasion.