用脚做一个路由器漏洞案例

image.png

本地虚拟机搭建ubuntu 16.04

ubuntu iso下载地址：http://mirrors.aliyun.com/ubuntu-

安装完，给root用户新增个密码

sudo passwd root

image.png

切换到root用户

su root

修改阿里云镜像：

vi /etc/apt/sources.list

打开文件不要做任何操作，直接输入 ggdG 清空当前文件内容，注意 G 是大写
ggdG

然后粘贴以下内容

# deb cdrom:[Ubuntu 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.1)]/ xenial main restricted deb-src http://archive.ubuntu.com/ubuntu xenial main restricted #Added by software-properties deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe #Added by software-properties deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe #Added by software-properties deb http://mirrors.aliyun.com/ubuntu/ xenial universe deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse #Added by software-properties deb http://archive.canonical.com/ubuntu xenial partner deb-src http://archive.canonical.com/ubuntu xenial partner deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe #Added by software-properties deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse

****更新镜像源(注意不同版本的镜像源是不一样的)****

sudo apt-get update

安装python3.7

因为ubuntu 16.04带的python是3.5的，而 Binwalk 要求3.6以上。

sudo add-apt-repository ppa:deadsnakes/ppa sudo apt-get update sudo apt-get install python3.7

修改apt指定的python3

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.5 1 sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.7 2

update-alternatives命令可以修改系统默认命令的软链指向，通过以下命令，可以切换Python3的指向

sudo update-alternatives --config python3

查看一下是否安装成功：

检测版本：

python3 -V

image.png

D-Link固件下载

D-Link路由器固件下载地址：ftp://ftp2.dlink.com/PRODUCTS/

提取固件方式一：Ubuntu下binwalk

Mac上binwalk有问题，在尝试换成centos后也出现同样的问题，无法解包。最后我推荐用Ubuntu系统（Ubuntu 16.04）

搞IOT建议到ubuntu上搞，也可以到专用的虚拟机如attifyos。

安装binwalk（也可翻到后文直接使用自动化工具《自动安装binwalk》）

git clone https://github.com/ReFirmLabs/binwalk.git cd binwalk sudo ./deps.sh sudo python3 setup.py install

安装unzip

apt install unzip

解压缩固件

unzip DLink_DIR645_A1_FW102B08.zip

解包固件

root@redidc784587341578:~# binwalk -Me DIR645A1_FW102B08.bin Scan Time: 2021-06-22 11:41:29 Target File: /root/DIR645A1_FW102B08.bin MD5 Checksum: 79e6736579d0afe2660e0bd8538cdc15 Signatures: 411 DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 DLOB firmware header, boot partition: "dev=/dev/mtdblock/2" 112 0x70 LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 4229096 bytes 1441904 0x160070 PackImg section delimiter tag, little endian size: 15751680 bytes; big endian size: 5959680 bytes 1441936 0x160090 Squashfs filesystem, little endian, version 4.0, compression:lzma, size: 5958022 bytes, 1955 inodes, blocksize: 65536 bytes, created: 2011-11-23 03:10:33 Scan Time: 2021-06-22 11:41:31 Target File: /root/_DIR645A1_FW102B08.bin.extracted/70 MD5 Checksum: ce85fce6328c01f61ec7ac900296847b Signatures: 411 DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 3330080 0x32D020 Linux kernel version 2.6.33 3390400 0x33BBC0 CRC32 polynomial table, little endian 3795004 0x39E83C Neighborly text, "NeighborSolicitstunnel6 init(): can't add protocol" 3795024 0x39E850 Neighborly text, "NeighborAdvertisementst add protocol" 3799767 0x39FAD7 Neighborly text, "neighbor %.2x%.2x.%.2x:%.2x:%.2x:%.2x:%.2x:%.2x lost on port %d(%s)(%s)"

image.png

如上图，可以看到成功解包

提取固件方式二：手动提取

检索文件系统magic签名

root@redidc784587341578:~# strings DIR645A1_FW102B08.bin

关键词：用脚做一个路由器漏洞案例

争怎路由网：是一个主要分享无线路由器安装设置经验的网站，汇总WiFi常见问题的解决方法。争怎路由网苹果手机上不了网 wifi网络自动获取获取ip 上网方式网站首页不能上网路由器密码 WiFi设置路由器设置 TP-Link 腾达路由器软件教程游戏教程系统下载您当前所在位置：下载首页 -> 路由器百科
用脚做一个路由器漏洞案例时间：2024/3/5作者：未知来源：争怎路由网人气： image.png 本地虚拟机搭建ubuntu 16.04 ubuntu iso下载地址：http://mirrors.aliyun.com/ubuntu- 安装完，给root用户新增个密码 `sudo passwd root` image.png 切换到root用户 `su root` 修改阿里云镜像： `vi /etc/apt/sources.list` 打开文件不要做任何操作，直接输入 ggdG 清空当前文件内容，注意 G 是大写 ggdG 然后粘贴以下内容 # deb cdrom:[Ubuntu 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.1)]/ xenial main restricted deb-src http://archive.ubuntu.com/ubuntu xenial main restricted #Added by software-properties deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe #Added by software-properties deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe #Added by software-properties deb http://mirrors.aliyun.com/ubuntu/ xenial universe deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse #Added by software-properties deb http://archive.canonical.com/ubuntu xenial partner deb-src http://archive.canonical.com/ubuntu xenial partner deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe #Added by software-properties deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse **更新镜像源(注意不同版本的镜像源是不一样的)** `sudo apt-get update` 安装python3.7 因为ubuntu 16.04带的python是3.5的，而 Binwalk 要求3.6以上。 `sudo add-apt-repository ppa:deadsnakes/ppa sudo apt-get update sudo apt-get install python3.7` 修改apt指定的python3 `sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.5 1 sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.7 2` update-alternatives命令可以修改系统默认命令的软链指向，通过以下命令，可以切换Python3的指向 `sudo update-alternatives --config python3` 查看一下是否安装成功：检测版本： `python3 -V` image.png D-Link固件下载 D-Link路由器固件下载地址：ftp://ftp2.dlink.com/PRODUCTS/ 提取固件方式一：Ubuntu下binwalk Mac上binwalk有问题，在尝试换成centos后也出现同样的问题，无法解包。最后我推荐用Ubuntu系统（Ubuntu 16.04）搞IOT建议到ubuntu上搞，也可以到专用的虚拟机如attifyos。安装binwalk（也可翻到后文直接使用自动化工具《自动安装binwalk》） `git clone https://github.com/ReFirmLabs/binwalk.git cd binwalk sudo ./deps.sh sudo python3 setup.py install` 安装unzip `apt install unzip` 解压缩固件 `unzip DLink_DIR645_A1_FW102B08.zip` 解包固件 root@redidc784587341578:~# binwalk -Me DIR645A1_FW102B08.bin Scan Time: 2021-06-22 11:41:29 Target File: /root/DIR645A1_FW102B08.bin MD5 Checksum: 79e6736579d0afe2660e0bd8538cdc15 Signatures: 411 DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 DLOB firmware header, boot partition: "dev=/dev/mtdblock/2" 112 0x70 LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 4229096 bytes 1441904 0x160070 PackImg section delimiter tag, little endian size: 15751680 bytes; big endian size: 5959680 bytes 1441936 0x160090 Squashfs filesystem, little endian, version 4.0, compression:lzma, size: 5958022 bytes, 1955 inodes, blocksize: 65536 bytes, created: 2011-11-23 03:10:33 Scan Time: 2021-06-22 11:41:31 Target File: /root/_DIR645A1_FW102B08.bin.extracted/70 MD5 Checksum: ce85fce6328c01f61ec7ac900296847b Signatures: 411 DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 3330080 0x32D020 Linux kernel version 2.6.33 3390400 0x33BBC0 CRC32 polynomial table, little endian 3795004 0x39E83C Neighborly text, "NeighborSolicitstunnel6 init(): can't add protocol" 3795024 0x39E850 Neighborly text, "NeighborAdvertisementst add protocol" 3799767 0x39FAD7 Neighborly text, "neighbor %.2x%.2x.%.2x:%.2x:%.2x:%.2x:%.2x:%.2x lost on port %d(%s)(%s)" image.png 如上图，可以看到成功解包提取固件方式二：手动提取检索文件系统magic签名 `root@redidc784587341578:~# strings DIR645A1_FW102B08.bin` `关键词：用脚做一个路由器漏洞案例`	*路由器分类* 不能上网路由器密码 WIFI设置路由器百科 TP-Link 路由器设置腾达迅捷水星华为小米 360 D-Link 磊科极路由斐讯 TOTOLINK 优酷必联海尔网件联想高科其它 *人气排行* 1路由器怎么摆放信号才会好(路由器怎么放信号号) 2h3cgr3200路由器怎么设置(h3c er5200g3... 3删除360浏览器(360路由器怎么删除) 4怎么设置两个无线路由器组网(两个路由器怎么组网容易便捷) 5手机怎么用路由器上网(手机怎么联网到路由器上) 6一个猫可以连接两个路由器吗(一个猫连接两个路由器会怎么) 72个无线路由器怎么进行桥接(两个路由器怎么做桥接) 8怎么摆放路由器(怎么挂路由器挂墙上) 9锐捷校园网怎么用路由器完成多人一起上网(校园网连接路由器怎... 10路由器怎么连接光猫上网(光猫网口怎么连接路由器) *推荐资讯* 1wifi连接后显示网络连接不可用怎么办？ 2腾达 FH1202 无线路由器防蹭网设置方法 3隐藏wifi怎么搜索出来？ 4荣耀路由x1默认密码_荣耀路由器x1初始密码是多少？ 5192.168.1.101登录官网 6海尔路由器怎么设置海尔路由器安装步骤图解 7腾达(Tenda)AC23路由器登录密码忘记怎么办？ 8双频路由器2.4g与5g的怎么切换(怎么将路由器5g切换到... 9路由器怎么设置代理(怎么让路由器打开代理ip) 10路由器密码更改方法步骤图
Copyright © 2012-2018 争怎路由网(http://www.zhengzen.com) .All Rights Reserved 网站地图友情链接免责声明：本站资源均来自互联网收集如有侵犯到您利益的地方请及时联系管理删除，敬请见谅! QQ:1006262270 邮箱:kfyvi376850063@126.com 手机版