infobyte / cve-2022-27255 Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU General Public License v3.0
cve-2022-27255's People
Contributors
Stargazers
Watchers
Forkers
k0uaz 5l1v3r1 oneiroi timb-machine-mirrors evans9610 b1n1sh tony163163 xpainx isiaon sf4bin ppord zalexdev seenanshaneisurely s3rgeym tom165 damaidec pirenga sk3lk0 oa1cspace slosnow9879 gmh5225 phuong39 xstp hw jackpot777 jdelacasa ekiojp martyd420 cschuber munchkindev orangice1997 perch-stu hamiben111 akbartrilaksana core1impact owl129 infernalheaven gr3yr0n1n kalikex1 captincook crackercat gavz zha0 nanaao ytrick minghaolin2000 imjdl hassane1986 jakley cisfran05 726232111 cpt-jack-a-castle castledev2022cve-2022-27255's Issues
Telnet connection problem
When using an exploit on Zyxel NBG6615 (V1.00), the device reboot without logging via Telnet, what is the reason?
There is no way to manage Telnet in the web interface, as well as in Tenda AC5.
binwalk -Y
-Y option is not available in the original binwalk (https://github.com/ReFirmLabs/binwalk)
https://github.com/infobyte/cve-2022-27255/blob/main/analysis/analyse_firmware.py#L16
What version of binwalk were you using?
Tenda FH456 vulnerable device appears to include incorrect hardware version according to the included tools + binwalk
Hello,
I've used the attached tools for analysing the newest firmware images and it seems that v1 and v2 are ARM based, so probably not vulnerable, because it doesn't use the CPU from Realtek (need confirmation on this claim though). On the readme.md it states that v2 is vulnerable only, which appears to be false.
But the v4 firmware image appears to be MIPS big endian based and vulnerable to the exploit provided.
I would appreciate if you could further test this and if my observations are true change the vulnerable devices list.
Why do you need to override the printf definition?
I'm watching your presentation on DEFCON, on page 51 you have:
In the post-exploitation stage you can upload any binary files, why would do you this
Using: #define printf ((int(*)(char *, ...)) 0xdeadbeef)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.