mirror of
https://github.com/Mr-xn/Penetration_Testing_POC.git
synced 2025-11-06 19:24:02 +00:00
474 lines
1.6 MiB
HTML
474 lines
1.6 MiB
HTML
|
<!DOCTYPE html> <html lang=en style><!--
|
|||
|
|
Page saved with SingleFile
|
|||
|
|
url: https://xz.aliyun.com/t/14819
|
|||
|
|
--><meta charset=utf-8>
|
|||
|
|
<title>IOT-CVE-2018-17066(D-Link命令注入漏洞)</title>
|
|||
|
|
<meta name=description content=先知社区,先知安全技术社区>
|
|||
|
|
<meta name=viewport content="width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
|
|||
|
|
<style>/*!
|
|||
|
|
* Bootstrap v2.3.1
|
|||
|
|
*
|
|||
|
|
* Copyright 2012 Twitter, Inc
|
|||
|
|
* Licensed under the Apache License v2.0
|
|||
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
|
|
*
|
|||
|
|
* Designed and built with all the love in the world @twitter by @mdo and @fat.
|
|||
|
|
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}footer{display:block}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}img{height:auto;vertical-align:middle;-ms-interpolation-mode:bicubic}input{margin:0}button{-webkit-appearance:button}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:20px;color:#333}a{text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}.container{width:940px}.span10{width:780px}.container{margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}p{margin:0 0 10px}strong{font-weight:bold}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4{margin:10px 0;font-family:inherit;font-weight:bold;line-height:20px;color:inherit;text-rendering:optimizelegibility}h4{font-size:17.5px}ul{padding:0}hr{margin:20px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}code,pre{color:#333;-webkit-border-radius:3px;-moz-border-radius:3px}code{color:#d14;white-space:nowrap;border:1px solid #e1e1e8}pre{display:block;margin:0 0 10px;word-break:break-all;white-space:pre-wrap;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px}pre code{color:inherit}input{font-weight:normal}input{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}input[type="text"]{display:inline-block;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px}input{width:206px}input[type="text"]{background-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}input{margin-left:0}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear}.collapse{position:relative;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.btn{text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;-webkit-b
|
|||
|
|
<style>/*! Editor.md v1.5.0 | editormd.min.css | Open source online markdown editor. | MIT License | By: Pandao | https://github.com/pandao/editor.md | 2015-06-09 *//*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
|
|||
|
|
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
|
|||
|
|
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
|
|||
|
|
*/@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*! github-markdown-css | The MIT License (MIT) | Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com) | https://github.com/sindresorhus/github-markdown-css */.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;overflow:hidden}.markdown-body *{-moz-box-sizing:border-box}.markdown-body a:active,.markdown-body a:hover{outline:0;text-decoration:underline}.markdown-body>:first-child{margin-top:0 !important}.markdown-body>:last-child{margin-bottom:0 !important}.markdown-body img{-moz-box-sizing:border-box}.markdown-body code:after,.markdown-body code:before{letter-spacing:-.2em;content:" "}.markdown-body pre code:after,.markdown-body pre code:before{content:normal}/*! Pretty printing styles. Used with prettify.js. */@media screen{}@media screen{}</style>
|
|||
|
|
<style>/*!
|
|||
|
|
* Bootstrap Responsive v2.3.1
|
|||
|
|
*
|
|||
|
|
* Copyright 2012 Twitter, Inc
|
|||
|
|
* Licensed under the Apache License v2.0
|
|||
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
|
|
*
|
|||
|
|
* Designed and built with all the love in the world @twitter by @mdo and @fat.
|
|||
|
|
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}@-ms-viewport{width:device-width}@media(min-width:768px) and (max-width:979px){}@media(max-width:767px){}@media(min-width:1200px){.row{margin-left:-30px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:30px}.container{width:1170px}.span10{width:970px}input{margin-left:0}}@media(min-width:768px) and (max-width:979px){.row{margin-left:-20px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container{width:724px}.span10{width:600px}input{margin-left:0}}@media(max-width:767px){body{padding-right:0px;padding-left:0px}.container{width:auto}.row{margin-left:0}[class*="span"]{display:block;float:none;width:100%;margin-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.modal{position:fixed;right:20px;left:20px;width:auto;margin:0}.modal.fade{top:-100px}}@media(max-width:480px){.nav-collapse{-webkit-transform:translate3d(0,0,0)}.modal{top:10px;right:10px;left:10px}}@media(max-width:979px){body{padding-top:0}.navbar .container{width:auto;padding:0}.navbar .brand{padding-right:10px;padding-left:10px}.nav-collapse{clear:both}.nav-collapse.collapse{height:0;overflow:hidden}}@media(min-width:980px){.nav-collapse.collapse{height:auto !important;overflow:visible !important}}</style>
|
|||
|
|
<style>li{line-height:26px}a:hover{text-decoration:none}.post-user-action>span{margin-right:10px;line-height:21px;border:0}.post-user-action .i-seprator{color:rgba(0,0,0,0.1);margin:0 2px}.navbar .brand{padding:0;height:50px;margin-left:0;display:inline-block !important;background-repeat:no-repeat;width:120px;background-size:207px 50px;background-image:url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjEuMCwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IuWbvuWxgl8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgODAwLjQgMTMwLjQiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMC40IDEzMC40OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+Cgkuc3Qwe2ZpbGw6IzM3M0Q0MTt9Cjwvc3R5bGU+Cjx0aXRsZT7lhYjnn6XmioDmnK/npL7ljLo8L3RpdGxlPgo8Zz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iMCwxMjEuNCAwLDI3LjMgNTYuMywyNy4zIAkiLz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iODkuOSw4LjQgODkuOSwxMDIuNSAzMy41LDEwMi41IAkiLz4KPC9nPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjcsNTguNGMtMi4zLTEuNC00LjctMi45LTcuMi00LjVjNi02LjksMTAuNy0xNi4yLDE0LjEtMjcuOWw4LjMsMS43Yy0wLjcsMS42LTEuNiwzLjktMi44LDYuOQoJYy0wLjcsMi4zLTEuMywzLjktMS43LDQuOGgxNy41VjI0aDguM3YxNS41aDI5LjZWNDdoLTI5LjZ2MTUuMWgzNC43VjcwaC0yNi41djIxLjNjLTAuMiwzLjQsMS42LDUsNS41LDQuOGg3LjIKCWMzLjIsMC4yLDUuMy0xLjMsNi4yLTQuNWMwLjItMS40LDAuNS00LjEsMC43LTguM2MwLDAuNywwLjEtMC4xLDAuMy0yLjRsNy42LDIuOGMtMC4yLDQuMS0wLjcsNy45LTEuNCwxMS40CgljLTEuNiw2LTUuOCw4LjgtMTIuNyw4LjZoLTEwLjdjLTcuNiwwLjItMTEuMi0zLjItMTEtMTAuM1Y3MC4xaC0xNS44djMuMWMwLDE1LjQtOS4xLDI2LjQtMjcuMiwzM2MtMS40LTIuMS0zLTQuNi00LjgtNy42CglDMTM1LjEsOTQsMTQzLDg1LjQsMTQzLDcyLjhWNzBoLTIyLjd2LTcuOWgzOC41VjQ3aC0yMS4zQzEzNS41LDUxLjEsMTMzLjIsNTQuOSwxMzAuNyw1OC40eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMjEzLjIsNTQuNmMtMC41LTAuMi0xLjItMC43LTIuMS0xLjRjLTEuOC0xLjQtMy4yLTIuMy00LjEtMi44YzQuOC04LjksOC4xLTE3LjksMTAtMjYuOGw3LjYsMS40CgljLTAuNSwxLjgtMS4zLDQuNC0yLjQsNy42Yy0wLjIsMS4yLTAuNSwyLTAuNywyLjRoMjQuMXY3LjJoLTEyYzAsOC43LTAuMSwxNC45LTAuMywxOC42aDE0LjFWNjhoLTE0LjhjMCwyLjMtMC4yLDQuNS0wLjcsNi41CgljMS42LDEuNiwzLjgsNCw2LjUsNy4yYzQuNiw0LjgsOCw4LjYsMTAuMywxMS40bC01LjgsNS4yYy0wLjktMS4yLTIuMy0yLjgtNC4xLTQuOGMtMS44LTIuMy00LjgtNS44LTguOS0xMC43CgljLTIuNSw3LjgtOC40LDE1LjUtMTcuNSwyMy4xYy0yLjMtMi44LTQuMS00LjgtNS41LTYuMmMxMS4yLTguOSwxNy4zLTE5LjUsMTguMi0zMS43aC0xNy4ydi03LjJoMTcuNWMwLjItMy45LDAuMy0xMC4xLDAuMy0xOC42CgloLTYuOUMyMTcuMSw0Ni4zLDIxNS4zLDUwLjQsMjEzLjIsNTQuNnogTTI1MS40LDEwMi43VjMxLjloMzUuOHY3MC41aC04LjN2LTcuNmgtMTkuNnY3LjlDMjU5LjMsMTAyLjcsMjUxLjQsMTAyLjcsMjUxLjQsMTAyLjd6CgkgTTI1OS4zLDM5LjR2NDcuOGgxOS42VjM5LjRIMjU5LjN6Ii8+CjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yOTcuMiw4MS4xYy0wLjItMC45LTAuNi0yLjMtMS00LjFjLTAuNy0xLjgtMS4yLTMuMi0xLjQtNC4xYzkuMi02LjIsMTYuNC0xNC4zLDIxLjctMjQuNGgtMTkuNnYtNi45aDI3LjV2Ny4yCgljLTIuNSw1LjUtNS40LDEwLjQtOC42LDE0Ljh2NDIuM2gtNy42VjcyLjFDMzA1LDc1LjEsMzAxLjQsNzguMSwyOTcuMiw4MS4xeiBNMzExLjcsNDAuNWMtMC4yLTAuNS0wLjYtMS4xLTEtMi4xCgljLTIuOC02LTQuNi05LjctNS41LTExLjRsNi45LTMuMWMwLjcsMS4yLDEuOCwzLjMsMy40LDYuNWMxLjYsMywyLjgsNS4yLDMuNCw2LjVMMzExLjcsNDAuNXogTTMyNi44LDgwLjcKCWMtMS42LTIuMS00LjctNS42LTkuMy0xMC43Yy0wLjItMC4yLTAuNS0wLjUtMC43LTAuN2w0LjgtNC41YzIuMSwxLjgsNC45LDQuNiw4LjYsOC4zYzEuMSwxLjIsMS45LDIsMi40LDIuNEwzMjYuOCw4MC43egoJIE0zMjguNSw1Ni42VjQ5aDE4LjZWMjQuM2g4LjN2MjQuOEgzNzV2Ny42aC0xOS42djM5LjJoMjIuNHY2LjloLTUzdi02LjloMjIuNFY1Ni42SDMyOC41eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzg5LjgsMTAxLjRWMjkuMUg0NjJ2Ny42aC02NC4zdjU3LjhoNjUuN3Y2LjlIMzg5Ljh6IE00NTAuMyw5MC40Yy02LjItNi42LTEyLjYtMTMtMTkuMy0xOC45CgljLTYsNS43LTEzLjQsMTIuMy0yMi40LDE5LjZjLTEuNC0xLjYtMy40LTMuOC02LjItNi41YzguMy01LjcsMTUuOC0xMiwyMi43LTE4LjljLTYuOS02LjQtMTMuOC0xMi43LTIwLjYtMTguOWw2LjItNS4yTDQzMSw2MC4yCgljNS41LTYuMiwxMC45LTEyLjgsMTYuMi0yMGw3LjIsNC41Yy01LjcsNy42LTExLjYsMTQuNC0xNy41LDIwLjZjNi45LDYuNywxMy42LDEzLDIwLjMsMTguOUw0NTAuMyw5MC40eiIvPgo8L3N2Zz4K)}.brand-box{position:absolute}.related-section{min-height:42px;padding:5px 0;margin-top:25px;border-top:1px solid #eee}.related-section>.related-
|
|||
|
|
<style>a{color:#778087}.topic-list p{margin:0}.topic-content{min-height:40px}.collapse form{position:relative;width:300px;float:right}div.search{padding:10px 0}.d1 input{height:20px;padding-left:18px;border:1px solid #ddd;border-radius:15px;outline:0;background:#fff;color:#9e9c9c;float:right}.vote{font-weight:normal;margin-left:6px}.topic-list{word-break:break-all;word-wrap:break-word}ul{margin:0 0 10px 0}/*!*border-bottom: solid #eee 1px;*!*/.user-info{padding:5px 0 5px 0}.topic-info a,.topic-info{padding-top:5px}.topic-info a:hover{text-decoration:solid}.reminder{min-height:200px;border:1px #ddd solid;border-radius:3px;line-height:200px;text-align:center}</style>
|
|||
|
|
<style>body{background-color:#eee}form{margin:0 !important}a:focus{text-decoration:none}.markdown-body p>code{white-space:normal;word-break:break-all;border:none !important}.box ul,ol{margin-bottom:0px !important}.markdown-body ul{list-style-type:disc}.markdown-body ul,.markdown-body ol{margin:0 0 24px 0 !important}.box a:hover{text-decoration:none}.box-container>ul>li{list-style-type:none}#Wrapper .row.box{margin-left:0px}.navbar-inner{border-radius:0px;min-height:40px;padding-right:0px;padding-left:0px;outline:0;margin-bottom:0;list-style:none;z-index:1050;background:#fff;-webkit-box-shadow:0 1px 4px rgba(0,21,41,0.08);box-shadow:0 1px 4px rgba(0,21,41,0.08);line-height:46px;-webkit-transition:background .3s,width .2s;-o-transition:background .3s,width .2s;transition:background .3s,width .2s}.bs-docs-footer{text-align:left;color:#99979c;height:64px;background-color:#FFF;border-top:1px solid rgba(0,0,0,0.22);line-height:64px}.bs-docs-footer .links>a{display:inline-block;padding:0 12px;border-left:1px solid #e8e8e8;color:#8c8c8c;line-height:1}.bs-docs-footer .links>a:first-child{border-left:0}.box-container .user-info{margin-bottom:10px;background:#fff}.content-title{font-size:24px;color:#333;text-decoration:none;line-height:24px;text-shadow:0 1px 0#fff}.markdown-body h1,.markdown-body h2{border-bottom:0}.box-container{padding:20px}.breadcrumb{padding:8px 10px 8px 15px;margin-bottom:10px;border-radius:0;color:#000;background-color:#fff}.breadcrumb>li{text-shadow:none !important;margin:2px 0px}.active{text-shadow:none !important}.breadcrumb .active{color:#555;display:inline-block;text-shadow:none !important}.label{background-color:#f4f4f4;line-height:12px;display:inline-block;padding:4px 4px 4px 4px;-moz-border-radius:2px;-webkit-border-radius:2px;border-radius:2px;text-decoration:none;text-shadow:none;font-weight:normal}.topic-info{color:#999 !important;font-size:12px !important}.topic-info a{padding:0px;color:#555 !important;font-size:12px !important}.topic-info a:hover{color:#4d5256;text-decoration:underline}.topic-info .cell{padding-left:0 !important;margin-left:0px;font-size:10px;font-weight:bold}.markdown-body img{max-width:90% !important;text-align:center;margin-left:auto;margin-right:auto;display:block;padding:10px 0px 10px 0px}.topic-info span{margin-left:0px;font-size:10px;color:rgba(0,0,0,0.45)}.btn{display:inline-block;padding:4px 12px;margin-bottom:0;font-size:14px;line-height:20px;background-color:#f4f4f4;color:#444;border-color:#ddd;font-family:"Helvetica Neue For Number",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"PingFang SC","Hiragino Sans GB","Microsoft YaHei","Helvetica Neue",Helvetica,Arial,sans-serif;-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;list-style:none;font-weight:400;text-align:center;cursor:pointer;background-image:none;white-space:nowrap;border-radius:2px;height:32px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none}.box{font-family:Monospaced Number,Chinese Quote,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,PingFang SC,Hiragino Sans GB,Microsoft YaHei,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:14px;line-height:1.5;color:rgba(0,0,0,0.65);-webkit-box-sizing:border-box;box-sizing:border-box;margin-top:0 !important;margin-bottom:20px;padding:0;list-style:none;background:#fff;border-radius:2px;position:relative;-webkit-transition:all .3s;-o-transition:all .3s;transition:all .3s;-moz-box-shadow:0 1px 1px rgba(0,0,0,0.15);-webkit-box-shadow:0 1px 1px rgba(143,168,191,.35);box-shadow:0 1px 1px rgba(143,168,191,.35);border-bottom:1px solid #e2e2e9}.span10{float:left;min-height:1px}#Wrapper .span10{margin-left:0px !important;max-width:960px}@media(min-width:1200px){.container{width:82% !important}}@media screen and (min-width:1500px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px !important}#Wrapper .span10{max-width:810px !important}}@media screen and (min-width:980px) and (max-width:1499px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px !importa
|
|||
|
|
<style>/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
|
|||
|
|
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
|
|||
|
|
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
|
|||
|
|
*/.pull-right{float:right}.pull-left{float:left}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*! github-markdown-css | The MIT License (MIT) | Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com) | https://github.com/sindresorhus/github-markdown-css */.markdown-body{color:#333;font-family:Monospaced Number,Chinese Quote,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,PingFang SC,Hiragino Sans GB,Microsoft YaHei,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:15px;line-height:24px;letter-spacing:.05em;word-wrap:break-word}.markdown-body a{background:transparent}.markdown-body a:active,.markdown-body a:hover{outline:0}.markdown-body strong{font-weight:bold}.markdown-body h1{margin:.67em 0}.markdown-body img{border:0}.markdown-body pre{font-family:"Meiryo UI","YaHei Consolas Hybrid",Consolas,"Malgun Gothic","Segoe UI","Trebuchet MS",Helvetica,monospace,monospace}.markdown-body *{-moz-box-sizing:border-box;box-sizing:border-box}.markdown-body a{color:#4183c4;text-decoration:none}.markdown-body a:hover,.markdown-body a:active{text-decoration:underline}.markdown-body ul,.markdown-body ol{padding:0}.markdown-body code{font-family:Consolas,"Liberation Mono",Menlo,Courier,monospace}.markdown-body pre{font:12px Consolas,"Liberation Mono",Menlo,Courier,monospace}.markdown-body>*:first-child{margin-top:0 !important}.markdown-body>*:last-child{margin-bottom:0 !important}.markdown-body h1,.markdown-body h2,.markdown-body h3{position:relative;margin-top:1em;margin-bottom:16px;font-weight:bold}.markdown-body h1{padding-bottom:0em;font-size:28px;line-height:1.2}.markdown-body h2{padding-bottom:0em;font-size:24px;line-height:1.225}.markdown-body h3{font-size:20px;line-height:1.43}.markdown-body p,.markdown-body ul,.markdown-body ol,.markdown-body pre{margin-top:0;margin-bottom:24px}.markdown-body ul,.markdown-body ol{padding-left:2em}.markdown-body img{max-width:100%;-moz-box-sizing:border-box;box-sizing:border-box}.markdown-body code{padding:0;padding-top:.2em;padding-bottom:.2em;margin:0;font-size:85%;background-color:rgba(0,0,0,0.04);border-radius:3px}.markdown-body code:before,.markdown-body code:after{letter-spacing:-0.2em;content:" "}.markdown-body pre>code{font-size:100%;word-break:normal;white-space:pre;background:transparent}.markdown-body .highlight{margin-bottom:16px}.markdown-body .highlight pre,.markdown-body pre{padding:16px;overflow:auto;font-size:85%;background-color:#f7f7f7;border-radius:3px}.markdown-body .highlight pre{margin-bottom:0;word-break:normal}.markdown-body pre{word-wrap:normal}.markdown-body pre code{display:inline;max-width:initial;padding:0;margin:0;overflow:initial;line-height:inherit;word-wrap:normal;background-color:transparent;border:0}.markdown-body pre code:before,.markdown-body pre code:after{content:normal}/*! Pretty printing styles. Used with prettify.js. */@media screen{}.markdown-body .highlight pre,.markdown-body pre{line-height:1.6}@media screen{}</style>
|
|||
|
|
<style>.highlight .k{color:#204a87;font-weight:bold}.highlight .n{color:#000}.highlight .p{color:#000;font-weight:bold}.highlight .cm{color:#8f5902;font-style:italic}.highlight .c1{color:#8f5902;font-style:italic}.highlight .kc{color:#204a87;font-weight:bold}.highlight .kd{color:#204a87;font-weight:bold}.highlight .s{color:#4e9a06}.highlight .nd{color:#5c35cc;font-weight:bold}.highlight .nx{color:#000}.highlight .mf{color:#0000cf;font-weight:bold}.highlight .mh{color:#0000cf;font-weight:bold}.highlight .mi{color:#0000cf;font-weight:bold}</style>
|
|||
|
|
<style>@-webkit-keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@media(max-width:800px){}</style>
|
|||
|
|
<!--[if lte IE 8]>
|
|||
|
|
<script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
|
|||
|
|
<![endif]-->
|
|||
|
|
<!--[if !IE]> -->
|
|||
|
|
<style>#waf_nc_block{position:fixed;width:100%;height:100%;top:0;bottom:0;left:0;z-index:99999}</style><style data-id=immersive-translate-input-injected-css>@-webkit-keyframes immersive-translate-loading-animation{from{-webkit-transform:rotate(0deg)}to{-webkit-transform:rotate(359deg)}}@keyframes immersive-translate-loading-animation{from{transform:rotate(0deg)}to{transform:rotate(359deg)}}@keyframes immersiveTranslateShadowRolling{0%{box-shadow:0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0)}12%{box-shadow:100px 0 var(--loading-color),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0)}25%{box-shadow:110px 0 var(--loading-color),100px 0 var(--loading-color),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0)}36%{box-shadow:120px 0 var(--loading-color),110px 0 var(--loading-color),100px 0 var(--loading-color),0px 0 rgba(255,255,255,0)}50%{box-shadow:130px 0 var(--loading-color),120px 0 var(--loading-color),110px 0 var(--loading-color),100px 0 var(--loading-color)}62%{box-shadow:200px 0 rgba(255,255,255,0),130px 0 var(--loading-color),120px 0 var(--loading-color),110px 0 var(--loading-color)}75%{box-shadow:200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),130px 0 var(--loading-color),120px 0 var(--loading-color)}87%{box-shadow:200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),130px 0 var(--loading-color)}100%{box-shadow:200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0)}}@media(prefers-color-scheme:dark){}@media screen and (max-width:768px){}</style><meta name=referrer content=no-referrer><link rel=icon href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAADDUExURUxpcVVVVUNDVT5CTz1BUEBVVT1BUD1BTz5CTz5GT0BDUVVVVT5CTz5BUj1CTz5BT05OYj1CUD5GVUJCUj5CUD5BTz5BT0lJbT5CUEJCVT9DUUBHVT5CUD5CTz9CUD5BTz1BTz5CUEREUz5CUD5BUD5DTz5CUD5BT0BDUT5CTz1CUD5EUUBgYEBDUT5CUT1CTz1BUD5BUD9DUT1CT0REVT5BUENDUT1BUEBGUz1BUD9DT0FBUz1CTz5BTz1CUD1BUD1BT5JdbS4AAABAdFJOUwAJKr76DPbywR1MBuRO5fsNsyEfvdtKB4MbfiTa+FnegYwitbBXfPdYrt0pCEiL9XmsRdgeVhO8KI2KK45a2b/ePQx7AAAAwUlEQVQ4y4XTxw7CQAwE0A2E0BN67733Xv3/X4U0kYgimKxP9vgdfNhVildaBVfmpQGPaPD+7mjAW74g5q8Ewqd4QHy1T+JCm4IdsqswsEUUchhYHxCFhYENkpYw0MCFEZuCJYKuMDB1LzQZsPLehX/BCONEGCiWcWGKghKmlTAwwDA3GbByGArCQA39UBiYLfwX/gD3mdyEgSy6i8nAuIfuLAx00ByFgbaB5hT3VdUDmk8mfc0fa9Y1oKLZKyNo+QEJQV3gLnHrKwAAAABJRU5ErkJggg==" type=image/x-icon><style>.sf-hidden{display:none !important}</style><link rel=canonical href="https://xz.aliyun.com/t/14819?u_atoken=42b455b09d6860ee262dcddd3783ba93&u_asession=01CFy3zdCSkMfg5mDGfcLt9hAzhkM8N_3OzYgSGEhflcApBfFCJvou5KhaowYKFxGhJB-YY_UqRErInTL5mMzm-GyPlBJUEqctiaTooWaXr7I&u_asig=05wbOwhypdirH8x5AtAGW4PG7w45NPTYrt_4FBRXGXINGWo1jDSv_7OGKlEJufZOUb8W5F63bo7DkKAT3ST7rqtq68r-LvuIXhkUDGXhgNBtIRA_Mu_nDkOjImzvNEg-XKGKsEEsh_jMmzyJq8YKgwN0KtjLqzMMQn4VPd_HtUvUXBzhvSc0Kr8URjOX9Xe4tkpKKeShQs6jH0l3MdlvbdChQShLqArqSEzfmfh03PKybRaDr_GQvN7pVcnxBdzLZUrz3Uz9zZoJVgNlHA2wEMpXNPe4FrPe1ARcWuHHjA2GA&u_aref=lslfNxLq0zZlK9wNy7i98JKaiec%3D&time__1311=eqIhDK4fxUx0r1Dl%3D5jhkDRrMlvxDkeD&alichlgref=https%3A%2F%2Fxz.aliyun.com%2Ft%2F14819%3Fu_atoken%3Dbf1b6b250de9c2335b513bae3e3e586e%26u_asession%3D01wX4b8_qgNN7CCAjET0BH0Rf9fymUPU8Wab_VvcUoOTp8PT6KTYprXhIlNAJ1Zj_iJB-YY_UqRErInTL5mMzm-GyPlBJUEqctiaTooWaXr7I%26u_asig%3D05Ye8hkjP-Kuv5ZZH27nY15sYcDC4dceH98tia7-7d0vMneb0MYPYYX8iy-Wgu9-t49EJKsQUNWbQCdEHXIGwgy7vIrpLMa96sKd9r0PlY0QwB51LuamA1YzHioWnXgB_lYVHBLPWBSHZl5F-O7mvIZHPwGPC3GeZTCOTx5bMey8zBzhvSc0Kr8URjOX9Xe4tkE9okKk-rNr6UPLLXCy8e8RQShLqArqSEzfmfh03PKyYxHzaanPsvKhKyyTpMYovcKsHsD0lJntFYTQDNDMXFj2dFh1Uc0g83UsiOOWt2os0%26u_aref%3Dh%252Btl0y0DZz7uEKDqwXFuERXlP6E%253D"><meta http-equiv=content-security-policy content="default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;"><style>img[src="data:,"],source[src="data:,"]{display:none!import
|
|||
|
|
<body>
|
|||
|
|
<div class="navbar navbar-default">
|
|||
|
|
<div class=navbar-inner>
|
|||
|
|
<div class=container style=text-align:center;position:relative>
|
|||
|
|
<!--[if lte IE 8]>
|
|||
|
|
<span style="display:inline-block;margin:0 auto;color:red;">为了更好的体验,请使用IE10及以上版本</span>
|
|||
|
|
<![endif]-->
|
|||
|
|
<div class=brand-box>
|
|||
|
|
<a class=brand href=https://xz.aliyun.com/tab/1></a>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F14819%3Fu_atoken%3D42b455b09d6860ee262dcddd3783ba93%26u_asession%3D01CFy3zdCSkMfg5mDGfcLt9hAzhkM8N_3OzYgSGEhflcApBfFCJvou5KhaowYKFxGhJB-YY_UqRErInTL5mMzm-GyPlBJUEqctiaTooWaXr7I%26u_asig%3D05wbOwhypdirH8x5AtAGW4PG7w45NPTYrt_4FBRXGXINGWo1jDSv_7OGKlEJufZOUb8W5F63bo7DkKAT3ST7rqtq68r-LvuIXhkUDGXhgNBtIRA_Mu_nDkOjImzvNEg-XKGKsEEsh_jMmzyJq8YKgwN0KtjLqzMMQn4VPd_HtUvUXBzhvSc0Kr8URjOX9Xe4tkpKKeShQs6jH0l3MdlvbdChQShLqArqSEzfmfh03PKybRaDr_GQvN7pVcnxBdzLZUrz3Uz9zZoJVgNlHA2wEMpXNPe4FrPe1ARcWuHHjA2GA%26u_aref%3DlslfNxLq0zZlK9wNy7i98JKaiec%253D&from_type=xianzhi" class="pull-right anonymous-user hh_loding sf-hidden">
|
|||
|
|
登录</a>
|
|||
|
|
|
|||
|
|
<div class="nav-collapse collapse">
|
|||
|
|
<div class="search d1 text-right">
|
|||
|
|
<form action=/search>
|
|||
|
|
<input type=text placeholder=搜索 name=keyword value>
|
|||
|
|
</form>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div id=Wrapper class=container>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class=row2>
|
|||
|
|
<div class=span10>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class="row box content" width="1200px !important" style=width:1200px>
|
|||
|
|
|
|||
|
|
<div class=box-container>
|
|||
|
|
<div class=main-topic>
|
|||
|
|
<div class="clearfix user-info topic-list">
|
|||
|
|
<p><span class=content-title>IOT-CVE-2018-17066(D-Link命令注入漏洞)</span>
|
|||
|
|
</p>
|
|||
|
|
<div class=topic-info>
|
|||
|
|
<span class=info-left>
|
|||
|
|
<a href=https://xz.aliyun.com/u/87925>
|
|||
|
|
<span class="username cell"> Brinmon</span></a> <span class=i-seprator> / </span>
|
|||
|
|
<span> 2024-06-09 21:37:44</span><span class=i-seprator> / </span>
|
|||
|
|
|
|||
|
|
<span>发表于湖南 / </span>
|
|||
|
|
|
|||
|
|
<span>浏览数 22</span>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span class=content-node>
|
|||
|
|
|
|||
|
|
<span class="label label-default label-node-first">
|
|||
|
|
<a href=https://xz.aliyun.com/tab/4>社区板块</a></span>
|
|||
|
|
<span class="label label-default">
|
|||
|
|
<a href=https://xz.aliyun.com/node/18>IoT安全</a></span>
|
|||
|
|
|
|||
|
|
</span>
|
|||
|
|
</span>
|
|||
|
|
<span class="pull-right t-vote cell info-right"><a class="vote vote-up" href=javascript:void(0)>
|
|||
|
|
顶(0)</a>
|
|||
|
|
<a class="vote vote-down" href=javascript:void(0)>
|
|||
|
|
踩(0)</a></span>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<hr>
|
|||
|
|
<div id=topic_content class="topic-content markdown-body">
|
|||
|
|
<p><strong>CVE-2018-17066</strong>漏洞概述:在该路由的前端页面中存在时间设置页面,但是我们手动输入的时间并没有被过滤,就会直接将数据传输到后端处理,经过一段函数调用后会将参数传入system作为参数从而实现命令注入!(任意命令执行)</p>
|
|||
|
|
<p>环境准备:kali2023因为自带bp不用安装了!!!</p>
|
|||
|
|
<p>利用链:<br>
|
|||
|
|
前端发送post请求将时间数据发送给后端-》websOpenListen监听请求-》收到请求后使用sub_4572A4函数进行时间设置-》由于未进行任何过滤导致<code>doSystem("date -s \"%s\"", Var);</code>会直接将传入的参数作为system的参数-》从而实现命令注入!</p>
|
|||
|
|
<h1>D-Link固件提取</h1>
|
|||
|
|
<p>固件下载地址:<a href="http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-816" target=_blank>D-Link Technical Support (dlink.com.cn)</a><br>
|
|||
|
|
<a id=img0 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240523223433.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABLsAAAL/CAYAAACOH8W7AAAgAElEQVR4nOzdeXzU9b3v8ddvlmQy2ROykBA2QQIiEOqGGwq2INrWajexPcWlvbZ6Wk+llHP17HgPUmztudpyeoDircJp69a6AFYQqgeqVQPKvgUSspNkss2+3D8mCZOQSSYLEML7+XigZOa3fH+/Cczkzef7+RpNTU0hRERERERE5KJnGMYZv+/usa6/FxEZSixWq/V8j0FERERERERERGRQWILB4Pkeg4iIiIiIiIiIyKCwuFyu8z0GERERERERERGRQWH4/f6oPbum3fy5czkWERERERERERGRPvnknbc6fW0xm81RNz56vPRsj0dERERERERERKTfumZblp42DqKFGkVERERERERE5MLRY9iFYTpHwxARERERERERERm4XsIu4xwNQ0REREREREREZOB6DrtMquwSEREREREREZELhyq7RERERERERERk2FBll4iIiIiIiIiIDBu9hF3mHp8WEREREREREREZSnoMuwyTpjGKiIiIiIiIiMiFQ5Vd0sEwDBLi4piYn8uozHQyk5PITE4i0RaPof5tIjLIQqEQrW4Pdc0t1DW3cLKugcPlVbi8XkKh0PkenoiIiIiIXKB6aVCvnl0Xi+QEGxPzcrls7Cguu3Qi+SNHMiIjg4z0NBLtdoVdIjLoQqEQrU4n9Q0OTtXXU15Zyd5Dh9l7/CSHK6podrnP9xBFREREROQCpAb1FznDgIykJKaMGcWNMy7n2pkzKCgoIDU1lYSEBBISErBarQq7RGTQhUIhfD4fLpcLl8tFY2Mjl0+6lB0f7yJx16fsP3GSupZWVXmJiIiIiEif9Bx2mTWNcbhLS7Qz/ZKxzL2iiJtnXc2kwkLsdjsmBZ0icpYZhkFcXBxxcXGkpqaSnZ1Nfn4+6Wlp2O0JxFmtFB87Tn2L83wPVURERERELiCq7LqImU0mJheM5JYrZzL/phu5bOrU8z0kEbmImUwmkpKS+MwVV2BLSMBkmHB5Pbx/5ASBYPB8D09ERERERC4QalB/EctMTuLycWOYNXMGkwoLz/dwREQ6TJo0icbGRo6Xl3Okup6a5pbzPSQREREREblAqLLrIlaYl83lhZPIy8vDYun5W0FE5FyyWCzk5eVxeeEk9peWU3NYUxlFRERERCQ2CrsuYuOyMhk/ejTp6enneyhyoajazPKfljNvxX0Une+xyLCXnp7O+NGjGZeVyZ+Plp7v4YiIiAiL2b3zVnh9LtOfON9jOV8Ws3vnDVT9/IvM++/+PB/FY7/Gczv8eta9PNivY3yFzX96kNxtsb02q/57C/eykfivr+zX8yJDnRrUX8SyU5LIyswgMTFxkI5YzNolG2DhCu6b0c2z65awOWcxS2/N7tthd61lyXq4ewgELKevATY/uZItzGXxj+fRxyvqrGozy39aTNEPlzIvd9BGytolm8mPdkyFVtJPgUAAt9uNw+HA5XIRCAQ6Vks0DAObzUZycjJJSUnExcUN6FyJiYlkZWaQnZyo9yMREZEh4Wf8+uMbePL2X7Nq+QM82MOWq154i3vH9P0MB974HNP/vd8DPAfaVqk3maHbjye9Pd/zYTGb4e8Nqj6Gm36wheobfkXO91+M4QBthSpGX85r9PIZq7fnRYYu9ey6iCXZ4kmw2c7ZFMaiGYVsWL+WzUV9DHVm3M7czSvZsK6YokW9RTM14RCqLsZjT7mbFb0es7P66nKgiHk/XkHRxuWsXFLM3PZQaddalqw/0OP+hQtXcHvlclZ+UhQ9KKvazPKfbqE+xjEVRgkY29VsXM7Kd9qPlsHchW3X3GW87ccpXreEDfuiH2/DkiVs6O6JzEEI/2TICgaDtLS0UFNTw8mTJ2lubiYUCmEY4U9nfr8fu91OdnY2I0eOJDMzc0CBl8ViISE+Hnt8nN6PREREzqFVz2/k3tE9bZHEve+9xb3dPHPgzVuZvhwwwFG8mpwfvBTjWe9i85sPkGuYO3KbockI/2of59Jf4VlQcMZWhX/7Fp6/jXigZTc/XrCUp6MeNiIke/LnzOPnbce+h81ff4V5v4NHfv4iTxb1Uqhw21t4bovyXOQYjLb/tH3G6v7Y8/G8N7/jq769nudP99fSyrZnvsy83525Tcf3bIRVz2/k3oxeXjMZ0lTZdREzm82Y2v9SPRdmFFG4fgPFxTXM61rdFUNIRN0GlizpNmIBCjtVfmXc3HsFWc3G5aysjmnkUWXfupQVt0Y8MOM+VsxoP/a8tiAtHMAVTzs9pprKWI6ecTpEi6qtmi4WHUFUDTW7iimOGG/X4xQtWtF9xZcqwi5qLpeL0tJSjh07htfrxW63k5GRgd1uJxgM0tDQgMPh4OjRozQ1NTFp0iRycnIwDWBKvMlkwmq16v1IRETkXCt9i/hv/Ucfdvg+u9/5XJfKor5UBrX9XNKnyqRz6CtPUP296aS1fVn48EY8D7ey7RdfI/7myA2/z+53rqPqF19j3u+7HKOne2F0s81Pvkv8TwDC9+TpH36th+DlS2x+7X5y372d6St62ObNjTyZ1P71PDx/nhcOwT7/NeIjtlz13OvcSzffA0P6M1n4e7CQVrb94vZO9/+Rn/6WJx/eSPV1a8j54Sud9iq8cTmP/OSx7u/tkL5e6UmPYZehnl3D39kMu6IFWO+sZMk7EV9PuZsVi9pDlzZVm1lbXMR93QZWxWzemH9mYDZAnaufehIldOtHldig61IRduCnS9hCIXM7vQFnkz1o0yXlYuH1eiktLaWiogKTycTo0aMZPXo0SUlJWCwWQqEQXq+XyspKTp48SWNjI0ePHiUpKQm73Y65vx8U2v6O0vuRiIjIufPde7/Ad4G/+9lvWT4jlpYnrWz75d3MmPsMYMIwtWU3E7+O57UrWfrFx8NBwpeXUfXdS9j1y7uZ3zEz7w42/eE+bqr/hG0ARnj/IeelfyD3JYC/ZdeWa6nquIau420P7c68jkee2tDr/bz3nde7rZhrv8fzo85ojH7e0/7A/C/+AYBVv/4ji/gTtnv/b/gpk4nInwzbPoFdQJ/B7mDTHz5HIWWsm/sQD3Z5XX6++G5+/uVl7JoVvqbwR8xWtu2q56YZ0/n7n93Jzx99tWP7yOs/h+UhMog0jVEGQbgqqCPWWr+EJeszmHtzdq/T2qJVVxVv2sKBfVtYO/LM6XnF6zawZV8h2bcObnXRGVVa3ehcsXW21bPlp0vYEsOWhe2/yZ3H0hXz6Nqzq2bjcrbUbWHlki10msbYJRwr7Oax7kSdxhhTNZpciE6dOkVtbS1+v5/MzEwmTJhASkoKFoulYxpjQkICZrOZUChEeXk5DoeDmpoa8vPz+x92tdP7kYiIyPnR8ilLv/SP0SuK7vpXqh4cf3paXzsDOPJ71mUuYvm67/P0fc+y6vZppLWcJPebG9hkfIP5LwF3XcmMpFa2Pf8xfGPamccZciIq0LodZ/Tnn/7RN6Lcx4fY9adbKAQcu9aR+6M/RDl3T/cmomdXLPevyzTGPj8/1Cz+HDclgWPXFh6MNuaX/4kZL9P5mv7yfdZlvsKiGZ9jlem1033oLrTrlzNoGqMMgiLuW1HEGQ3qd61lyyft2/TcvP6MIy5aQdGutSzZvJmaGRFhWdVmNu/LYO4Pz9I0umjVaG2hHQDVNdRANwFel9CvawVYe0Vb5lzunhbLYM7WNEaganN4GmOncCzyOGeeu3jdEjZU9xBetjXal+GppqaG5uZm4uPjycnJITMz84xtDMMgOTmZ3NxcnE4nZWVl1NbWkpWVhc1mG9gA9H4kIiJy7nU3ta6r9mClu4bshokHv72Fazbdwq4fGVAAB956hBnH/4mqB/8vq159hAOzxpPWcoxNr5qY/w2G7jTGDp0b0D/y5HMsn35mtVbhg6/gbk9OWj5l6Zf/JWpguOq/boGyk1A
|
|||
|
|
<p>下载后就可以检查一下文件的属性了:<br>
|
|||
|
|
<a id=img1 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240523223923.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAyIAAADACAYAAAD4KddKAAAgAElEQVR4nO3dfWwc530n8O9QfH9brmQbVB3bEcXVuYoOtnwxfCaT2I4LX0gndwoKS0EDW2leyFySHpkGwqWxnCix3OaiICWNIDApGKhiGEjUPypcz9rEPat2UrJILlIdgFIEcUW1MXLhJaZFcvmyIsWd+2N3lrPDeXnmfWb3+wEI7rw8zzw77795nmdWmp2dldfX17G2toZcLoeTJ0/i2LFjICIiIiKKi9nZWSSTSdTW1oZdlKpw8+ZNXL9+HZ2dncJpjh07hkOHDqGxsRH19fWo8bF8REREREREuhiIEBERERFR4BiIEBERERFR4BiIEBERERFR4BiIEBERERFR4BiIEBERERFR4BiIEBERERFR4BiIEBERERFR4DwNRDo6OjxLazVMRNHk5Fg1SmM3L54n/DmXKmm4fv3n5XXUbX4ULq+3HfcFiiL+9CQReWp+fh4dHR2Yn5+vqmVXA65f/6hvEtWflXWuxW1QeayOLaPpRgEGj1eKA18DEbPo2+pg00uvDPOgIooGs2Pc7OKoN12kVkR77NupSanG84Yf59JqXI9BUB8XeseIer17UVPI7Rg9ZoGDWUChTcfgg+LEk0BE70nO/Py84YFg9ORHnVZ7IPHAIoomO8el2Y2V3Yuvk+VXMu25VDkHi5xLRW5stfNwvUeH6HVUb34Kn9lDGbOaMqJK4Ekg4iYKN0qrzYcHHREZsbqxqobzh9kTdb0bHbPzrRYfBAXD6Xo22vbcZvGg92BAHUiabUuRoIUoyiLZR8Rpky4iCpZRMyuj+cyaFtgZLzofb8b01w1vUuLH7jZji4J40ttWZsGIVRDKY52izpdAxIuTHg8oovhwGgjYOaZFzinV/kRYXQNi97zJfgTh0ttmVgG8Nr02H4oXO/1ARHFfoKirPXkN+MS7/hFP734KPwCwc+dOHDt2zHGGbgIHnkCJKoeT/h1u27Sr3zBUzecSq/VgFnTwPBwOo6ZydrcHOy7Hj9GxKlozwm1McVb7R6WPH8MLF5/B5ZMnbWdi1IHKbptGo7eCsCaEKF6CvDCKvjmr0i/U6vbkwOZNC8+f8eD2DXQiwWelHwNxZadGWSQI0QtGiaKqdtcuYH3dXSZudnajtGyaRRR9bm6evCJy01UN5w6z9uOAuxtRp81CSJybDstWD/3YbCva3JxHRbYntzlFmaqPyA/w2ff8wHXTLCKqHnHoJB6lsgRJ7wbGq1qial2nQbHbYdmIk9c0U/DMHqaIbHPRWmGjZRGFSRWIOG+aRUTkBy+amlTrhVevNkR0nek1mWWtSDD86LCsTk/Rp97GItucTfEoznx7fa/bJy/sI0JEvJC6J3JTI1pTou6HQN4SfckCX8hQucw6rXObU6Xy/JfVFaKv7LTTjpwXQKJoC+oYdft2rWpg56bGyVuZyFtumlyJ4s1sNIlsF6NXO0ehnx6RGxKefFl+6y83cOSOzdf3/upXvwq7XEREREREwmZnZ5FMJlFbG8nf6644N2/exPXr19HZ2Smc5tixYzh06BAaGxtRX1+Pmvv3dBUnfQwvXLyIQ4cO+VNaIiIiIiKiotq7u3YBeBeeu9qLXC6Hy2GXiIiIiIiIKl7Nhx4NuwhERERERFRtahiHEBERERFR0DzpzbOysoK3334b27Ztw7Zt27zIkogc2NjYwMbGBm655RY0Nzebzsvj1h6u2/BxG1QvbvvqZWfbU/x4Eoj87ne/Q3t7O5qamiBJEiRJ8iJbIrJBlmXIsoxcLoff//73uOuuu0zn53Erjus2fNwG1YvbvnrZ3fYUP54EInV1dWhubkZdXR1mZmaQzWYxNzfnRdZEZGHHjh1ob2/Hrl27AACSJGFlZcUynfa4XVxcxDvvvON3cWNl+/btSCQSXLch4jaoXtz21cvptqf48SQQUao+Z2ZmIEkSHnroIS+yJSJBFy5cwMzMDLq6Cq/jFmmOoD5ua2pqcO+99/paxri6du0arl27Vrogct0Gj9ugenHbVy8n257ix7NffJEkCdlslkEIUQjuu+8+vPHGGwBgqxmCJElYXFzEBz/4Qb+KFnvbt2/HuXPnAHDdhoXboHpx21cvp9ue4sXTn56cm5uDLMteZklEgpw2h2STBWtO1xHXrXe4DaoXt3314jasfJ4GIgCEA5G6ujqsr6+7Xp5X+RARVSJJkoTPy3bmJSJ/8dilauB5IAJYByP19fVYW1sTPmjq6+vLhtfW1mwtj6jSsdqaiIiI4saXQESPNpjQDqtpAw3tMBERbWUUkOqNt/MAx216IjLHY5eqlS9Ns4x28hs3blimb2hoEDpIGhoaSp+1QY3IcogoHOoLo96xbnRB5sXTmtH6FFl3yno32j7qz6yBE6ddn0brV2S8mjKPVf6ixxNvWMPFY5eqVaCBiOhJTWS+XC4HAGhsbCx9VoZ58iSKLuXmyOw8oTedbaD9Z7VtyD6j4EB7c2g0bHU8aKdbDestw2g6xQePXYqrQAORxsZG4TwUTU1NuvOsrq7qzq83TETxpb7hIn/wBiY8euve7KZS73hQz2+1LbXpue3jjduP4i6wPiJAefBgRBt4KGmampqE0hPF3cmTJ/Hzn/9cd9qDDz6IT37ykwGXiOLA7Am2VfMc3sj4L25PrONSzkrAY5eqWayaZomO54FJcfbpT38as7Oz+PWvf102/s4778Sf/umfVs3+zaYh9lj1t7F6Su4kHQXH6niwCnR4PEUXj12qZoEGIs3NzcJ5qLW0tGB5eRmyLJc+m83Pg4/i7umnn8aRI0ewsLAAAEgkEnj66aerat/W64xL4rRNdaz65WjTUbS4PR54PMUHj12qJoEGIktLS5bpW1tbddMr45aWltDS0lKWFwMRqkTf+ta38IUvfKH0mfs1ibLb74CCYfYWK7dE+4hQtPHYpWoTaB8RJ1pbW8v+a6eJBDdEcfXd73437CKEjhdfe5y8kUybljc90eV2u4im5z4QPB67VI1qOzs7AbwXz7z2Q3ys032GXvcRyWazW6a3tbWZdtTiQUgUP6Jv+yF9ypN2q3Wkfipv56aHTXr8IfI6Xz1Gr98VvRk1ev2v6PLJOzx2qZrVzs7OYvqFD+P9jz6B9fRLnmRqdIC0tbW5Sq9YXFxEW1sbFhcXGYgQIV4XGr0f3xKZzuPanJ31Y/ZaWJE0cdrfwqben9U3/mracXrr2uh40OZvNqyX3mr55D8eu1TNagHg3Y9+GPcdO4ar/wbc7jJDsxoRpeOtmUQiYXlQJhIJLCwslM2XSCRKy+BJlKpNnPZ5kad+FCyjdul6n/WGyZjowzKnLQmsto2TlggUHzx2Ke4C6yMiEoSIzqc3j2j+RETVROTGgzcnRNHDY5eqQS1wDS9+8RgufOxFvPR+4ORldxma1YgQkT94zBEREVHc1HZ2Poj3Hvsprj75B8jlcq4ySyaTyOfzkCQJ+XzeoyISkZmamhrk83kkk0lH6bdv3+5xiSqP03XEdesdboPqxW1fvbgNK1/N7Ows/hpfxO7du3Hsp+4ySyQSuHjxYikY4R//+Of/Xz6fx8WLF0v9pJwct+fPn3d38FewX/ziF1y3IeM2qF7c9tXLzban+Ch0Vv/U3+HFy3fgU6/9FMMOe6vLsoyuri5cvXoV58+fx/Xr170sJxEZSCaTSCQS6OrqAmD/DSy7du3CtWvXcO7cObzzzjt+FTOWtm/fjkQigV27dgHgug0Dt0H14ravXm62PcWLJ53VNzY2Sp93797tRZZE5IL6mBSZRznZkzWu2/BxG1QvbvvqJbLtKX5qAeBfX/woPvUD4IkX3g9ctt9b/ebNm1hdXS29i1yS+J5qoqApL4pYXV3F+vq65fw8bsVx3YaP26B6cdtXL7vbnuKn+MvqH8eLV3+I/5jLOXpr1q233oq3334bKysr2LZt
|
|||
|
|
文件属性:<code>U-Boot: OS Kernel Image("Linux Kernel Image")[Linux,MIPS,lzma]</code></p>
|
|||
|
|
<p>直接到Ubuntu里面提取一下固件文件:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=p>~/</span><span class=n>Pwn_CVE</span><span class=p>/</span><span class=n>CVE</span><span class=p>-</span><span class=mi>2018</span><span class=p>-</span><span class=mi>17066</span><span class=p>$</span> <span class=n>binwalk</span> <span class=p>-</span><span class=n>Me</span> <span class=n>DIR</span><span class=p>-</span><span class=mf>816.i</span><span class=n>mg</span>
|
|||
|
|
<span class=p>...</span>
|
|||
|
|
<span class=n>DECIMAL</span> <span class=n>HEXADECIMAL</span> <span class=n>DESCRIPTION</span>
|
|||
|
|
<span class=p>--------------------------------------------------------------------------------</span>
|
|||
|
|
<span class=mi>4280396</span> <span class=mh>0x41504C</span> <span class=n>Linux</span> <span class=n>kernel</span> <span class=k>version</span> <span class=mf>2.6.36</span>
|
|||
|
|
<span class=mi>4280496</span> <span class=mh>0x4150B0</span> <span class=n>CRC32</span> <span class=n>polynomial</span> <span class=n>table</span><span class=p>,</span> <span class=n>little</span> <span class=n>endian</span>
|
|||
|
|
<span class=mi>4327552</span> <span class=mh>0x420880</span> <span class=n>CRC32</span> <span class=n>polynomial</span> <span class=n>table</span><span class=p>,</span> <span class=n>little</span> <span class=n>endian</span>
|
|||
|
|
<span class=mi>4348800</span> <span class=mh>0x425B80</span> <span class=n>SHA256</span> <span class=n>hash</span> <span class=n>constants</span><span class=p>,</span> <span class=n>little</span> <span class=n>endian</span>
|
|||
|
|
<span class=mi>4350160</span> <span class=mh>0x4260D0</span> <span class=n>AES</span> <span class=n>Inverse</span> <span class=n>S</span><span class=p>-</span><span class=n>Box</span>
|
|||
|
|
<span class=mi>4350928</span> <span class=mh>0x4263D0</span> <span class=n>AES</span> <span class=n>S</span><span class=p>-</span><span class=n>Box</span>
|
|||
|
|
<span class=mi>4642928</span> <span class=mh>0x46D870</span> <span class=n>xz</span> <span class=n>compressed</span> <span class=n>data</span>
|
|||
|
|
<span class=mi>4675640</span> <span class=mh>0x475838</span> <span class=n>Unix</span> <span class=n>path</span><span class=p>:</span> <span class=p>/</span><span class=n>var</span><span class=p>/</span><span class=n>run</span><span class=p>/</span><span class=n>goahead</span><span class=p>.</span><span class=n>pid</span>
|
|||
|
|
<span class=mi>4764032</span> <span class=mh>0x48B180</span> <span class=n>Unix</span> <span class=n>path</span><span class=p>:</span> <span class=p>/</span><span class=n>etc</span><span class=p>/</span><span class=n>Wireless</span><span class=p>/</span><span class=n>RT2860AP</span><span class=p>/</span><span class=n>RT2860AP</span><span class=p>.</span><span class=n>dat</span>
|
|||
|
|
<span class=mi>4789596</span> <span class=mh>0x49155C</span> <span class=n>XML</span> <span class=n>document</span><span class=p>,</span> <span class=k>version</span><span class=p>:</span> <span class=s>"1.0"</span>
|
|||
|
|
<span class=mi>4819148</span> <span class=mh>0x4988CC</span> <span class=n>HTML</span> <span class=n>document</span> <span class=n>header</span>
|
|||
|
|
<span class=mi>4819285</span> <span class=mh>0x498955</span> <span class=n>HTML</span> <span class=n>document</span> <span class=n>footer</span>
|
|||
|
|
<span class=mi>4839035</span> <span class=mh>0x49D67B</span> <span class=n>Neighborly</span> <span class=n>text</span><span class=p>,</span> <span class=s>"neighbor %.2x%.2x.%pM lostd_delay_timer"</span>
|
|||
|
|
<span class=mi>5018336</span> <span class=mh>0x4C92E0</span> <span class=n>CRC32</span> <span class=n>polynomial</span> <span class=n>table</span><span class=p>,</span> <span class=n>little</span> <span class=n>endian</span>
|
|||
|
|
<span class=mi>5021872</span> <span class=mh>0x4CA0B0</span> <span class=n>AES</span> <span class=n>S</span><span class=p>-</span><span class=n>Box</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>binwalk 是一种常用于数字取证和二进制分析的工具。你提供的命令 binwalk -Me DIR-816.img 是用来执行 binwalk 的特定操作的。下面解释一下命令中每个部分的含义:</p>
|
|||
|
|
<ul>
|
|||
|
|
<li>binwalk:这是命令本身,表示你想要使用 binwalk 工具。</li>
|
|||
|
|
<li>-Me:这些是修改 binwalk 行为的选项或标志。具体来说,-M 告诉 binwalk 在发现文件时自动提取它们,-e 告诉它递归地从其他文件中提取文件。</li>
|
|||
|
|
<li>DIR-816.img :这是你想要 binwalk 分析并从中提取文件的文件或目录的名称。</li>
|
|||
|
|
</ul>
|
|||
|
|
<p>提取出来的文件:<br>
|
|||
|
|
<a id=img2 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240523233832.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAzYAAADmCAYAAAAHmRDzAAAgAElEQVR4nOzdd3xU153w/8+5M6MZ9d5BgOggDBibjsEGN4x72RSnbMqGPMkmeTZlU355Nt1xss/G+2zWm42TdRL3xN0G25hmm957EwiQQL3Xqff+/hjNaGY0kkagynzfrxdIc+6dc8uZMzrfe849V6WnpxsIIYQQQggxitz7+N/4x1tmUpBqwlV7lr1vPckv/+1tTnUoAKyLfsH63ybyu1u/yt/qVfhMxqzl+Xfm8PaytTzf2JlmnsvX17/M1ybo6AGrKtcOHrvlM/yhYS6f/s2P+fzCyeQnaThqSziy8U/8669f4kBT1/ppn3qZ7ate5q5vbqQ53LYtt/CD9V+g/rO38dPDERzwAO1XN1ocqck6TQ32oHwDGda+81ZZy/jCD77Fo0vHk6zsNJ7dwvO/eoyn9jUxVMGGksBGCCGEEEJcU1KX8/0Xn2T5+vu459+LcQQsMmzpjMmwgQGmyWv57/9M4+mF/4u/tvQQ/FyhtE+9zI4fX09Mbyu5i3n64dsjC2xEn8zDvQNCCCGEEEIMpISiW5l98ed847/P4CAkYIm9he+ue5zV8S4czZUUv/YzdrQNbFAD4Gm6RMlzv+WRH26lNdwKlkV8+amPYW8f8E1HLemxEUIIIYQQQox62nDvgBBCCCGEEEJcLQlshBBCCCGEEKOeBDZCCCGEEEKIUU+5XC65x0YIIYQQQggxqpkbGxv7XksIIYQQQgghRjAZiiaEEEIIIYQY9SSwEUIIIYQQQox6EtgIIYQQQgghRj0JbIQQQgghhBCjnnm4d0AIIa5VdrudxsZG2tvb0XV9uHdHCCGEuKZJYCOEEIOgqamJxsZGCgoKSExMxGQyDfcuCSGEENc0CWyEEGKA+XpqZsyYgdksX7NCCCHEUJB7bIQQYoD5emokqBFCCCGGjgQ2QggxwDo6OkhMTBzu3RBCCCGiigQ2QggxwDwej9xTI4QQQgwxCWyEEEIIIYQQo54ENkIIIYQQQohRTwIbIYQQQgghxKgngY0QQoxA5eXllJeXD/duBPHoOmq4d0IIIYTogQQ2QggxwpSXl7Nx40Y2btw4QMGNouRSLS/89UVqSs/1OzgxDBObd+7nz3/5H9pqLke0va27D7Jnx1Z0R4c/9UxpNa+/8TrVpWci3u/Nu4/y1FO/p+Lc0X7ude8uVzdSdv70gOYpgsk5FuHI50IMJglshBBiBKmsrGTjxo2sWrWK2267bUCCG8OAuoZGmppaeO3dDZw5sgdlGBG/Xykdt0fDaXdz6vSxPgMju1Nx6vRxzpWcwdBtPPXsMxzYuZm2NjsVFRU42lsj3rauG3g8ngHtKTIMjd0HD2HYI98P0T9yjkU48rkQg02eHieEECNEZWUlGzZsYNWqVeTl5QFw2223+dPKy8vZt28fa9eu7Ve+ShncOGsyiQkJbN20jt2HDjN+/CQsSWkR5mBQOH4850/uxeE20AwDj+o51DhaXAIdbRTNnkRlSzuu9g403Y3ey3tAY9u+QzRXXwpKrW1oBhQ7DhzHdrosaJ8WzZ1Jau74CI+hS5tdp7aymIJlH4to/Xe27qDq4lmcTgcKA5s1hvzcbOZeN4u07DFEHiIOLIdL5+DR45w/e4bW5kZMyiAtJZnpUwqZXnQDr278kMpzx1kydwrXLbglaD8r6+y8/MpfSLXpfOrj/8Cf33qHtuqybtvITrXy8COfwa36dx20v+d4ZByP4lxpJUcO76e+pgqFh7zsDJYtWkx8WhYAbo9ix/4DnDt1HN3VQUFeFksXLyM2ObguXapq4p1332Jcmpk71vyd/7PfZvewY/duLl88h9thJz01kcXzbyCnYFKfn6NweZ4prWfTO38Le6Hi+mljWbDiLlwR7bOirKKGUyePU1VZgcfVwBce/SIukznC5ZG5ks9FWHotm//thzy9p4L65jacupnYlCwKpsxh8W33c++y8cT7vm70S7z4tc/z1OksHn7iadZOb2Tzb/4PT++6RF1zBy4sxKVkM37ajax86O+4a1Y6PU3Wrzcd540//JHXd5ymqs1E8vi5rP77r/DJBVkBDWqd5uMv8bMf/Q9Hxn2VZ391LxlBHzcXtUc28Pr6D9l37Bzl7dfznRe/z9KYrjWMho386O8fZ1tbIst/8DQ/XJEccHHHSeXuV/jzXzdyoLicJiOR/JnL+fiXP8+qcbY+zlvnuTjp7rbIPP1zfKvoPX71twqS73qMF/7pBiw9ZtTOBz9+hJ9+pLPg2y/ws9uTI7z41Ne56cf6rnK2PfMkf3n3CJfaYsidczt//5XPSmAjhBAjQbigBiAnJycouLnhhhsiyE2x/oO9lJ7cF3Zpqxv++Pxf/a81zeDj96wmMWcch4vL2bHpzR7/SB0+dYHDp/47KM1scvOFT3wa4pOwOxVHDu/BatGZMXMeO89eQtN1zl6qxXVpDwrFnsOnOVpSCcDsqePInzjTew5q66ktLQ273eq6RqhrDEgxuH7q2AjORXfFpZeYlJ2GFpuAHsH6tfUNOOztZKSmYrHFUd/UTHFJKSUXLvDQXXeQkjfhivbjarQ7DF556y3aaivQNEVKUhIeTFTVN5JZdQmj6HqmTppKRckJTpWUMPfG5bg1X3NNcarkHGZdZ0ZhIR6zt/miFORkZmC2xvq3k5YUE9E5CtXfczwSjqeqroN333uTOJMiOyOLxrYOLl6qov39dTzy8Kdxaxa27D5AydE9JCXYiEnI5lxpBU1Nr/Pwg5/EsFhpaO7g4JEjnDl5BDweFCn+/HXDxFvvv0dT+XnGZGcSkzCWkvNneXvDBj71UAoxKRlh96u3PJPirRQWFvqH3xgGlJZX4HG0k5CQCGh97rNuKLbs3M+Zo3sxa5CTmUly6iTcugdM5j6X90d/Pxc9s1N9oYTyeo30CTOZEueiubqM4l1vc3LXBt65+dv8+ru3kBM2QrFTff4c5Q0aGRNnMSbeRUvFRU5uf4Xju3dz8edP8tV58d2/A/VLvPGT7/Gfh51kFC1jVWYtB7Zt55mfNBD3uyd4eKyGvWo/77z4DC++c4xal4FlXGgedez63Q957LUztGmJ5E+dzg1zppDsCVqJi+tfZXerDkYzO195l0s3/R1jOwtZv/BXfvwvf+KsJZPCybPIrjnFyX2v8esfWRnz1BeYFkmRKBvZ04ooSOg6StPYsUybOgmbukzr+RJq9BvI04C2nfzmK0+w23oz3/2PtcyJATxlnD3vxDCNZ+qUxIiCmj7PTb/Wb+fQ77/Pz167hClrKtPHN3Bq90v87LJLAhshhBhuPQU1PqHBTSTSUxLxjBkT9Aenpr4JZ0crmWkpxMTG+9MVHjSLFYDEeCsFBQUYuqKsvAybWZGTnYcR0NvS4XBTU11BbIyJrOw8lOYGkxnDUHywZx/ulgbGZSdjikvnbPFWwNfz0rkfDU3Q0ATApFzvlT4DnYfuWEHJpZkc3r+d25bMJz4jn/Uf7KHs1D4euetWUvKn8NamrVid9ay6eRWm2IRIT7GfYWicPXeKRRMn9tGDFEwpnduXLyIhuwDD0NiwfS/nj+3lxMmjLM2byKvvf0hVyVEeuG0FmROm09qh+NNzf2DR1HxuWHYHHsPEc6++gb3+Ip964GN8ePw0teWXaGttAcNDSmI8C+bNZtzkoj6v3BuGYuvOPbTVVpCflcSqlXf4r77bHW48rjYMpZg4NpcPYhNoaGmiofoSiTneloFHN3Hu3Ek0TWfS5Gn+7Smls3LJfBKyC4K2198GaH/P8Ug5nuz0OFatXMmk/FxM1lhcbjNPv/gMdc11OFqb6LCkU3zqIEk2+NgDD4ItiTc2fkBVyXHKSk6QP2UeH+zeR1XJcXIys6ioqQnKv7nNRU1lKfkpVu695z7cmpnNu9M5c3AbVZWljA0T2BiG1mueOenx5Nx
|
|||
|
|
SquashFS 是一套基于Linux内核使用的压缩只读文件系统。该文件系统能够压缩系统内的文档,inode以及目录,文件最大支持2^64字节,简介:<a href=https://blog.csdn.net/mayue_web/article/details/105682004 target=_blank>squashfs介绍和安装_unsquashfs-CSDN博客</a><br>
|
|||
|
|
squashfs-root就是我们需要找到的根目录!</p>
|
|||
|
|
<h1>D-Link路由模拟执行</h1>
|
|||
|
|
<p>我们主要分析的是goahead:<br>
|
|||
|
|
<a id=img3 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240523234532.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAxEAAACyCAYAAAA9B0K7AAAgAElEQVR4nO3dTUwc5/0H8O8sZlnedr0GTC51agxWsI1ip6qsGhEnHKLa/R9SFJFTG7WqbKukMm2VS1MV07qXtqpMFCrjnHLoBUXIl5omUkkxsqVEwUqF8UYBYykn20CAXd4xO//D7iyzs/O6O7Ozs/v9SIid2XmeefaZfXl+8zzPjPD48WNxZ2cH29vb2NzcxAcffIArV64gG/v378fy8nLqsR5pO6tplemIyBnyz6RT6fS2zXb/xUD52o2WpXVyenUnbVuq9Ws3rfrUO05mttXaF49bYdH7PFn9rJXi8X38+DHC4TD27dvndlFKwrNnz7C0tITnnnvOdJorV67gzTffRCAQgN/vh9/vR3l5OWw5YmqNfjM/YFpptdIbBSZElLt8fc60fiz5Od+j1QBZXl7OeM5Kw0OennJnte6zwcCv8Jg5JsqTo2ZOllppFxG5yZYgwuobW769Wlqt/PgBInJerp8zs+n5OddmJjDI13Gi7NkZXPB4FZ5cji+PJxUDn9sFICIiIiIib2EQQUREREREljCIICIiIiIiSxhEEBERERGRJbZMrF5fX8fCwgLKyspQVlZmR5ZEJW13dxe7u7uor69HVVWV7rb8/JnHenUX67/08JiXJivHnbzLliDi6dOnCAaDqKyshCAIEATBjmyJSpIoihBFEZubm5ifn8fzzz+vuz0/f+awXt3F+i89POalyepxJ++yJYgoLy9HVVUVysvLMTc3h1gshsXFRTuyJioZdXV1CAaDOHz4MABAEASsr68bplN+/qLRKL799luni+sZBw4cQCgUYr26hPVfenjMS1O2x528y5YgQup2nJubgyAIOHv2rB3ZEpWce/fuYW5uDk1NTQBgqktf/vnz+Xw4efKko2X0okePHuHRo0epHzfWa36x/ksPj3lpyua4k3fZdo9xQRAQi8UYQBDl4KWXXsL4+DgAWOrKFwQB0WgUnZ2dThXN0w4cOICxsTEArFc3sP5LD495acr2uJM32RZEAMDi4iJEUbQzS6KSk+1QQHb768u2fliv9mD9lx4e89LE41c6bA0iAJgOIsrLy7Gzs5Pz/uzKh4ioWAmCkPbdrFwmIiKyyvYgAjAOJPx+P7a3t03/iPn9/rTl7e1tS/sj8gp2/1I+iKLIQIKIiHLiSBChRhkIKJfllEGCcpmIiIiIiNzjyHAmrbNbW1tbhukrKipMnR2rqKhIPVYGJGb2Q0S5kfeaqH1mtXpVePZ7j7KOlHVj9LzZfUjplPkZHUPSp6w/tfpU+xzoPSd/Xm0/WttQ/hgdN6P3BY87FYu8BhFm3/xmttvc3AQABAKB1GNpmR8yIucZDYnRep7DaBKM6saJumO920urQSivZ73jaeYzovU8ucfouCmfN1pWplc+lj9PVEjyGkQEAgHTeUgqKytVt9nY2FDdXm2ZiNwn/4Gl/DDT6GBQR5Qbte82eaBg9BlTpudnkrwib3MigPSGvxZl0CClqaysNJWeqFB88MEH+Pzzz1Wf+8EPfoCf//zneS4RFRKjXoZcGxHyBozWPsibeAxLE487FRpPDWcyu54fNCoEv/jFL/D48WN88803aesPHTqEn/3sZyXzPmUXvD6pfozeD1YDgFJ5fxUDvbkv8kCQx7SwGH23GfVC8LuRvC6vQURVVZXpPOSqq6uxtrYGURRTj/W25xctFYp3330X77zzDlZWVgAAoVAI7777bkm9R40mkZY6M0MY7OpB4KVdnaEcupJNejPPM5goLLl+t/G7kbwur0HE6uqqYfqamhrV9NK61dVVVFdXp+XFIIIK2V/+8he8/fbbqcd8f5IaNyaiM6DwFo6Z9xazcyKIvCqvcyKyUVNTk/Zf+ZyZwITIbe+//77bRXAdf0TTmWlYsPFBfA8UvlyPj9n0fC9QoSn4ORGxWCzj+dra2rRLpWW7HyKyn9krkZA+p3olWPdEztC6RKvZ3gitS8Qq8yMqFI70RGi90Wtra3NKL4lGo6itrUU0GmUQQUXFS2NjpbJqlVnreX4+E9TGz+fzuvBslORO772vNt5dOadB/hkxCrzleNzcZfTdpjyuestq6aXHvBkkFbq89kRIk0v1hEIhww9LKBTCyspK2nahUCi1D37YyKu89N41OxmUtOnVkd31p9bgZeM0N2qX5LUyR89MffOYFB6r333ZztvksadCl7c5EWYCCLPbqW1jNn8iolKiN/STiIgoW3ntiSAiffzsEBERkRfYGkSEw2HE43EIgoB4PG5n1kRFz+fzIR6PIxwOZ5X+wIEDNpeouGRbP6xXe7D+Sw+PeWni8SsdPjszC4VCmJ6eTgUS/OMf/8z/xeNxTE9Pp+b3ZPP5m5yctPMjXTS++OIL1quLWP+lh8e8NOVy3Ml7bOuJEEURTU1NePjwISYnJ7G0tGRX1kQlIRwOIxQKoampCYC1oU2iKOLw4cN49OgRxsbG8O233zpVTM85cOAAQqEQDh8+DID1mm+s/9LDY16acjnu5E22BBG7u7upx0eOHLEjSyJC+mfLzDbSlzfpY726i/VfenjMS5OZ407eZUsQ8ezZM2xsbKSuaywI3rnWPVGhkS5OsLGxgZ2dHcPt+fkzh/XqLtZ/6eExL01Wjzt5ly1BRENDAxYWFrC+vo6ysjI7siQqabu7u9jd3cXBgwcNt+XnzzzWq7tY/6WHx7w0WTnu5F22BBFVVVU4dOiQHVkRkUX8/DmD9eou1n/p4TEn8hZbr85ERERERETFj0EEERERERFZwiCCiIiIiIgsYRBBRERERESWMIggIiIiIiJLGEQQEREREZElOV/i9bPPPrOjHERERERUZE6fPu12Ecghttwn4rXXXrMjGyIiIiIqEp988onbRSAHcTgTERERERFZYktPBBERERFRLubm5hCLxbC4uOh2UYpGXV0dgsEgDh8+bHveDCKIiIiIyFVzc3MQBAGvvPKK20UpOvfu3cPc3ByamppszZdBBBERERG5KhaL4ezZsxBF0e2iFJ1Tp05hfHzc9nw9OydidqAdgiBk/F0clT9/EaNZpgeA0Yvy59oxMKvMZRQXFenbMzciIiIiIh2Li4sQRZF/Dv05MUTMs0EEAODMNcwoKmnonJUMLuCWRvrZgXbcfH1v/cw1oLclPZAYvXge96/N7KW/dQF3e1sYSBARERFZ5HZDu5j/nJCX4Uw9PT149OiR5vPf+c53MDQ0lI+imNZ8+Q7kJWr+UTfO9PbiwQyA5sS6c0Mi0mKWc0O4deEGzg//C7OXL0ubEREREZHLysvLsbOzY7jObFqz6fW2Mbv/QpSXnoje3l4EAgHE43Hs7u6m/uLxOPbt24df/epX+SgGERERERUwp8/Gm1lnNq3Z9HrbOP2aneqFAPIURLS0tGBoaAiVlZVp6ysqKvDee+/hxIkT+ShGDmYx8FYv7l64pT9canYAV28AZ7p/xF4IIiIiIgvy0ZiWHvv9fvj9fgBIPZb+zKY1m17aRp5WeixP77VAIm9zIhoaGnD16lX4/X4IggC/348//vGP+O53v5t9pnd70ZI2sVl7IrW6GzivmX4WA+3S+hYMd89A1IsgZgfQ3tKLu2eu4cPLDCGIiIiIrMhHEFFRUQFRFLG5uYnNzU0ASD2WluVpKioqUFFRkUpbUVGRsb18eXNzMyO9fL18H/L0Tr9+J+R1YvXx48dx9epVPP/88/jDH/6AF198MbcMMyZWD8HSvOqMidXy9M24fGfvuQ/xVsbVmySzA+0QkgHEzB3OhSAiIiIqFIFAIPV4c3MzbdmIWrAQCARSf1L+8mX5fqW0amWSp1eW0wvyfp+IF198seAmUZvRfPkObj0QcP7mKIbOSaHGLAbaW9B7F7hwy+qVoYiIiIhI4uRZc/mQpI2NjbT9KPepVQZp/cbGRmpdZWV
|
|||
|
|
<p>查看一下goahead的属性和链接:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=n>brinmon</span><span class=nd>@brinmon</span><span class=p>-</span><span class=n>virtual</span><span class=p>-</span><span class=n>machine</span><span class=p>:</span>
|
|||
|
|
<span class=p>~/</span><span class=n>Pwn_CVE</span><span class=p>/</span><span class=n>CVE</span><span class=p>-</span><span class=mi>2018</span><span class=p>-</span><span class=mi>17066</span><span class=p>/</span><span class=n>_DIR</span><span class=p>-</span><span class=mf>816.i</span><span class=n>mg</span><span class=p>.</span><span class=n>extracted</span><span class=p>/</span><span class=n>squashfs</span><span class=p>-</span><span class=n>root</span><span class=p>$</span> <span class=n>file</span> <span class=p>./</span><span class=n>bin</span><span class=p>/</span><span class=n>goahead</span>
|
|||
|
|
<span class=p>./</span><span class=n>bin</span><span class=p>/</span><span class=n>goahead</span><span class=p>:</span> <span class=n>ELF</span> <span class=mi>32</span><span class=p>-</span><span class=n>bit</span> <span class=n>LSB</span> <span class=n>executable</span><span class=p>,</span> <span class=n>MIPS</span><span class=p>,</span> <span class=n>MIPS</span><span class=p>-</span><span class=n>II</span> <span class=k>version</span> <span class=mi>1</span> <span class=p>(</span><span class=n>SYSV</span><span class=p>),</span> <span class=n>dynamically</span> <span class=n>linked</span><span class=p>,</span> <span class=n>interpreter</span> <span class=p>/</span><span class=n>lib</span><span class=p>/</span><span class=n>ld</span><span class=p>-</span><span class=n>uClibc</span><span class=p>.</span><span class=n>so</span><span class=mf>.0</span><span class=p>,</span> <span class=n>stripped</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>两种启动方法:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=mf>1.</span> <span class=p>**</span><span class=err>动态版本</span> <span class=p>(</span><span class=s>`qemu-mipsel`</span><span class=p>)**</span><span class=err>:适合在有所有必要共享库的系统上使用,可以节省磁盘空间。</span>
|
|||
|
|
<span class=err>注:通过</span><span class=p>-</span><span class=n>L设置根目录</span>
|
|||
|
|
<span class=n>sudo</span> <span class=n>qemu</span><span class=p>-</span><span class=n>mipsel</span> <span class=p>-</span><span class=n>L</span> <span class=p>./</span> <span class=p>./</span><span class=n>bin</span><span class=p>/</span><span class=n>goahead</span>
|
|||
|
|
|
|||
|
|
<span class=mf>2.</span><span class=p>-</span> <span class=p>**</span><span class=err>静态版本</span> <span class=p>(</span><span class=s>`qemu-mipsel-static`</span><span class=p>)**</span><span class=err>:由于不依赖外部库,它更便于分发和在各种环境中运行。</span>
|
|||
|
|
<span class=err>注:</span><span class=n>chroot</span> <span class=p>.</span> <span class=err>设置根目录</span>
|
|||
|
|
<span class=n>cp</span> <span class=p>$(</span><span class=n>which</span> <span class=n>qemu</span><span class=p>-</span><span class=n>mipsel</span><span class=p>-</span><span class=k>static</span><span class=p>)</span> <span class=p>./</span>
|
|||
|
|
<span class=n>sudo</span> <span class=n>chroot</span> <span class=p>.</span> <span class=p>./</span><span class=n>qemu</span><span class=p>-</span><span class=n>mipsel</span><span class=p>-</span><span class=k>static</span> <span class=p>./</span><span class=n>bin</span><span class=p>/</span><span class=n>goahead</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<h2 id=toc-0>goahead.pid未找到报错</h2>
|
|||
|
|
<p>运行后发现报错!<br>
|
|||
|
|
<a id=img4 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240524004640.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA5cAAAC/CAYAAABqgigjAAAgAElEQVR4nOydd3hcxbm43zlnu3bVi9VlW+5yxYCNjWnGJoaQ0FsCJPkFEkIqaZAQcikX0khCclNuckMPCaFD6NUUY+OGqywXyeq9rHalrWd+f6wkS7LKWVnGIsz7PH5Au7Nnvvnm+2bmm3bEquWnyfraOlpb2uiluqMBhIfFl36RBZFSduzYwc59NXSGAWsWS678Nteuyqdrw73cdc+rVEUSWfzVO7nhRB9rnyll0ppFHPjFt7i/NMrQCDLW/JTfXj0LyzApAJDtvHLHdfxlW2SERFZO/Obf+KrxW77yagm/umUNGdpIDwVkCy/dej3/t3M4+QbhPJnv//UaQvd8kd+sD5v7zUgSF1/AT390McUJAnG4cERbN/DHH9/N2mZ5+I/ty7jhr5fTctetbJnyadacvoz5mQF2PvdX/vSvzbQnz+a0s89m1YqF5LsNvDX7KNt/kIotr/DUe1X0Se+YyZV33szSXT/nW3/5kGD/PPTZfOF3N5H75PXc8bokpygdu5QIx1wu/cFFBP/3y/zy3e5hSqeTNn8Na+ZKPnz+eba1GkemrE8gwr2Qa+76Pkta/sF/3fE0FaFjLdEnGz3zFL5121eYsvWX/PBPm+gcwi0VCoVCoVAoFGCRUtLp9R3+jexk4yO/ZeNhX2g4XN1sf/BW/vLvPT0DLS+b7v0lfxPXcOE5J9O19UFe3jty4BZqqWDne5t59p/v0zBE/CFc01n52bk0dow2kjOo3/oiLxsNhCsO8osfv4v18IhtUNkitNfEEfQYXqr3lBEZp1FleN/j/PjaV8jMTMahDxLWCNBW34g3PExesovW2gY6Al46ojb8m/7OHS+vZXtjT3jYvJOX79/Jyw97yJ0xj/klM5halEKkpZH+YbE1expFkfU8+Ni2gYFlTAgiwQDhiATp4cRrbueSIg0j5Ke14nXu3x0YoXRRWj58lgc/jEslin5I31Ye+N3TFN10KT/4upfb7nmD2iOf01CMAT1jCdfc+GXmtz/LnfdvVoGlQqFQKBQKxQiIE2YvkLU1dQM+rO5oOEbiKD5KNE3DMNTK4sREkDT/c3z/C5m8eNvdvN2iopqPHkHKsm/ykzWtPPDLB9nSpupAoVAoFAqFYiTE5PQ8GQ4PXBZRwaVCMTHQdZ1o1OT2bcVRQEfXo6gqUCgUCoVCoRgdbXBgqVAoJg4qsDzWqMBSoVAoFAqFwiyjXX2jUCgUCoVCoVAoFArFqKjgUqFQKBQKhUKhUCgUR4wKLhUKhUKhUCgUCoVCccSo4FKhUCgUCoVCoVAoFEeMCi4VCoVCoVAoFAqFQnHEqOBSoVAoFAqFQqFQKBRHjAouFQqFQqFQKBQKhUJxxKjgUqFQKBQKhUKhUCgUR4xl2G+EIOszOsUlAuueKGv/ZWCMQ4Zars7i63TSMCj9Y4Ty6nF46ERE6e8j5eOuF22BhbO+qmERhz4LvRPh5QfGx24+MgRknGNh2nyBfV+Ut/4xsvwf93obEpFH9nl3kJumES79Bdvf3vbxqsNjjdKf4mig7OqYI1LPZOqZF+ERe6h55R4aW8LHWiTF0cIyg0mnnE9KaiaBTTdSfiAwdLr/aL90k7joS2QX5mOpv49d63YgR/uJfTLpi84ns2gaDpcdGewg5C2nbfN91FZ3fBRCjwsjBJfgmaWRVgCB8vHL0DVXIzMDNDQK5gkqquXoyp6AaGkaUz6tUTBXw+WAYK1BzatRyjZIIhKlv4+YcdeLQ5A+W+DJhM73DJq94yXpMIQh2CmJItBdYBneMyc4As9MjfQCCFWOnvo/0Z5FyvGkpOgg2+koL411lNo0cj79dTJTPOhWC0JGMYJtBJp307b7ORoqaidGh6ql4pmxmszpx+FOTsOiBQm376Nj/4vU7SjDteIeiqe5ka1PsvvJx+nqFTpxDTMvuhy3FqLjrW+wd6+dzLN/RUH2UIYcpXvLLezaWDFkXQ+pvwkk33AIZzFpc1aRNnkWLrcbQg34K16ldtNr+AL9n6RhmbSKvMUrSc5IQ4u20V39FrXrn6PDHz38wZZs0pZ9m8LpWQSHlMuBs/h8cueeiCc5CU36CDRuoXnLYzTWdYzdn0bK176CaVdcQ5I+9E9lw8PsePYFgnIM5cWGLWcZGdOPJymrELuzlfqnb6GubbCHmE0XY0S7Gg1tKtmfupaM1FSsdjtE/YTb99Ox7yXqd20j2FsMbQFFV9xAukMM+Rij4g9sfeU9jJ72ICs1Ec2iI4wg4c4qfAffoH7r2/iDY6m1OO1gVLvqJT49D4+GveBkkhJdCOaRXpBFU0v1x769HxHbJDw503Em2eje+xqdXROstEdTPj0LT+EcEvQw4RH2SB6RX050hB1HzkI86TqRZhMbRbVcss68kfxsFyDBMJDOdJxONwF76KiLO5709awCPhIn79oapXaxThqS8s0fz4GkyNA47rsWspPAt9egth3cMzWKvyhwaxE+WHf0yvWfoL+jwXjrRcvXWHiNjlNKSrcf/eDS2Bnhte8CQjD1e1bmFB/d/CYK/3n2rOOcfDxODejaQmt9b4eQgC0xBYsVkAZSCjRHBq68DFy5x5G4/jbKth/jgZatmOxVN5CT7eHQ0NiKLX0B6XoFTTt20tVYiZw2G+HJwa7TF7xpyfk4BGDU4mvqAuw9v5cQ6SIcjvTLyCASHiqogOH1N1HkGwZrCQWf+R4Znn7RliWPxNlX4c5MZs+zj+HvyULLuoDpnzoXl0WAlGDJJGHqhRSnJ7P3qQfwhnqtwII1+0zyl11AaooDGEomgX3m15mxfD4WIZGRAFJPwpl7GvlZU7H8+6fUNMY7KDGRrwwR6e4gPCC4tKI7XWhIiEb6bNl8eQFbEZknX0/elEmHzuzIEBb7oGDNbLo+RrArU3iwp2Zj6w0aLW5s6fPJSJ9HSuE/KXvxOboiAGGigQ7CUoDuwmqz9nzWhSFBhga2B7qFWHsg7FiTppEyr5ik/EL2PfsQ3rgCzHjswIxd9RC3nkfCIFj+Kq2TL8BDKY3ldf8B7f3IiLQzmbxyNTZZQU3l6xMuuDz28h2pX/5nIVKXkZ7lAtmFd8N/s3/HQQxLMvaUSYiOYVZ+Jyh9weVHZVJGvcHm2z/GcxNCkHexhUlJkur/i7D1A4kBiDSdpbfqZK3WSFwf5WgtXn/s9XeUUHr5ePIfV29aHslFuQgkocoN+CKDE0Txvf89Snc0o7lLyD7t62RPSsAzfw2Ju/+XjsPSf1S4SDrxa7HALVJLy4Z7qd27j5DhxJ5Rgsd2gG5DQuNeAsZsnHouriSdtuYooGFPy0MXQPd+/N6B9RnZ9z9se3ubuT5mWP1NEPmGI7yHxt1leHL3UvvBq3S0RXHM+jLTTlyAJX0lmbnPUH4wBCKd9MVn4bJApOohyl5/hWDCKRStuZqUpFPJnf0KnVtrkVoBmSu/SV5h1sgXI2iFpJeUYBFRunf+gj3rdhCxzSTv7B8yKS2f9GnF1DbuMl82s/mG3qf8kff7fSCwTrmeOaefiCbraNz8DiGJ+fICiCzST/s+BQUeCFXTuv1Zmg/uJ+BrJRzsFwCZTTegXKP5pVki+Nb/gD27Qrimf44pS0/Ann0BhSVbKd1ajTR2UvWv66kCxOSvs3DliWjRMqofv4umIQfusfZgz64grhlXMeWkE7CnnE7O9Jfxbm8wL5ZZOzBbvzA2PY+C7FhL+ZNrx/RbxX8g4+aX/yG4krFqgFGDt+IgUUNCqI1AQ9uxlixuTK1cWmfrLLvDQmIKRFsNal+Isuu9nu2fgEgU5J+skTlTIzlH4EgATYARlHTtjPL+/xoE5ps8UyYgfbWFaQsF7gyB3QWEJV3lkgNPRqjo2WJqm60z/+xYfnY7BPYbtEYFGVMFul9S+UiEnR8eWglJWKAz40yNjAKBJSLp
|
|||
|
|
在ida找到该字符串:<br>
|
|||
|
|
<a id=img5 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240524004935.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAqEAAACTCAYAAAC+j8DRAAAgAElEQVR4nO3dfXAcZ30H8O+eTi+2Xm1jK3ISk0GSSUKa2jitkzOlbRoGpCTFoa0ZQkPCUKTStEi8uIXWNKGEEOq0SJm2GaulE08LLW4LgmCLAHWgjW/q5sUmTRyQ5EBiIkV27JzeLd3ebv/Y29Peat/ubu/ZvbvvZ+bmpHv25dndZ3d/+7zcSQBUAEgkEgCAlpYW6BKJhO3/+vTGeYyfWS3L6nO3dPMyrZZvlxevy9GdPHnSdRo727Ztc0xvaWmx3D9et9ttn7nNbyce/zNP01mJxT7vmG61feZy5naczNvttL+slumlHFgdG6s8eFm303RW6/dyXM2ajzQ7pjuZ7p52TDcfI7cyZt43uZZTu3ndrj1ey4zdvnQ75k685t9qWjO7a4KXMmuXZlyOVzeevtHztGZH2486pjvlJZdruC6X4+1nmbHjlEev25fLMbdbntX6neazW75f91MiL6LmwmQ8ebwEDXafOQUgTjc5c7odu5ulnhen9YeRW37d9lmpba+X4+QWuOvLsNpPfpUDp3Kmf2Z1nnjJv1uQFxSnPDjtc+PfXsup8TOv155cyozf54Hbg6PVvrHKn/ndbR25nCOlxO1+YrWvnK6NdssvZplxOhZety+XY27+n/dTKmURp0S7G40bu5PRL3YX+mKtTwS3J9tizx+UQo+T3UXSj+V7KWfmdZRaubNiDAjt0p32uV95sPrb6n+7NBHngVvQkc8+cqut8lImKVuYyoxbHsx4P6VyFg06A7TCrRmq2POHUalvR6nnvxiKvU+KeR6Yl8mbc3kox2snUSlgEBoShdYqlWvzSKlvUynnX0Qtp99EnAduzZLm5lYKt3K9dhKVgkxzfCFPf177iOayDCd+NHkFzSnPXveF3XTl/CRvVa705mOr7S5kXxSjnLn1ywqjXPe52/y5puerGMsN+hiVw7UPCO95IGLdua6D91MqZxIcRsfr7AYYGNOtnvy9NFu5zeclD27r9Np8VqzR8flsj1NNil2a1/mNijk63pgnc168Hienvkl2TWjmDvZe8mCVbrWefOe1m8bLeWRWrNHxdjeuXPa51fKcttmY7rZPcy0zVvvT63Gz47WvnNWN3JyvQvLndd865dGoWKPjnYIhp2NrV7GR6z7zo8y48bLP3bbPLX9On1utJwz3UyIvpEQioQadibAo5lc0hVWxg9AglesTfTG/oon8UWplr5hf0UREZMdxdDxRqdKf1oNuPqXK0tJS3G8NICIqJ6wJJSIiIiLhWBNKRERERMIxCCUiIiIi4RiEEhEREZFwDEKJiIiISDgGoUREREQkHINQIiIiIhKOQSgRERERCRd96OFHLBM++pG7BGeFiIjCYmpqKugsEIVGa2tr0FkoS1FzsNnc3IzPPTAYUHaIiCgstm7dGnQWiAI3OjoadBbKVjTXGfh0TERERJWEsU9x5ByEAqyWpsoyNTXFMk8VhzddohW8BxQHByYRERERkXB51YQSERG5+fVnVMzOycBiErgoA0sysJTS3pcVYDkFJFNAUgHkFCArgKyisUbC4/deGXT2iajIhASh7x5rxNx8+kK0KGdfjJZTpguR9mqIAt/8+GYR2SMqKpZ/qlSzczK2XRdBcjYCOf1KzqYgzwLyrILkrAx5Voa8ICM5m0RqOgX1nIrZjtqgs05UsHePN2JuPpXzQ1hDdeVc/4UEoXPzMrb9UhWSMwqSMwrkmQiSMxKSMyrkGQXJGRnJpSTkeRnJ6STUcyrmruBFiMoDyz9VrMUkkrMRPP81pG/EF4GlJWB5GZBlIJXSXqqqvSIqcA7Am5Sgc04hceb2WzF3ehySpDpOp6oSGto7cPlXHxWUM3dz86m8HsLmKughTExz/GISyRkFz39NBRaWrS9EirJyIZoCsIUXIVpx9OhRTE9Pe5q2ubkZN954Y5FzlAOWfypASZf9izIOtjZB+SigoA4qkHkphr+N/zcDuK7/R0HlmELkzO23Qt3ShqZr2iGtrQEASBEpaxpV0YJTefJVyIl5nLn91vAEonwIcyUoCJXxiUvqcXUfkMIazC+n8NmvPIvZhSUkk0nIspz9vkGGLMu49d5nURuV8O/7bhGSTQqno0ePorGxERs3bkRVVZXjtPPz81haWsLRo0fDczNm+ac8lXzZX5IBAI+OPoLRcz9C364v2Qagv/nldWiNXoGv3XkCUJxrvcqZJGlBlqpW7j7QzZ0ex7q37cDi6HGgJgpI6bHUeuQip99VBViWEb1sC+a+/V9BZNWaxUOYBKAKwKuTwCVtwDKAJCr3IUxMEHpRhgQgZXjNLizhH+++3nJyRQVSKpBSgF/5w78XksWwa2lpAQAkEomAcyLe9PQ0Nm/ejPPnzyMSiSASsf5SB0VRoCgK6uvrce7cOcG5dMDynxF0OQ56/bkq+bK/lAIA/OuJQRx87wnHGtD2hm04ffqkNl+IK4L0INGIAWNxSJIKVVkEamsgVUto3NmFhZ/8D1ILswCAqnWNWPvm6zF7fASqFEGkvs612V6o9EOYgpXg85mngaEh4OmngR07gJ4eYPsOYAnaS5shRNtQZGKC0CUZEWg3XwVATU0VkskkAOADd38cTU0taGpsRlNTCz581/szN+DmtVHIsuy0ZF/oNyYj/SbllGa1nFxvbsblJxKJVf+HST7b56doNIpIJILNmzfjwoULWF5eBgDU1NRg/fr1mJiYgKIoqK6uDiyPlgIq/1ZlFwi2XJnLeLmsv9jnRimXfQCYnPwZ7v6HX8dDv/e4bZP8g+99HL//4HZtvpAGdZIkrQo4rYJSq+m8YkBrUh3VAtDrb8aGWz6MphtuwatfuRcAcMn770X1Gy4FpAhm/+cwEA3ZF/6kH8KMweeZV4A77lLwxb9W8L3HJNxzTwSXXiqhpwe4dkd6PgEPYUHHHvr6BAWhKUSg7Vf9RqzfXP/uwS+ma36krBqglCohpSBzsy4mY8Bp3vn6wTF+7ucNx7x8q/UZ81ip9FqgzZs346qrrsLc3ByeffZZAMC1116LhoYGAMDExIRtbVFgAir/dmUp6IcJyk1Jl/1l7W7aVn0Fxk6fhArg/h98EHMXE2hftw3/cXwA79nejzt+5R783dc/ht1v69PmYyBGRlFg4eQTaPrlblRvuhSX3HEfAKB6fSuSZ1/BwskntGjG4oEgUOmHMAlAby/wkU8o2PcuFdVVKmQVeMc7VXR1yXhsJILe3io89VR6PgHl32vsUez1iwlCl1NZNUEprNxc9RvwH+3di4b6BjTUN6K+vhENDY348Ad/V0hNaK6cAtNyvcGHZfvOnj2Lyy+/HA0NDdi2bRsAYO3atZibm8PZs2cDy5ejMiv/lE3UuVGqZR8A/vHuE5kaz++cegR33/AlvGd7P2JXvBtPvPBNKAB636P1FwXSE5YIY82lsVbU3LfTmKaq6qr/raYxMi7Py3Re8mg1fyhJEaQuTmNyYC/aPvZXqN7YBgBInpvE5MBeKJEFoDpkD2BA5iFMt+s39I8kAKr2c0GKhHd2KfjC/YY+36VwTHwiLAiVYF0TpNcA/fUX92dqgGRFqxFSVDE1oWHnpZrc3MRo7k5gvEmWWr84XSQSgSzLOH78OHbu3JmpAZqbm8Px48cz04ROyMu/XdlxS7cqR06fecmDl/JtNY3T/G7rd9v+MCjZsp/UglBjE3xH8zb87fc+hv84NojbdvThtuv7sprnMzOEkDEAtArejMGkOd2YZkx3C0bN6zYv27wsuzS7/0uCFAHWRCBVre5uIjVVA6modnENWWu8/hCmW0rp+1sforQSiGYJUfl3uj7aNenncg0Vc8iSbjVBwMf/ZHVN0F0fqIyaIHOAaNcUb3czdWpytesD57ZM4zRhEolEELXo91NTU5MpK6G7GQdc/t0uIk4BY65ly/y
|
|||
|
|
分析该文件的报错原因是因为没有"/var/run/goahead.pid"<br>
|
|||
|
|
<a id=img6 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240524005253.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA2MAAACCCAYAAADLwRCzAAAgAElEQVR4nO3dX2gb2Z4n8K+Cm2nDZDcOTgwxw8SJlBsneulpwQyyPQE1TWOFkDDu63mxybIkciDsSiw0mYeAImi4NwQGmSW0reQlE7+M7vWQEGLRhBakHYu7oL794th9W0qcXnAuTkyckIUMXEPtQ+lPqVR/TklVKsn+fsAklo7q/FQqS/XTOedXuHbtG+n711LF27dva37wL6tSO0oGJQmR2tsKSUkCJGlBkiSpIElBSFJkQfXABUUbrd/16G2vJIL6eBYi9bcZxV+OJVmo7y+i+r9ZX1rb12qj93wM42yAyHZEYm70uReSkoSgJBUsxGbPc38tJYPXJED7x2z/G24zstJscERERETkoj3oO4nBXnS+InA+BgSTwCgAeIGrESAVBjKKZlNhRRsrvIAfQOqe9t0nggCWgWLp98wUEE5Z7USMnX3pPZ+y0+MAUsBUxridGbu209BzLx0bkauA10Jf9sTci+hSHJKk/TNr+UAUk5lKwONJwDO16kwHRERERNS0PfFLI+jYXCwFeDylHx/gXwCWotW7R2eBhQgQ9lTbLSdr21gxWwCCyj491UQvegcI5gBf6favTwCFZO3ji9PVx8VytfFPF9W96RPpS2g7V2tjqPxMVdt4o/K2U2H9NiLs2o7Icy8nUepjQ5n4iLwWdsVsl0qC5blZijld+n2m7vgZPeeX/5NaQZP5LxERERE5xCNJkqS84d27dzUN9v32z5B+c7ylQYmYHgJifkCadTuSDlUEhnwA1Mlp6XZ18kKdZhPTQzcRy/mxII1ZHwkmIiIiIsftcTsAai/Fh0AOwAmf25FQUzKPEcsBweQpJmJEREREbYrJ2G7lBZYWgFysdgqeLwYkC0BUcHHVlHqKo8ZPs+vEyILiIoY8CXjCy4gsxLEU7dhJyEREREQ7XsdOUyQiIiIiIupkXSKNXr58aVN3/2R4b3///wEArK//vU39mfmPFvVDRERERERUi9MUiYiIHNB/q9/tEADox9FofM08L7tjafTx7fLaEBEJjYwRERFR6zSSLKxfXHcgEu1++m/1t6w/QHt/2NG/0X5u5fMjot2LyRgREZHDRJIr5cm/8v96iY9IQtTqpMkKq7Gp94nW9rTaGvXb6H4lIrKLq9MU3/7477h16w+VH937sxrFuV/cqHmsZps21nX7IA71H6r89GTdjkhQNov+/iyaCXft9kH09x+q/FzR2JhIG2rQ29s4e6sf/fO3sYY13J7vR/+ts7j91q2+XuBK/y2+xtRSaz+eLR2XzbURtX5xveZH7zY7lZOT/lv9NT/qNqL3qduZ3a8Vj1PPU3Q/msXgeCLW4PuvnceiHRhPpWf5Ncy69wGWzTrb/9qPZ+W/a8E+6uJp5TlHh3JvZOzFDfwuDwR+/Q/4ZJ9807Vr2k339zyvv/HwV7h4EQB+hR/n7yDvVJxOyPbgYBx4/+Ql3g+4HYwFaz/i7OQzBBK/RqjRbWR7MBwHEk9e4oLecxdpY6G//sluAB9wd32rJu612wcxHFf8CQTe48n99xjQfHypSeIV7l/Y1r1fc1s6bSbuvsR1ZUBmfdll3xEcB1R/M8dxZJ/9XYn1dRiXEvsxPHkLuHuxdp8QOSKLmXweE5/fh/5bjEibeloJDeDelDd1v8pESu8+rcc6lcQo+xQd2dLqV/2vWYwiz98RDb3/NnYsOofx7EaBngb3bivPOTpU1+ImMOLCpYhePB8B9v8bBgxejH2f/DMuftK6mFql+9tuIPAeHzrqXeMFrgznkZ/4HOsXGv8Lypae+2cGz12kjZgu3J7WSJRQTsT+grvrr0oJWjeu9Pdg+Mo21q9/KAUiJ0eVpGltL84OH8RZqJOk+kSvnkkb4b5s1HMEAxjAkR4Ab5zpQrSvgQtjeIJ5DE9m8cV6qPFkn0jEi28xhwncPdxkGw1WEpjdRCtJtbqvjNaNiaxjE00mW5JAW3n/bfBYdAzj2VUGPrmPdTvOxVt5ztFh9mQfr7rXe88adm1ifHwbDp1iO2Lt9g+Yw1HcvW7Du93xbfNvr0TamFi7vR/x/AfcvftBdU8XvnvQBUz8p+Kk/wMuJbaBuY9LUzBLidzEVnWkZuA9ohNA/kG3zVMhWtkXAAzAt9/2jTbd18CFTzGBZ5i88sLZkGiXW8PtH+YQCFwySPpF2nSuRpLEcrJj1/as0preqRWDyOiWWSJY3r4zI2VW33/b7VhkPGRVK885OlMXXm9iE4ALg2P6XtzArUcj1d+PJnAxlHF/Wy3SdfsgDiqnz01s4WV5tAZd2Hv2ILrPvMIb7K+2C7zHq/vvaxO8bA8OKafHNbodvMBM/A0Cic903+zqpvxNbFVHmFzRjZl4FwKJNwhhr+q+bRw5DuCnLqwBlaRvrdAFBD7Iv69140EemIh+qNnmt3Pyv9+tvW9+CmVZK/sCAAzgwtg6LpR+C4XWsa54YbPZfkziLtZD9a/22o9nMfz8DJ6MXagmy29v4+zv4jj++Trqc3XjvmrJ0xXn4s+RvX5Y81hbuz2P4fgbBBK/xv0mRmhpF3v7HR68CeCM0dC7SBsLrCYrZsUpjG4X6cdoqp4T1ImS3f2qC3KYTVVU/1+vrTNVI628J0L7WHxxBf2PfkLi1/dR8zZYei9G4AnufyK3X/vxLIbzigliR1Xv7S+uoP8HH56MHcHMrUnMlW6e0Hw/14lHaDtruD0/jHhPbf+1nzdymwdHniCJWDXu/YnazxyReMrbflb/kICV/SPYpq6dVswvrqD/0Vz190b7Um8HAI7WP099gvtZIF6xeCwe87tQFzZe4TValIypEyPEcetZXP7v/n8DIF/02bb1YC9u4NYj4POL/wD5PWUU2Vtx3AJan5CpEyP04NBcj/xfRQIkJ2J/wdb6K8in5t3o6e/BIUCRSAFd8YM4GHiPV+vvsV1KrA5e2a62yfbg0CSwtf7SfDsTW3i5/qHSZv/tD3hVsy7qOeawH4nPtE9+9ab89QNyQla3ZqoH/Yrn/uT+ewyItDHbxwrZKz2YC7zHkwvb0Ko2Err0HoHhvRg+Czy5/x64fRCTc9tIPCn1s9aFPLZxppKp7cXZ4b04nniPQHwvCsosTkg3Jvurz69mvZjtfdlg6znWEKrrdm0rD/REHQtn4LMjCMTz+DYbgtZ7PlGzsn+MI78/gaRBLi/SRlSjo1Ai22h0ap+yHyvxabVvZC2ZU4mYOk51X+qk0Eriqu5T9PHN0jwWD3+BCcwh/scsLijeKNfWHiCPCdwtJRp4cQUxJLF+sfyOncWVW5M421NNRgAAb+IYviUnTuuHSwnBoyv44uL1ui/FDP82LGzHSD4/jOGjd7F+MVSJOfbjZ7Uxm8Sz9uNZTD6bwN1y36WEQZlkyonPcdy9eL8Un9xXv/LLSNF9+GwSw/sTeHLxPga0Yn5xBf2PgLsX15vrq5KIr1cScTmhtS6fH1bELCdow9kj1XgOX8f6xeuoJNJaG7Exnt2stQU8KkkW8CL7BzxC7SjVtf9pZ2e/wo8/jGB/4DyqX+5k8HeB/4Zn+RBehDIQm3D3FrfP/g5xnYxwQrTgQGgLL9e3AADdVw6hB1s1SZGsG3vjXfhwt5yIAcAHbN39GN2Te7H30odqwY+aEaxtfDizjb3xj9F9/QM+oAt7p7uxnajdzvvEXnRX2ii2U4njA/5zogfdhY8AxdjY2vMtAD04onkGLo9ATdx9VTPl7/rdjzE3uRe3L33AhdAW1kvPPXvlECahMWom0kbU2l5MzwETdw0SuIH3uL/+AbfPHsRw/14Yrula24uzw9048+QlLmAvzta9I9UmWgBqRwYVzw0oJa+Th/CTVoEO076cN9ATAMrhvr2Ns797gDO/vo8L+9bwfAsIaB8INnU+gDOBPB48fwuE6j/tBy6MYf2CxuOIhGT
|
|||
|
|
解决方案手动创建一个:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=err>注:删除文件夹:</span><span class=n>rm</span> <span class=p>-</span><span class=n>rf</span> <span class=p>./</span><span class=n>var</span><span class=p>/</span><span class=n>run</span>
|
|||
|
|
|
|||
|
|
<span class=n>mkdir</span> <span class=p>./</span><span class=n>var</span><span class=p>/</span><span class=n>run</span>
|
|||
|
|
<span class=n>touch</span> <span class=p>./</span><span class=n>var</span><span class=p>/</span><span class=n>run</span><span class=p>/</span><span class=n>goahead</span><span class=p>.</span><span class=n>pid</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<h2 id=toc-1>var/run/nvramd.pid未找到报错</h2>
|
|||
|
|
<p>完成第一个报错修复后重新仿真程序,程序继续执行时出现错误:"waiting for nvram_daemon",如下图所示。<br>
|
|||
|
|
<a id=img7 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240524012022.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAxUAAAEKCAYAAABkAnhtAAAgAElEQVR4nOzdd3wU1d748c/spm06Cb0b4BFDQgcDhqIicBEbRMAGePHKtVz1YqEo4MNVuV4VlOuDYAHpV2liQfmJEJoECAFSSIGQENJDQrLZNDa78/sjAZKQMhsSErzf9+u1fyQ7O+fMd845c87MmRmlk2dbFeBCbjpCCCGEEEIIYStdU2dACCGEEEIIcWuTQYUQQgghhBDihsigQgghhBBCCHFDZFAhhBBCCCGEuCEyqBBCCCGEEELcEBlUCCGEEEIIIW7IrTeoUOxx9XDBrqnzIWwj+00I8Uej2OHs5iztWlXNrL1XHNxwcVSaOhtC/OHdYoMKPbdPXcLKN0bRSmvOFTd6jJ3JgqVfsHbDOlZ/tpR3Zj/NXW1vsU2/pdVjv4kG4zTgeb5YN5/R3v/lB1X7Hkz8xxes/mQmg9ybUSz03Xhs6Sa+/fbbss/GRdzfuhnlr7E01/1Rg+vrkZ7bn1zKF/PG0EZLu9bI29t86nnzau8Vl+G88dUypvs1lyGOEH9czaDK20axKcsK3ne/wNyn/CjY9xXvL1jAO598zU8nE7lUqDZaHpuM4kqvh55j5n1d0Ne6oJ47nl7OujfvxUMB7Psw84s1vBbo3HhZuxWKmub43Uqc6BXQD6e4IxzP+QOWeRsohvZ07+KOc2sfOns0dcerAksSPy1+lb///e+8uvQ3sm72bmrocq9xfc12f1Sr+nqk6HSgMeuNu73Nq543q/Ze0aFrRtkR4o/sjz10V1zwG+SHffgXfL4jhPzytjY+pmmz1XhcuG1gIH0T9te+mOKFz23u5MQmYVJB19qHroZ0Qs8X35xsNlsa43crMfgxpJ8Tcd+E0gz6Gk1KNR5k5aJiehmSCL1gbersVGDGmJmKEdAbTJTe9P3U0OVe2/qa7/6oRgPUo0bdXqnnQohm4I89qMAJZ4NCYUoORdLQXuPQFZ9OFpJ2JWMBDJ270r7kPAnpzfzALmxm8BtCP8dY/nP8ElIFLOSePcKhps6GKHfr7I+GqUeNt71Sz4UQzUE1gwoF124jeWTCaAJ6dqSFs0KJMYvUxCh2rVnF/lQrYE//51fyqsc6/vrPvVevACjeY1mwbAJp7z/P5+Gl5f/04M4Zs3licAe83RzRmfNJiwvhh3UbCT5fdK0BVAx0HT6JyeMG07ODF07KZQqMuWRGbOPjz/aRWaGl1LW/h1c+Gkfb1u7YmXNJjtzLf1Zv5US25epm9Zm5gnn3upddmfadz8b7yr+ypLFj/iw2nLXYnK4migvdRoznngE96d65Ld6e7rg66bEUprLrw9msjTJf2Qo87hjDlEdHM7B7KxxKsogP/ZUt3/zC6dyKnXsty1XZ3tsXsmnsld+bObniORbvycdrzAL+PaPXtZ3+8hq+fflaSnPWdmDd3+fzg42DC8WlK4HjH2Bk/+50bNMSV10xxuxkjmxcwppjeVf3cd37rTnHz3gLHqwN+A/pi0PMJkIvVc29lnpetpyh01AemTSeu/w646kvID3md75bt4kDF0rKlvAcwFOvTGWYT0sM5kyi9wcT6z6Yewd0REk+yIblX3Mg1YxN7YYGmtPVd+OxD9/hkQ7lk3FKY1jzykJ+uq5y62hz19PMGN+bLu28cXeE4txUYo/+yrYtu4nLr7C85naj7vg1Ck35s6Hca2rHNa5P8/4o3xSN7Uvjqa0ega7FQJ6cP5zu3dvgYs0jKTyYreu3cSyjvK2yofy1DXya6WN60aVDKzwMeiwFWSSG72fbxu84cdFC9WrLn54Wvcbx+JTRDPBphYuulMK8LFITIvll7WoOpF2p5xrbU63HczS291rrh+Z09Xj5j2NK0Cj6+7TCYM4mISYbDx0Ya4ieEKLh2ClQoUIqGO54jPnz7sc1eidb/28tF4xWnNoPZ9pfB9Oz5dcVOhsaqQUkHtzCyr3Z5Baa0bm2p/9DT/PMbD05sz7nVPmMG0O/6cx5tifRG1axOCodk8UelxZt6OiUTm7VdrI4lWPbdhOTaUL1vJ3Rj09i1qwS5s7fQbIVoJToTXN56fuWjPzbW4zK+Jy3v4nFAqCWUpBzrVGzKV0tFE96j32Qwfnfs2bVf0jJMVJQouLo5kpp2pUOk4LB9wnmzx0FIZv5cusZTK7dGRk0mXkLWvP+/DVEFKg2LHdle1tzz8vzGJm8gkVbzpRtLyolefmoqOT89k+eOWiH27BZLJmYwyevfU1UqSd3v/EvHkz/mNfWRFBUZOOAosUgZi58hWGGs+zbuZUf49IpwBH3Vm1Qk/MrH/Dr3G/NOX63IOfeDOnjQMzG41XKsvZ67thtAvPmT8Ar+jvWv7+SVLUdAUHTee4tD0pnL+Nwrori0ok7ethx8rM5bEvrxdS50xgTv5Elb5+l2+RZPPtcGmcX/khaA18I05yuJYkf3n2FvXYK+i4PMveljjWtkRbd++PnGsPqJctJKAKXtn6MmjiV+X7teX/BWiILygKptd3QEr/GoC1/NpR7Te24xvVp3h82ti+NpcZ6VM7VA33CTr7+LoEcu44MnTCFWQtb8/G8TzmSq9qwvQqe3frT2zOOdctXk2C8jEMrX0ZNCuLV1xXemreFxOrGFbXUcxe/J5k/9z7sTn7P2qUxXLxsh1uXETz++J3c8fOa8kGF1nYSzcdzQFN7r7l+aEpXwcV/KvPnjKT00Des/DaBYreO+A4Zyzi5p0KIm8KuUhuka8foJ++n7dn1zHn/Z9KunMzP6sgl66B6JlFKRkwYGVf/TiV5dUv6LnuIgd30nIqyADo8O3XEzRjBnt3HibtcvmhyImeqWaM1J4ZDh46Xd1JiOVvSjk9eH8Kgdj+QnFLWWl02ZpGRr2I0g7Uwh4z0dK4/B2pburYoSAjl8Kl4rh4DMism25ZRj43B+/RqXlv+G9lq2XacjjPh/OGzPD56N29uT8aqdbmr26sjv3x709PTqXr8UUtLKCwtpUPLlqipYSQYCyjQdaZVS0gNSSC/sNjGg7SBvpNnMMLxGJ++uYxDFyv0GqMjrltay35rzvG71Tj3DqCPfTQbwnKpVz3XtWPUtIfpmrKFNz/aTlIpQCJJn1hps/Qlxo9oy5EdaWXLqiXkpKaSlmDixPkn6ZIeT1xiNAmH4pgyowvt9TT4oEJ7umZMFzMwAXrXAix1FHLVmERkZGxZfs/EEn46m9f/9Rem/mkvc7YkYdXabmiMX8OHRXu7pr3ca2nHta5P6/6wrX1pLDXWo3LWC7+xZv1OypqwaGLi8nFd8hKT//QToZvOYdG8vWVUYyInwyLKyl9cLDFGbz6eG8jQrttJjL8+mrXV81GPjcY7bj2zl/xM+pV6ntKa0VPuqLCc9nZSazkADe29TfVDQ7q6doyaMooWkat49bMr2xFNZKQZn4HTag+6EKJBVBq/Kx5+9O5qJWrv/qsN0I1zoN2gibyw4CM+W72O9WtXsXzhQ3S1c8XN9UryVjKOBhNlfw8vvf0CE4f1pKUNz5S+nBBPMq1p19rW0xE2pqvosLO3x/7Kx06n9cEflVfj5ktvH5XTB0PKG74y6qUj7I8w07mPP16K9uVsS9yJ9h28KEpN5pIKimt72nuYSEmu/oBZK7vuDOjnTmrwDkIu2t41qu9+a9L43SoUF/oM6YNddAjHq5xe1VrPFQ9/+neDiF27uVBhRK4WRHLqLHTu7oPjdb+yYrWCopQFVi37o57bYEt9a8B0q1CzD7P35GU69PGnlVKWlpZ2o37x06DOuNxYe1o9Le14A7vB9qVB1FKPaqLmnyQk8jJte/WiZQMUQXPiOZJVL1p6VRNnjfU8o7Z6blM7Wf9yULW9t61+1J2u4uaLX1eIPXxUblYXoonYlU1+KmsxFFc33JRiMnJLGuiysoL3iJdZNLM7F37ewqptiWQX6XHvNJwnZg6vdCC
|
|||
|
|
根据ida继续找到字符串,发现不可以使用交叉引用,大概率是因为进行了混淆!<br>
|
|||
|
|
<a id=img8 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240524010549.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA38AAAE+CAYAAAA9LKlvAAAgAElEQVR4nOy9b2wbV5bo+SuNGvsy3W7EadnqiTCDKBbVlk1MOom+DCWNEAaZjOhn2O8p4ZeV4MHAobRPeC02MIHnYYwmCHhfPyOLDbkYz5MYv8HL2MDbZaKBA4/ETQdhwyOZ/UVJJni0lBbpKJiB3C1bGwed9GZ32+3aD1Ukq4r/qkiKpK3zAwiRxct7zr11q3RP3XPOVVRVVREEQRAEQRAEQRAeajparYAgCIIgCIIgCIKw+4jxJwjCg0diAUUJF15T62WLZqNzVcsIgiAIgiDsBTrC4TBzyzu1/ToBilJ4DUVrLCMIguCEsXFUNYSqzhDx2PuJ58iB3dXJBomF51DChZfYo4IgCIIgNJOO0IwXkhecG4AJUHwQWAJVBTUDBC3GnZ0ygiAIu0jf7DSqGuL6bFdL9UgsPIePc6ihn2ov/58Qi4sBKAiCIAhC8+iga4Cj3bB9+46jH0bPAQGYH9MP9MHZAKTikHVQRhAEYS8wNv5T1PGhwoGBCSLdEFu73jqlBEEQBEHYU3TW9KssxFMQOGs+fCWm/V3Mwiw2yvTVJF0QhIecbHQOV3C7cCDgR50fcFZJYgHFl65aR2IqjC9W/HNPZIbrsxAdukDcP8ObvF3QyeMlc30EuYUJgiAIgvAg0cH6NZLb3XhHHUysMpACjrj0z1kYUoAIeIC1jM0ygiAIVhILnOIlPaYvhKr6CcTiDEUduqbbiAvMRufwxdws5WQtuQEILJndRFPBC7jWRgv6pJKccqpPEf/M2jZ4Dv5BnfUIgiAIgiDYoyMcT9PtfYmRWsNhsjDkAn8G5o/VUUYQBAFgbNwSnzfAyQCk1py5pldnh8X4NgSOkPNMZ2yUiAfSGxbDzuMlk181bIw+iYWzxOjDP/D7ddUjCIIgCIJgl45QyM+B5AXCCzVkHVgERTfqyrpw2ikjCIJgIDEVNm3lUMots366OObvhtgaibzgawRT4O63PA1zdzXUxTOx8By+NHi8P6LFeWgEQRAEQdhDdMIAo95u0sk11scHsOX86dJcN4NBWFIpPDXXXT39uqunnTKCIAhGtBg8N0vqeP6+kZgK49s1iWl8SiE2MLAUKiSp2gWyy6/oht/fcX1EVv0EQRAEQWgetSV86QO/B1Jug1EHZDcADxzTH5HbKSMIglBgXUsKZXTF3DU0t8/dNvZMrP8YVzIL7nNi+AmCIAiC0HQ6YJ1ryW26vaP2Vv10Zs8CMZjK+Utl4VRQy+7Z56CMIAh7j7xbZ9Emdwc44gHSO/ntYMpl42wUsStN2mhv/cco8Z+A+5x5ywdBEARBEIQm0RkOx3H7Q0w7zKLOGKhL2ibuuXlZYAnzE3Q7ZQRB2GPssJEu910Xs296ibuSuJQkoG25kIm8jWutUKpoK4hUHCUG0E0kM81sn50yXcyedRP05Y4bqGVriYr8C9FrP9Heps+iWNof8P+UhooTBEEQBEEogaKqqtpqJQRBEJpOdpkhVxIiM+bsovpxdzPdQQVBEARBEJpAR6sVEARBaCeyizdI0V3Yo1QQBEEQBOEhQVb+BEHYuyQWUHxWH9SC66ggCIIgCMLDhBh/giAIgiAIgiAIewBx+xQEQRAEQRAEQdgDiPEnCIIgCIIgCIKwBxDjTxAEQRAEQRAEYQ8gxp8gCIIgCIIgCMIeQIw/QRAEwTaJqTDK1HpNv81G51CU2n/frthpV91tzy4zpIRRhpbJskN0KIyizBHNVvvZEMpclCrFmobo0xwSCwrKQmLX6s8uD6GE7cso0qfG8SwIQv10hMNhwuE5lnec/zgxBYpSeE1Z7wEJ8/f515QzOVOl6rAps+h7242rXk82Wlt7cthtV9V+ttukNjtfjWiXLVll2rUrY6NcHw7heHLRrPPV7HaVZ52pCpNjbfK8QCOnM4mpsDYhN7yGojXcDKuit82qf2LhAZ/w5CZtllcVA8dz5ECT9GsudtpVc9v7unAXHTxAf8UtSRK8lkwRGJ2lPXYuEX0eNjwHa9wQtabxXIb1Kc0Q1V9Dyw/sDVUQmkJHKBQiFHoJri3jZMqTmAIfoKr6awlivtIT6iXVUE4Fdd6ZkvPW3+vyANNGzIkpUHxmefNjzmTZqicLQwqcAiIe5/U7aZeTfq7WpnY6X41ql92xUapduzI2yshSr+NoctHM89XMdlVmgJMBILZWwsDbYTG+DYEj1HDaKuPxklFDqGoIdclNKnih9gcD1UR57nBuV4zLFhPwa/2nhlAzXjyxeEkDsG92GlUNcX22qwVK7h522tWwtru76KOL/uKZczHrV4gR4ORAfSIbhujz0NA3ch01pHJ9pM7/AE7GcynWp1DiMQJ+FTWkos5EIOkSA1AQKqC7fXYxMj6Ck39JY/OWSeaYZgjFrjRSvfJEzwEBChsxJ8AX0yandU0ObdQz5QJ/Bq7P1iOoNNZ2Naqf2+187aY+RWOjUTRqjNmgqeerie2qxthJN5DmitX4yq4TT0Fgt2dpY0cIALEru+OW6PYfhfj6Q+diZqJvhDcj3RC79gCvaLYjBzji6GFjlui1GB7vqy2/rjVEH8GI0/EMOQ+KwsM57RziXmI+96+ha5azbkjdWCzcZ7PLDD3QHhaC0FgezJi/BARTEHnVcOgKeCL1T17t1DOv7oJhASXb9VDQzHbtoqxGjbF2o+Ht0lfGy62e5WOfSrkIljG+sos3SOHm5JjNekBzqRxaJpt3udRezlb1dLdGS93muDetzFB0x6zT0HKxkdc/gJ8bLJaahJRzAdVjY/LuqDbbVbF/cnUkFgq65mJwSrqmFurxxar3Wl+/xbXRUoed2Lh63G+rjo1SOpVxKTa7BlvOj512OWh7ZbqYvR5C1We5Y/MhVHW8/HW7s0h824N/wPDPan0KJTxEUdfuRBmyuMvlY7pyL2ts1/qUHiuXYMpQrmzzSuljq54s0bli+eYYMq3M0HLWrHelWL6S+tiox24f2uyfiv2cqyPn1jgXJavLUcJT5vFqcX30pcs1vBw2+9Aip2zMX1V9HI7n7DJDSpyYx8uruUI7i2gOIcZfJbiSBrbjLObOUd8Ib0Yg6HJ6/xeEh5OGGn9rKfAcaWSNpYmeAzxwzHDPvhIDd78lBqyGeKRG1VMLpdpVikb1cyvP127pU0mWr854v1aODdi989XUdiUWOMVLBRdB1U8gFjdM9Eu5fpZw+axaj04qiUuJw5JWLhPpJuYrHzeYjV4jRjeRV52vMKaCF3CtjRb0SSU5VTRD7GL27AGCr5WYIY8dIcB20Xc5w/es0V2wWrvs9E8qievcQTIZL57UDU6dus3ZjBePceU1sYDiu0MkE8rXtRSo3hfZjTuY4nfGxvXfz9TlKm8LO23PLjPkSxNYChnKWSeemnHtSxvcgtWXYNH4sMJGu5rZdgOJa0FS3X6OGV16Bk4SIEXwmvkKyK7HSRHgbM6Fb32KU7ypudGFVNTQEoG0r9iVbjuIK+wD3eUu4/UQi0+VNqJL6VNDPZVIJV24bp8t6Lwd5FQZ979K+lSsx24f2mmXnX7eDuK6doTMTATPdpxTb69xdiaChxj5Z2TrUyjxNJEZNV/XUo1ulKmkC9cNP5mQihrKECGIy2jgDczrMjJEustU0kB9QH+Y40pCZAb1+kgh1ODOGik85MNod6IMhX3gjeAhxdqdQh19s9OoS25ivocv4ZQgOKVhxl9iCmKA/1jxdz5LkoihaB2CsmjuX2eLY41iPjhpiEeKAK4akl80qh5HVGiXkUr97IR2OF929alb1pg5Ti0T0c5xLe2yOzasfVhzEhad3T5fTWvX2Lgl5kkz9lKG/9JFrp+lXD5t1JMjsBTKxy/2HTuKhztsGOeDqSQufVXGFTzAkjpd28q+x0sm73tUXh/GjhAoGdc4wKuR7uqGr5122eyfwNncRGo
|
|||
|
|
根据下面的字符串"goahead.c"的交叉引用找到了目标位置!还可以通过动态调试来定位!<br>
|
|||
|
|
分析发现原因,这两个字符串是通过偏移来定位的,还发现个问题这里的fopen的第二个参数是再调用fopen后才传入的不理解:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=n>li</span> <span class=p>$</span><span class=n>s3</span><span class=p>,</span> <span class=n>dword_480000</span> <span class=err>#</span> <span class=err>定位字符串的基址</span><span class=mi>1</span>
|
|||
|
|
<span class=n>li</span> <span class=p>$</span><span class=n>s2</span><span class=p>,</span> <span class=n>aEttimeoutDocum</span> <span class=err>#</span> <span class=err>定位字符串的基址</span><span class=mi>2</span>
|
|||
|
|
<span class=p>...</span>
|
|||
|
|
<span class=n>loc_45C72C</span><span class=p>:</span> <span class=err>#</span> <span class=n>CODE</span> <span class=n>XREF</span><span class=p>:</span> <span class=n>setDefault</span><span class=p>+</span><span class=mi>98</span><span class=err>↓</span><span class=n>j</span>
|
|||
|
|
<span class=n>la</span> <span class=p>$</span><span class=n>t9</span><span class=p>,</span> <span class=n>fopen</span> <span class=err>#</span> <span class=err>传入要调用的函数</span><span class=n>fopen地址</span>
|
|||
|
|
<span class=n>addiu</span> <span class=p>$</span><span class=n>a0</span><span class=p>,</span> <span class=p>$</span><span class=n>s3</span><span class=p>,</span> <span class=p>-</span><span class=mh>0x3124</span> <span class=err>#</span> <span class=err>定位字符串</span><span class=s>"/var/run/nvramd.pid"</span>
|
|||
|
|
<span class=n>jalr</span> <span class=p>$</span><span class=n>t9</span> <span class=p>;</span> <span class=n>fopen</span> <span class=err>#</span> <span class=err>调用</span><span class=n>fopen函数</span>
|
|||
|
|
<span class=n>addiu</span> <span class=p>$</span><span class=n>a1</span><span class=p>,</span> <span class=p>$</span><span class=n>s2</span><span class=p>,</span> <span class=mh>0x4CDC</span> <span class=err>#</span> <span class=err>根据偏移发现地址</span><span class=mi>474</span><span class=n>CDC</span><span class=err>,是一个单词的字母</span><span class=s>"r"</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>这里就算IDA的伪代码了!<br>
|
|||
|
|
<a id=img9 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240524011822.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA1EAAAJDCAYAAADq7J6OAAAgAElEQVR4nOzdT2hjV57//beGDEwW/ZAKsgWpTSqxiqisTT9Tm5EjDGqaxi6aLlC1VgnZJLbA/LA2Ic8ioFwIJCEbeyFadrIJyUpdgmpCWTRNCzxKaVUzvZGtIVYn2VSCbJGkyCI/mMB9FvpjSdafe3Wv/rk+LzApSUfnnHt15Zyvzznf6/nxxx9NZGKq1SrXr1+fdjfERV9++SU+n2/a3ZARVatVfX6XgD7Hy0Gf4+Wgz/Fy0Oc42FP37t2bdh+eKP/xH/8x7S7IGOh7JCIiIvLk8JimOZGZqMePH3c8fub97ybRrIiIiIiIiKuemmbj5nsvTbN5ERERERER2/5l2h0QERERERGZJwqiREREREREbFAQJSIiIiIiYsNU90S1qxXSpPJVCMZIRgPT7s7cap3HhmAsiauns5zFyJTOH7v1eeWyeNbhwIyydt4Ym54MHCTZWxvwXhERERGRCXItiHIrCPItLjjpBOlUngW3A4dRDepP47Vqx5M+Iltxwt4R2ytnSeUhspUcvY5hAlGSyShQo5BOke9Xzs5nUSmwsl4itLNFZ6wU4M0dH/51Q4GUiIiIiMwM50FUY7BMJEbEl+k/qB7CG46TDDvuzdxpnymqFdKkUgZHkS3iI0RB5eMS+CIExhVAjUWZTX+e4kYMc/tix5e245yQxr+e5XbHLJWIiIiIyHQ43BNVJps6YnkrSTzsYAZJgHoguRXxUc0fUh61kgUv8xRDVXYP2SfIwV7/6aql7VU2KLG+OfJZERERERFxjcOZqADRpMN1c0P32NSXjR0tb3GHu+f7fXwRtuJhvFzcB1TNGJzXGCSWjGKrl9196lXHgH476Y83sIwvn+e4HCXQLOTSPqTufnXW01iet9BZdzlrkMF6e/aOvcyHiSqhnTtDZpjqy/r2E8fk9gKajRIRERGRqZp+YgmLe2yq+RSpYIxkMgCUyRoZ7hYCxMPe86WAbuyJqhVIZ0qDEzKUsxgZiCWTjYCg3h+jEWy40Z+zWg3wDm3rYsCXwWg+bAs0KWe5yx2SyeY8Vb2e9OJoSwf7sXXsuWP28bFza3j7S7eWCSXy3MtFWVMUJSIiIiJTNP0gyipfhK3WaDzAjSBkTs/A7cVrZ6dU8bHcd3VijcJhCV9kq21GJcBqxEcpf0w5GrA369XN62UBOLPaVisIHTJrFIgS73xifOfQosqXZ8AC15csFF4KEAvlyXxZg7V5WrAoIiIiIpfN/ARRk9rrE1gl4kuRTxnke2bLO+O0CtVqCuPCtJkL+8JqtUYA5X5b5axBx6QVQNB2Ne4KLeK3Ubx4PL2gT0REREQE5imImhgv4XiScHN5YZ9gyvX7LzWdnVIFgl4vzfkoN9qqB1Cde5LqM1dTVjzlBLAyGQUQuqEEJiIiIiIyXQ6z811m9WAqmdwi4quSP2xmhltg0Qel4/FkimumKV8NuNlWmeMSELxhc6lhjdrZ8FKjWrpeX7j4ZcVC4UqZTBGC1zULJSIiIiLTdbmCqMZ+IncDnPqSuvObAHsJLPuglCE7rBmb/anPFvmI3Gkkg7DT1kD1YIyzGrWOtjo622jruJFevTETV2U0Vo597QYbVMncr/Uv01C5f0SRILeVVEJEREREpsxjmqbppIKe+2wAupbAPX78uOPVZ97/DvO9ly6m3b7wfpuptxtZ4c5rtJfivFd/fD1uftuz371Sj/frz4Xn6cymN0JbAxNLdLXnizRSxp+uXkxzXu1fZvjnZeHY24rkNg3W94McDLyRbo3dlRSJYAxzwP2kREREREQmwXEQZVW/IEqedGU2PRn2N/oHSJXdNP7EwpBAS0RERERkMi7Xcj6ZQwH2TiKE9jOs7PZY1pfL4k/AzokCKBERERGZDQqiZPqWwjw4CFJMHJLreKHM5nqJjYM421bT94mIiIiIjJmW84mIiIiIiNigmSgREREREREbFESJiIiIiIjYoCBKRERERETEBgVRIiIiIiIiNsxWEJXL4vEYeDwGm7nhxUVERERERCbtKTcqKWcNMqXzx8FYkmjv+6b2Vymwsl5i4yDJnm4IJCIiIiIiM8pxEFXOGmSIkUwGmk9gZAywGUhV7h9RDEX4RAGUiIiIiIjMMMfL+QLRJMn2aCmwSsQHpeOy06pFRERERERmzmztiRIREREREZlxYwiizjitgm9xwf2qRUREREREpsz1IKqczVDCx3LAa+NdNe5nqoRiAZbc7pCIiIiIiIiLXA2imln6fJE7hC3FUDV2Vww8nrvwSZIH23YCLxERERERkclzLYiqFdKNAGqLuLUICvCy/SCJad6B1ww8m0pGISIiIiIis82dIKqcJZWvQjBmI4Bq5+VWzAelGhVXOiQiIiIiIjIezoOochYjU4JgrDPVuYiIiIiIyCXk8Ga7NQqHpfo/SxmMUuerQZs33BUREREREZl1DoMoL+F4krA7fREREREREZl5M3Oz3aVby4SKeT7MTbsnIiIiIiIi/c1MEMVSmAcHQfbXDTweg00FUyIiIiIiMoMcLudz2VoU04xOuxciIiIiIiJ9zc5MlIiIiIiIyBxQECUiIiIiImKDgigREREREREbFESJiIiIiIjYcOmCqMpuGo/HwLNZnnZXLJvHPrer7IJnBSoOywxUBiMNtVHfLyIiIiLiEufZ+cpZjEyp7Qkfka04Ya/jmh0J3VgY/c2VAiv+PMGDJHtrDjphsx5HfZ6iDxOwcQBLDssMUnMaPZXByJw/9EUgrrtEi4iIiMgInAdRgSjJ5Hla8lohTSqVhikFUkvbccztybfrxDz2uSUH+8DBoCDRSpk+ylloj9FTBgRjEA3YqaQeQLXeV4N0CtIokBIRERER+1xfzucNrxKkyumZ2zXLLNp9F0I7MCg+slKml2YAFUtCLFifPUombQZQQOEQCLa9zwurQageaXmgiIiIiNjn/s12azXOgIkvTMtl8ay3TVlsxDD32kfbNXZXUmRiW3zCXfyJav3pUISTB2GWqO9Naj0PFNcN9luPghyYUUuBgOV6hvU5l8Xz7iInb5/iXy/V+/oJvObPU+zuz9Dj7+xbaGeLB9sOpworkClC7BOHZfo4LtUDpwBQOIOFG30Kdi3Vg3rgFQCowVEVgqsX6wYo15j60lMRERERmS+uB1HlwzxVX4Q7NmcLHFuLYppRmsFSok+xYiKFfyOGaQaAMpueDK/tBniw7T1fVudwT5Tleqz0uZjH/26Ek5MIr/mPeO21Bd4+ifCuP8+9XJS1NRoBFByYyUZQVT8uD70DKbfkPoRiCD4ZsNHJSpl+Fn1QykM5DKfVPoVqkM4MWOJ3BlVgeaGtfAoWIuDLU58xVRAlIiIiIja4E0R1JJfwEdkKz+64NBThpBVYBLi9AfvHsz2S3ng7zBIFoAqxO6wtnXGv9WqN3XdLhHa22mbJAry542M/cUxuL9Axe+bm/qt7+8OTRVgp0084DqcGZIz640iv6c3uIGmQRgC1vAVhIJ0foVMiIiIi8sRzJ4hqTy5RK5BOGRxFtojP4jqpoHfkDHHT4eOG//xR8LoXaN9wdsZxEYrFFJ4LU1njW1RZ2R2eLMJKmWGiSYg2gp98CvJAZKttCV4AIr4+r7Urg5Fve12boURERERkRO7vifKGWQ3myRyVqYVneEbqktlwmo7dpvuZ4ckirJSx5AyqPtiKQzldD5i8zT1P1GeswkAh3SOYWgAfkM+37ZNq1onFGSwRERERkTaX7ma7T54FboRg/94Eb9TbTBZxy2EZi2o1YKG+4DKw3L9cOF7P3hfxQf6w8aQXln1AsC2Aatbpg4CifBERERGxyf0gqpwlU4Lg6hzPQi15CeJCYOJWPQN5uRXzwX6Gzdzw0rlNA4/HwLM5ep9yH0JxA7aHJZQYUsaqs1PwLdb/fZjnQkDU7bR
|
|||
|
|
解决方案继续手动创建文件。</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=n>touch</span> <span class=p>./</span><span class=n>var</span><span class=p>/</span><span class=n>run</span><span class=p>/</span><span class=n>nvramd</span><span class=p>.</span><span class=n>pid</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<h2 id=toc-2>缺少二进制ip数据报错</h2>
|
|||
|
|
<p>继续运行发现有很多东西不存在继续创建,再看下最主要的报错是:<br>
|
|||
|
|
initWebs: failed to convert to binary ip data,缺少二进制ip数据<br>
|
|||
|
|
<a id=img10 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240524012230.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAwUAAAFhCAYAAAAhnwYcAAAgAElEQVR4nOzdd3zURf748ddnd5OQHhJ6l6IYCB0NGIoeAocoLRQL4InKnf1sCAr441QsZ+P8IjZQ6ilNFBFOSmjSQgIkIaEktHRISDabAsnu5/dH2u5mk3w2JBLk/Xw8Qsh+yszOZz6fz8xn5jNDa9+mqqYfv5IfjesCFX48gp9XFy+dpf6loWK7TNdCHfX2CvXbmX9RA5TyzxWvwerMFUvUp3u7lKzXXL1v3jJ12dtj1DYG6/XuVJ/7aoX69qjmqg5U0Ku3Tv5UXfXlP9SebuXr6W+drH668j/q1M4G5+KHXu089f/UFW+PUpvryj93DXpcXbjyE/WhDvqy9TSHq2upjnl3hfrJQx1UvYO4VPWjBAxX5674XJ3WpThcXcvR6vzlH6kPtterKA3VobOXqwv/FqjqQW0Q8oq6fMnTam8Xu334Bqnjnp2h/vPBPmqAzrnwy370ndRHPl2mzhjkqSr6W9QJHyxT3x/fVtXjqvZ7cZn6+WNdir+brrl6/7+Wq0vsj2/DQeor36xQ549pVXLctP7o1Oaj3lZXfP64GuRa1Xouaq+nFqsrZt6teluHGzBcnbviS/XJbqXHw13t+fdF6qrPX1DvaqSrYn+O84Fbj+nqohXvqmNaVrVtFT9KI/Wv/2+F+sUTQaqhmnX1HR9WP10+T72viX0edWI9zeeRxh9nju815PuK4Wq8bjiTflripzn9tOar0nzQVB35rxXl580fkM76To+on65apD7RzbX8s1snqwtWfqo+0klffZzlR37kR37k50/zo8OeYvd/xeoztcLajjlaT/Gke7/uGGL3czjLdgXFO5Cu7eDEvoNkVhGG4htErw4QtWUrF4qsgsuN5uhpaNOxPW4AmInfu58U71707+pespYLt/a/k0apv7P7VJGDnVcev8oUnk0gUfWnkX9pMtYg3Gq50rzvOJ6e8yGfL1nG8qWLWTh3FO0MXnh7VTx8YMFiAUUpPmhq8R8V1lKzo1j7n/f4eFU4GZYaRMue+Sxbfj5GwF9G0M3ddpHiHUi39irH9+wnwypp1csH2BVVSJvuQfhXjGIVLKQdDCPG5R6ee/Npxg3oTCM3p3Zgy9CR3j19SA7bwP5LzifG1TPxJNKE5k0cHY/6R/t5pHF/tX58tYer5bpR6+FqTb9rzFcVwq2DdDYn7OH3JB/69Lu95JjraBEURMDlIxw+Y77mOAshhLhxGBQU1NJSvILjAr2zN1wHNybFozvB3QzELo0g225/ipc3XkoB57PzqwxK8fLGW+dKl78vYvl022U6vQE1zgdPBfJVMJ8NIyxhJKNCuuFx+AB5boEMDPYlYeMOHN3rqopfZdSrV7iCDr1VWdDZcKumEDDoeeZN78iFX9eweN1ZMvL1+LQeyMPTBzpK5utIJXv/RnaPn8Ff+69np9USxcsHL/JJyL5it00h2ZdzobUP3jq45ET6WFJ+44MZydzzwEiGPjqH0GkXid71C2vXbSMuy8mEVrzw9lS5nHGZmhTd1Cv5FOCCq2v9OiKVceY80ra/2j++2sLVdt2obZrT7xrzVcVw6yCdzefZGRbP/aNCCFp6lPCCAIK6tSTnyDJO1+QZhhBCiBuWAQUUFFBBVcGmBqBS3lJQZWndarnDdRU8egTTTR/L0ojsCotVkxGT6oavrzsKOZUGpZqM5FhMHPhmHj+cqHjHUq9kcbl0Y0squ7fHMG7yIPr6HiQ88G7ucIti6e40B/uvOn5OcSrcaig+9AjpgVvkIj5cvpvc0h2kNGboEwMdb6NeJelIGHuzL/+hBSUArp5gy5YLvDtkEKcyraJkysGEO34+boD1cTPg4+cBJiOmGpSaCjNi2LIkhi3Lfbml12BGhj7EnLc78emshRzILm4NKyoqggbuNAByKtuRasKUq9AqoCE6snC67KqCWnwW1T1VxYLiqPFH83pOnUdaolRHx7f6cLVdN2w30ph+1YSrKf2czlclrXw6x3mpbtLZQtquzUSOeYJ7gxsScaQ7PW/J5tDqOAqd3ZUQQogbmk6HUlycUawf8Cvlv0p7GtmzvmvZVwjs72iKJz2Cg9Ad30+EseLOVGMMR+Ih8O7BtDBUHlk1O5ojCa507tocU3ISSUm2P8mXcq1uvCpZ+7cRXtiNoXd3Z/DQXlzd/z8OOmoGqCZ+znEiXA0UANVSUmHTIp/YX75m+Z7kKp9OKr5dGfPMKzw/sVctdu2wkLpzM0cbD2Jw+/IDqebEcOyMjsCQOwmwCkvx60tIkCuJx6JtukM4rTCbMwc28Nn8VZzwCyaki2vJAjNpSWnQqhPtParYviieyGO5tBg0kjv863cXIDUvl3zFl4Y+VcdTzc+jQPHGx0EXM+fOIw1xquvjW1m4Gq8bNttoTL8q96E1/ZzNV2oeOSYLng0bOuy+VVfprBoPsWlPDl2HD6H7ncHcajzI7yekSiCEEDcbg2JVklcVFUW16k5UGfvCv1rJ79LVvXrSL0jH8W8jcFjmVlPZtuwnQt54kNmz/Fm/JYILRhW3Jp3wV8BYup4lla0rNzNg5lPMe6UDm3ZHcz6zANXFi0ZN4UzYYZKsSjNq7mE2bU/nrTHP08qQzIbFUeQ7+jrVxc9JWsOtfkdGjh08jnnqBKY/UMTmY0kYi/S4N2mDnwIXaxxDhcYhExg/sDMGc2OS9h1hzfnaeZSr5hzif/se4o1hCpdLP7SksnXFrwycNZVZz3iyOuw0Jo/2DBgbSq+crby/OdHJ7hUKAf0fJrR1GhHHTpOaVYClgT/t7+pPG1LZklL6FFUl/WAY0aHTmPLseFw2HSOtQIdHi7b4KpBStr88Ir7/ln1vPs0zb/vT5dcdRCZcxGQ24OnXFD9TBDuiMv/4lhcHLJfiiTdOIiR0NCd/Ok6eVwsa5UYQFm3bMmS5mECCaSIDxo7g5KZ4Cr2a4WeKYFdMFqqT51H1kart46uR1uuGdVQ1pl+VNKefs/kqn9Nx59BNHMNjIwrYnpCDzqcFDXPC2R1rLD5udZLOV4n7ZSMnBk/k6fFuZGxdxUmpEwghxE3HoEfBAlhKbk2qAqCgqGrlT6etC/8VWgWwqxQoePUIJkg5zuIIY6U33oJTq3lrbhqjxw3j/ifvJcBLT5Epk9S4cOIult7qVPJjVzLv/6USGnovDzw5ggB3HYW5maQk7GTpvgiS8qxDKCLht1+J+evjtI/4hW2Jjko62uLnHC3haqGSvnUB7+gmMeHeR3k51BcPg5mCXBPZ545z9nJNi1oql2MOcjyzLW0vHuJYWm0W2a4Su20niUPG4mkVXn7sSt56O4NJE4Yx7dVJuBWkEx++hvnf/0pMrvOpri804xE4gmlDA/DxdIUrRtLPxbDlk4Wst3p5Q724nf9734Opjwxn2oxxuOuKyDdmkBYbyanM8u9tubSXz16/SMz99zHonkcYMNEbF0sBxvSzHN0YRxj1o1JAYQxrF/1Ik0dH8OwbYzEbkzmyOo6d9oXawijWfrmRplNG88/XXSnISOTo+hPsjslCdfo8qk7tH1+ttF03rGhNvyppTz/n8pWFlC2fs6jJ44SOfY7+3gYKL5/jwKrj7Ik1lh23ukhnNT2MNWH3MXtIMhvCzjjfhU4IIcQNT7nVr7VqxoIFFQtqcSuBSvWtBQ73RlmF4EJ2WslnPgx85T9MYzHPfrCzVp7E16r6Hj8hhKhzbtw2eT4vN1nHyx/t0TzYghBCiD8Pg0HRYVFVFFSb3kA2oxJVxv69AgctB4pPT/p1gehvIsiphzea+h4/IYSoE4o3zVp5Yi7yoG3weB4bmMmaufukQiCEEDcpg6Jl1JTqhiq1HqHIruuQT89gAonm60hT/eh+YaO+x08IIeqGEnAHU+c8RvcGeaSfOsjad1awPVk6DgkhxM1Kud2vrVqIGXNZ56
|
|||
|
|
根据字符串锁定位置:<br>
|
|||
|
|
<a id=img11 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240524014942.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABK8AAAI8CAYAAAA3JogzAAAgAElEQVR4nOzdf3Db933n+ecXpJ3EkumkIQVHbXq9CakaFK5NdNdNAi7NOcz9Qyqd0w0Typd2483YgTjl3ZDpVmvLUQzjbFmJ1L0FM+aVYpXL+o/t2DjzRns9kXP3B3ZoVmjc1E42CxEqib3rJj07INFupMhJbJH83h9fAARA/CaI75fk6zGDEb9ffL7f7xtffAR+8ebn8/4aN77//5pk+D75G4iIiIiIiIiIiDiFy+4AREREREREREREylHySkREREREREREHEvJKxERERERERERcSzjC1/4Qq7mVSQSsTMWERFHGBkZ2bZOn48ictDps1FERETs0p696Ch1QSIiclDlfyHT56OIiEWfjSIiImKH9nJPGOduFSybFx/R83pez+v5A/F8NXbHp+f1vJ7X83Y9LyIiImIHwzRNE6y/nv3pn/6p3fGIiDRNKpXi2LFjdW83MjKybXSBpsZIKywvL+N2u+0OQ6Skr3zlK/psFBEREVu05w/5TqVSNoYiIuIcmg4jdtHvYnEyfTaKiIiIHQzTNM3YD/4WgOP/+UdsDkf2klQqpREC4miNjrwSsYtGXomTZX/vP/TQQ3aHIiIiIgeMy+4AREREREREREREyilbsF1EROC/ftPkZ3fvwS/uwS/W4Zfr8N46vLcB72ce9zbg3iasW48H7zP4t8+pyLGIiIiIiEgztBvnbnHj9AcLVv63Kw9y9931ur6sHW6Hf/OHR216GbIXqZ/JXvCzu/f45O+0ce/OJvfubLJ+x8W9Owb37pis39nk3p117r13j/V317l3+x7mmsnPfuMDdoctB4w+T6WVjHO3dBdCERERaamSI6/uvrte95e1u/qyJnVSP5M94Rf3uHdnk5uvmvDz9+GXv4T33oP334f1ddjYgM1NME3rkQJ+fdPuqKUBP/7i73L3PyQxDLNiO9M0OPyJbj7+Z3/eosiq0+epiIiIiOxnpacN6svanhGNRrl9+3ZNbR966CH8fv8uR1QH9bMDY2/303X+2cOH6B2HDT7Eu+9vEPrXP+RnP3+Pe/fusb6+XvjvR9dZX1/n0a/+kA/e5+L/vvRFu1+B1ODHX/xdzF//GB3eT2A8cD8AhssoaGNuWkmt9Xd+wvpP3+XHX/xd5ySw9Hl6YOzpz1MRERGRBpVJXjX2Ze13n/shH2g3eO3851r8Mg6maDTKgw8+SFdXF21tbRXbvvvuu7z33ntEo1HnXMiqnx0Ie76f/nIdA9jIe/zs5+/xv459pmTzTRM2TNjYhP7/4U9bGGjjDMNK0phm5RFH+/X4AHf/Q5KP/OP/kl8svwH3t4ORuZ9J9rfkeuZfcxPeX6f9136du//n63aEWpo+Tw+EPf95KiIiItKgdvPiI8R+8LeFaw/Al7VSPvzhDwPw05/+1OZIanP79m2OHj3K3//93+NyuXC5St88cnNzk83NTQ4dOsTa2lqLo6zgAPQzu/uU3ceHfdBP31vHhdU/N4H772/j3r17AHxp7A/p6PgwHQ8+REfHh/nKP/29XB996IF21tfXt+0um6gpZmfixjTNsnHtteM3en4Nw8Tc/AV84H6M+wwe/PQgP/+b77Lx858B0PaRB3ngNz/Dz96YxzRcuA59sOr0wpbS5+m+Pz445/NU9a5ERESk1UqPvGrylzXYuujLl70ArPRcqf3Ue+GYv/+f/vSn25adpJHX197ejsvl4ujRo/zDP/wD77//PgD3338/v/Irv8Lbb7/N5uYm9913326E3Lgm97NS/QjsfY+L+9t+OH7x/mo9v3u3n27gwuqj2b6a7X//yx9/M5MEMAqSARumwcYmuf6cL5uoKU6mlFon9dvR+b2v3UpcfeYkH/3cV+j47Of4yb9+DoCHf+857uv8VTBc/Oy716HdYTfr1efpnj3+gfq9LyIiItKgMsmr5n5Zg8JEVfFFWvaCMH99Ixdz5RTvv9Tx8mPcS7J/eT169Cgej4e7d+/ywx/+EIDf+q3f4vDhwwC8/fbbZf9Ca5sm97Ny72sz+9JBV+r/aS32dD99f6MgKbDBVv/L9tH/8exZDh86zOFDD3Lo0IMcPvwgX/ny75dN5ouDtcPPf/AXdPyjIe478qs8/E9eAOC+X3Fzb/X/4+c/+AvrN6eNI9VK0ufpgbGnP09FREREGlQ6eeWAL2uVElr79eJ5J69vdXWVj3/84xw+fJhPfvKTADzwwAPcvXuX1dXV3Qh35xzQz6R2zfh/t1f7qUHppEA2GfA/f/NyLhmwvmklBzbN8sn8WhRPfys1kqjU86XqR1VaV0sM5UYs5e+jVJtK21c7frXXX4+6RrUZLjZ+eZt3wmf52Ff/Bfd1fQyAe2vv8E74LJuun8N9DkwI6PN0Tzpwv/dFREREGtRunLvFjdMfLFxr05c1O9UylbDcdKn8Ohj5F6KV9tVMLpeL9fV13njjDT796U/n/up69+5d3njjjVwbx7Gpn1Wb9lbL+1zctt7RSNX6R7X+WGn7asdvdNpfKfVsu2f76b1qSQH4w6e2JwX+6ZcqJwUqJWeKky3FbStNiytVP6p4Xbntyx2jlml4lZartS0+fqXjVUp6lTtndSW+DBd8yIXRtn26ldFxH2y0W53AYbMG9Xm69z9P62H356lx7pbqXomIiEhLlb783qUva3YqTiyVmzJY7kK10vSJcnUwqu0zv81OuVwu2kvUYLn//vtz74njEgO71M8qfZmoNu2t3ve5eF257csdo5ZpOZWWa5luW0t81Wq5HOx+ullyOlb+9KtvvPjHuWTA+uZWYqBSUqCehEqra2EVJ4+K60iVSi5VSk6Vq0PViFr3US1ZVknb4Y/w8Bef476uj3Fv9R0A7jvyMR5+4kV+8mfPsXH7P9UXdCvo81SfpxmO/jwVERERaVCZ5NXufFk7qFrxl9gPfOADuVoXd+/eBeDw4cN86lOf4oc//CHvvffersdQt13qZ/Wc71ZPPy3+slOcTK1Wi63a9juhflrG+mbuLm7Zvrq+vs6GCX/09D8vKIT9353+J6xvWn11w6ThZH7xCKNGpt3tdc18fXUlz8xNHuj+DPd1/Srv/+TveOeP/xkAH/ujf8H9D/8aD3R/hp/99XVw2t9p9Hmqz1P2wOepiIiISINKJ69s+LJWTfavmPn/2nGhvNv7bvT1ffSjH+Xw4cPcuXMnN2Xg05/+NB0dHXz0ox/N3XnIUWzoZ7XcbdLOu1m1QrNeXyN37dyr/dSFlaswsD407927x8YmvHjh8rZkQPbfzQo3sKhFtZFD+/3OhLa9PnOTO6//H5jvvsfPf/AXbH7glwD85Fv/nAc++Y/52Zv/F8aHHJg41OepLXby+g7k730RERGRBrWbFx8h9oO/LVxr05e1ahq5y9luHb/UczstKN/o69vc3ORHP/oR9+7dI5VK5dZ/73vfw+1288477zhz6oBN/azatJD9eDOAfLt1F89q9mo/ffA+g+E/ilsdL1Mk6H6sES3ZPhr8+h9tm471hf++8WnUjUyxq7RNI8XRK00TLDWSKX+5lmmG9cRXyz52yjQNzHd/Cetg3GdYSar7DIwPWbWvNn/x89w61sHl+gCm6aAklj5PbbHT17dXf++r3pWIiIi0WsmRV4fbafmXtWK7MbKq2XcqdMJdD99//33AqmuRvVjN1sDY3NwsuIB1WmLAjn7WyHtWaZtGivlWmtZSqo/mL9cyLaae+GrZR6XYarWX++m/fW77l7TfGf0eG5vw4Qfa2DThX17+l9bULHOrO5ebjpVN1NST0Ck16qpSwfdS0w4Nwyhb1L34+eJ9lIqz2tTGStvXG1+5GErJP7/1bH/4E928v/wfMT7yIVy/cgjaAMOwCrgDPLAJpgkbYGx8gF987wcc/kR3TTG1gj5P99bn6U7s5c9TERERkUa1g/VX2nz
|
|||
|
|
报错原因:nvram_bufget函数无法读取lan_ipaddr,而nvram_bufget是从/dev/nvram中读取数据。</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=err>知识的拓展:</span>
|
|||
|
|
<span class=err>在</span><span class=n>Linux操作系统中</span><span class=err>,硬件设备也被看做文件来处理,</span><span class=p>/</span><span class=n>dev</span><span class=p>/</span><span class=n>nvram是非易失性存储器nvram设备_</span><span class=err>(具体概念在</span><span class=mf>5.3.2</span><span class=err>章节进行介绍)</span><span class=n>_</span><span class=err>。</span>
|
|||
|
|
|
|||
|
|
<span class=s>`/dev/nvram`</span> <span class=err>提供了一种方便的方式来访问和管理系统的非易失性存储器,可以用于存储系统配置、启动参数和硬件设置等重要信息,是其他硬件用来存储信息的地方</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p><a id=img12 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240524014114.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABDcAAAIPCAYAAABntDUtAAAgAElEQVR4nOzde3Rc5Xkv/q+uvoDGhHA5bhIU3NhDBDImy8IkOTHNgaVEDaa11wwSxjGNFSskRHGaQwqpluxl60xq1snpsq2YUjWiieoQiRnsxv4VHU9C+QEtBZS0sgRKxgJhOWUZXELiwcayLrPPH/sy+/Luy9xn5O9nLa1lSzN7v/v27vd99vs+u0ySJAlERERERERERCWqvNAFICIiIiIiIiLKBIMbRERERERERFTSGNwgIiIiIiIiopLG4AYRERERERERlTQGN4iIiIiIiIiopDG4QUREREREREQljcENIiIiIiIiIippDG4QERERERERUUljcIOIiIiIiIiIShqDG0RERERERERU0hjcICIiIiIiIqKSxuAGEREREREREZU0BjeIiIiIiIiIqKQxuEFEREREREREJY3BDSIiIiIiIiIqaQxuEBEREREREVFJY3CDiIiIiIiIiEoagxtEREREREREVNIY3CAiIiIiIiKiklZZ6AIQERERERE5kSQJc3NzSCQSSCQSkCRJ+yEqdmVlZdpPeXk5ysvLUVFRgbKyskIXbV4pk1gjEBERERFRkUkkEpibm8Ps7CwSiUShi0OUdeXl5aisrERFRQXKyzmpIlMMbhARERERUdGYm5vDzMwM5ubmCl0UorypqKhAVVUVKioqCl2UksXgBhERERERFVwikcD09DSDGnRRq6ioQHV1NUdypIHBDSIiIiIiKqjp6WnMzMwUuhhERaOqqgrV1dWFLkZJYXCDiIiIiIgKIpFI4MKFC8ypQSRQXl6OBQsWcBSHRwxuEBERERFR3s3OzuLChQuFLgZR0VuwYAEqK/miUzcMbhARERERUV7NzMxgenq60MUgKhnV1dWoqqoqdDGKGse3EBERERFR3jCwQZQ65qVxx+AGERERERHlxezsLAMbRGmanp7G7OxsoYtRtBjcICIiIiKinFOThxJR+piA1x6DG0RERERElHMMbBBlB68lMQY3iIiIiIgop6anp/m0mShLEokEp3cJMLhBREREREQ5k0gkmAiRKMtmZmYYMDRhcIOIiIiIiHKGT5iJcoPXlhGDG0RERERElBNzc3OYm5srdDGI5iVeX0YMbhARERERUU5wOgpRbvEaS2Jwg4iIiIiIsi6RSPCpMlGOzc3NMfeGgsENIiIiIqJ5Lh6P4ze/+Q3ee++9vK2z+AMbJ/HoZ5di6dK1ePSNQpfl4vZ0u/NxcPu74Bu4f+lSLG1/2vK7tY+czLC0xaf4r7X8qCx0AYiIiIiIKDfee+89PPHEE5icnNR+d+211yIYDOLSSy/N6bpnZ2dzunyxk3j0s2uw89fLseOF53DftQUoQgpOPrIWa7rGsbzzJTz3tWsKXZzCiN6PTRFgw4/sjtfTOBgBlnce8H48owdxEMCGdbdpvzr5yE4cxHLsaEplP6vnUwpfMdiAA6f24zb3D2ZkdnYWVVVVOV5L8ePIDSIiIiKieei3v/0tHnnkEUxOTuLKK6/EJz/5Sfh8Przxxhvo6+vL6VB2SZIKM1Q++rDcEQ3sKPrABvA0Hu4aB7ABOy7GwEb0fixduhRL7z0IADh471L5/0uXYunS+6GNuVACFeNda3R/T/6IRmI8feQggA3Y0Kj+5iSeCo8D123EH6dzXgQO4NSpU6afl7DjOru/ncJLncvTWFF6EokEJEnK2/qKFUduEBERERHNM++88w4ee+wxnDt3DsuXL8emTZtQVlaGtWvX4m//9m/x1ltv4Ze//CUaGhpysv5CDZOXO7XGJ/ZFS+m0I7Ah50/2i5d1hI08mkX7Hx79q4PY8KNT2N9o+mr0fiy99yDqP2YKDL3xKHZGgOWdD2r79eQjm5TRFzuxZunOlMtUCubm5lBZeXF37zlyg4iIiIhoHnnnnXfwgx/8AGfPngUATExM4LXXXgMAXHLJJfjMZz4DAHjjjdwlmihMgkN5+gKu24EHzR3hIiQHYpZjx7cu3tCGm5OPbMJOpHY8Tw4+jnHDaBhlhIwywkIeUbEBBwSjLeSf0gtsAIW65ooLgxtERERERPPE6dOn0dvbi/fffx91dXVoaWmBJEn48Y9/jFdeeQUAsHTpUgDI6TD2QnS05JwKwPLgH8MyyUOdAiGa9mDH8h1TQkv17599FMIUlerf2wVrUkYXGKdJKEkw1bKZ1m+YfvHGo1jrtB3q39WyGcqirsdumbofwbadfGSt7rvJZVmW51R+T+SghPB4unzH8Jv2TTiIDTjQPb+DSAxuMLhBRERERDQvvP322/j7v/97nDt3DnV1dbjrrrtQV1eHjRs3oqysDOFwGMeOHcPPf/5zAMCHP/zhnJUl//P/lZwKgvwVJx9Zq+V1SDqITUs34XGbpT3dvlTwnXHs/NRS3B9V/tu4ARsA4NeP4ynLIBh5OoXdyAx5dAGw4Tv3iTvuypQLw9q71iQDBNf+MTZeJ2/Hwajl23j6r3faLH8cj352E8xbhjcexdpPyd8x+PVOrLEL3uAp3L/UuCytjG7l9yJ6EAexATs+9rDn78mBjKSTj6xVkpVmmNQzskmQ70NJNCr821Ks6bLszZxizg0GN4iIiIiISt7p06e1HBsrVqzAXXfdhfJyuam/YsUK/Nmf/RkqKyvx5JNPYmJiAldeeSXWrFmTs/LkvaOlJRI15a+I3q91Mjf8SD/14AA2YBzjordgKG/vwHU78JJ+usKPNgAADt6rjpa4DRsCADCOxwdNne83nsLjv4ZNAstkItENwukWB7Hp3lHseCG57gMB+S/jXQ8r674GfxyUE1YePGIeu6FMzxEtP7ITO5HcLsMbWszbe+qAErzZiYcFAZTxrp0Y7XzJkkBzPLwJa+89iOWiv2nl96BxP06d2g8cOYjxrk3ur4FVc21cp0vk+bF6LA8csObrwEFsEgQkbEeYFHlCUYDBDYDBDSIiIiKikvbWW2+ht7cX58+f10ZqqIEN1Uc+8hF86EMfAgDU1NRg8+bNOU0+mO+Oll0iUfX3yztfMnVwb8N+tfNuoI642IADz5hGPTTuV4IMoxhXOtq3fWsHlgMYDz9lGN2gjswQT5FxTyRqfi3qbd1qWZPrvuZrO+TfRQ4aAwaOyxdsFwBcex+es/z+NjyodNBHXxN0+K/bgQO64Mg1Xzsgd/Z/PY7xwAFD4EQrq678Xt3W/RJ2XDeOnVtEI0iWo345AJzEo1t2YjxwAAeCyb9e07gfzwmno9jn3CjVV/IyuMHgBhERERFRyXrnnXe0wMbHP/5xw4gNVSKRQH9/P06cOIFLL70Ura2tWLJkSYFKnAt2iURPYvwVwP5Vq8tRf53pV+qIC5sn+5siADCOUXXGgTo9xDA1xX6KDOAlkahoRIegrNrIEePUFMfle3gzi5pTw21qhTVwcw2W36BsgeVtNaLyA+pUH+fpHNfgvu9ssB1BAkA+btiBl+Z5Xg1yxuAGEREREVEJkiQJTz75JC5cuIC6ujo0NzcLAxtPPPEEfv3rX2uBjcsvv7xAJc4N+0Si4xgVTTvJKnV6iG5qihogEQUShIlEva1HDRzo3bZOmSqjTU1RAz0pLl+XTDS/uSKWG6bf2E7nUEbNJKcEmQhHnmSDfA4t/3h+p5hQei7uF+ESEREREZWoN998E2+++SauuOIKBAIB28DG2NgYLrnkEmzZsgUf/OAH81K2srKyPA2TV0dJLMfGpix2ba/bgZc8dpavadqI5V075akpX7sP42oyT8voBZfpKulo3IANOIiDkYN4uvs2LHd6Y4ytp3H/p3ZiHMux4wXjdJiTj6zNe2JMO7d9aweWR3Zi5yMP4rY8Tx0Z71qDpV02f/z1JiyN2H2zPkclsiorK8vbuooVR24QEREREZWgiYkJAMDNN99syZ+RSCQwMDCAsbExLF68GFu2bME
|
|||
|
|
<p>这里的解决方案:</p>
|
|||
|
|
<ol>
|
|||
|
|
<li><a href=https://ioo0s.art/2023/02/20/RT-AX55%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/ target=_blank>RT-AX55环境搭建 | ioo0s's blog</a></li>
|
|||
|
|
<li><a href=https://github.com/pr0v3rbs/FirmAE target=_blank>pr0v3rbs/FirmAE:面向物联网固件的大规模仿真,用于动态分析 --- pr0v3rbs/FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis (github.com)</a><br>
|
|||
|
|
还有其他解决方案:</li>
|
|||
|
|
<li><strong>解劫持动态链接库</strong></li>
|
|||
|
|
<li><strong>patch</strong> 原程序来实现</li>
|
|||
|
|
</ol>
|
|||
|
|
<h3 id=toc-3>a. 使用LD_PRELOAD方式劫持动态链接库实现nvram设备的模拟(实现失败原因未知)</h3>
|
|||
|
|
<p>由于报错函数是nvram_bufget所以我们只需要劫持这个函数所在的so文件我们就可以实现正常的ip地址获取了!<br>
|
|||
|
|
FirmAE提供的libnvram库源码:<a href=https://github.com/pr0v3rbs/FirmAE/blob/master/sources/libnvram/config.h target=_blank>FirmAE/sources/libnvram/config.h at master · pr0v3rbs/FirmAE (github.com)</a><br>
|
|||
|
|
为了适配环境做一些相应的修改:</p>
|
|||
|
|
<ol>
|
|||
|
|
<li>修改config.h的挂载路径:<div class=highlight><pre><span></span><span class=c1>// Mount point of the base NVRAM implementation.</span>
|
|||
|
|
<span class=err>#</span><span class=n>define</span> <span class=n>MOUNT_POINT</span> <span class=s>"/mnt/libnvram/"</span>
|
|||
|
|
<span class=c1>// Location of NVRAM override values that are copied into the base NVRAM implementation.</span>
|
|||
|
|
<span class=err>#</span><span class=n>define</span> <span class=n>OVERRIDE_POINT</span> <span class=s>"/mnt/libnvram.override/"</span>
|
|||
|
|
</pre></div>
|
|||
|
|
</li>
|
|||
|
|
<li>修改config.h中启动web页面的ip地址<div class=highlight><pre><span></span><span class=n>ENTRY</span><span class=p>(</span><span class=s>"lan_ipaddr"</span><span class=p>,</span> <span class=n>nvram_set</span><span class=p>,</span> <span class=s>"192.168.126.130"</span><span class=p>)</span> <span class=err>\</span>
|
|||
|
|
<span class=n>ENTRY</span><span class=p>(</span><span class=s>"lan_bipaddr"</span><span class=p>,</span> <span class=n>nvram_set</span><span class=p>,</span> <span class=s>"192.168.126.255"</span><span class=p>)</span> <span class=err>\</span>
|
|||
|
|
</pre></div>
|
|||
|
|
接下来成功编译:<div class=highlight><pre><span></span><span class=n>mipsel</span><span class=p>-</span><span class=n>linux</span><span class=p>-</span><span class=n>gnu</span><span class=p>-</span><span class=n>gcc</span> <span class=p>-</span><span class=n>c</span> <span class=p>-</span><span class=n>O2</span> <span class=p>-</span><span class=n>fPIC</span> <span class=p>-</span><span class=n>Wall</span> <span class=n>nvram</span><span class=p>.</span><span class=n>c</span> <span class=p>-</span><span class=n>o</span> <span class=n>nvram</span><span class=p>.</span><span class=n>o</span>
|
|||
|
|
<span class=n>mipsel</span><span class=p>-</span><span class=n>linux</span><span class=p>-</span><span class=n>gnu</span><span class=p>-</span><span class=n>gcc</span> <span class=p>-</span><span class=k>shared</span> <span class=p>-</span><span class=n>nostdlib</span> <span class=n>nvram</span><span class=p>.</span><span class=n>o</span> <span class=p>-</span><span class=n>o</span> <span class=n>libnvram</span><span class=p>.</span><span class=n>so</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<a id=img13 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605071731.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAwsAAAICCAYAAACA3lHGAAAgAElEQVR4nOy9eXRd133f+9nnTriYCYAgSAAcwQEcJVGkJGqiREqy7Ma2HCduEjfpS9P6pY7deMWx3TppkzR5aR0naZ0lKy9xnMarcpftPMuWB8myKFEDKVGiOFPgTBATMRDzcMdz9vvj3DPecy8ADiBE7a+WiHvO2cNv7/3bv2GP4oGK1RILQoCUIADpfof5DolA5B6l68kJYj4JM3gO0h2gIGThTyL4s/BR4c1TuuiQTnQBSJGf7nS/XX+FKzMpzSoSaISEQEMjLDRCwvwbFhoRESJKmKgWIq5FiGtRykMlVIXi1IbLWBKrYkVsIU2lSwlVrYctG+DxMGwBosA54EXg6BT0nCQ1/i4dU520p4bozYwxmJlkTE8waaRIGBkSRoaMzJKROllp5P7X0TF/69IAYEG4lJgIm7SiERIhwkIQytGvYZbHqi6JxJASA9ClgZ5LX5cGWcxnXRpkpUTHfG/Yf624BoYs1NbuSr92CEwO0HLli2hh4lqEylAJDdEqWmKLWByuoS87zOlkL33pUcaMJEkjQ9rIksXAkIabe6478vqJ630hdvSEzX3MqzFfn3GzfHBxfAGk730gNcWoc34H9EKnLwWk5g4SQKG/OxbAtAJnRgiqqrw2KPKtgOgqmkYxTMcXZpr5uQrfe389O7LU/Cp9rWK9EQFpy1yCwtPsRbjWk0ShNipcaw6dFq3Ov8XTES6KCnCXh7ZcylJSXlVBZW01WihkBpOm7HeykU6ZpXApvdwfKXH6VS6y/Wg+W79lroxWWCmd92YQd3iQOXnudFtfHJl7xnm2iilzhbDStMlx0W6Fsb/jiuOmVXj7uFUSqw6t+nVXTUEmtuELYNknri/+aIXkxtWhUF8qHHLaIuXglZJXR+e1xjfT8Peo2ZWjOBz5D/56c8ub/LCF0vMQ6o5hM5aL8umUhu9ZkGNzT9rXpv+n11UBEayfVp8Wzm9RqIEKNFaASAukSwIa+aW1woWdhIVTv1IghVtAOJ3UEgxSWGoj31Q33ztf7AIGElSs2wUF8ao9W8mJ3F8p7FBOdMepcMm1gBaUeJ0jK8ucAnCVwc4jgAPcwl7i6A4JGICBtA3sDDoJPcNEJkmqNEP8tjBsyUJGQJsGi4A9wIUsjA8hM0Ok9CmmjAwpmbWdAIlp1EoMjyJ0aPUSKiDnzITsvxHX73DO+RFCs2OaToJp8GcNg4zQ0KROVuoI6RcJuZa2FZhht5ewn/xK/tqNOz+stjCdFYOM1JkyMvRnxknoGU5rl0lLnYlskoTMmPUprbq8NiFREAHsHaTwCtaGS3BYLGtHKgQrnF/IWPT4X1j932nAgEyKiUGnte1+KXxRC5DjC1KoOMHfXYJ+2rAzQGBVFfkeRM5s3k+Xuiz0291kBcS9e2Anv06kr8acuKJgrq72tw1KbD3hSAS/FvOnF9Q6hcL6jRnpNHcAaU7q07WkS/bn0rXLLiCTyaBnsoTCYaestsUNXueoMD3Oe3cnBnugzg6ec8+k9d5VIF8Y66+XBOn9m/smcCUZQF7+s8MX0rakvNXm/unQjauKZXDH8fz2WTszEIq+Ejr8Lzx/ZtD/i/Xi/PfFQvo1WbG8A8ThrFAovr+3eb8EvfXabtZfGRhndtI0WDW5KZQuWXF1UtrpQi6l6M7c/dutG6SbLx3HwBEDV6n/fV3bT+uMSmnJIR8vCz+DuX5b+t2fr1vs+M3baXnQJSvC3p4mch8dAWS9s2MJS/HgbeQgDnVHz68HO3ih7ijsXPILZAkuW33kaMZ+78SWOKxgNWQgMa5yuOWiEMIRlDknyZLjQZ3UKriVt5QSQxgYaBjSHFnXMcgYOslshlRMEtrcgHHbcvQGQainA/ZVwUO1cD4LhzIwNQrjl8ik+xnLjjNhpEgaWdI541bHGrkPri9/LQsEEREikpv5iAhz5iMiwoRFiKgImbMLuRkGiePkZKROFp0wGhmpkTE0BFlXXmYZTWoEUgikFOYMjP23sEi7Frj5ye4kUmKIXJ1LHWGkMaQkKTKEhEBHkpE6acOcjdExbGdmVhnOFDLop8h78mfjj5RXc27J7LXdbJ719H47PV+nsMJ5Usj99kk7tynplCBfCMhAi27myrWQgMtDwMer4TB/fkEq0/3X/94d72pgKa5i8T10BQT0Kvz8934x6MhPEJ6YPkMO9xyEf7DI0VaOdPZR4uHfoNr1UuX8zv1ysatwvbSokpAbNHKZQUJ63nvzyKXkDCniH1zJpjNks1limIMmPpJcOtJXQOkL6Gun4B7h1STeV77eZg/quQJZkaxBLqte3A3vJzGPAuEJZBcjZ224OdO7vsBdH+YP6S+PnZY713xuzK+sIr0hxxR+reIxlApHLpxuEXjTdfT9dLLseqDQTFpxrTo7aoTrXyf96cf+3aFlQGi/xCg82OXn9cAscjZmjgPdqsxOz/2yEPUeTYm4Sp6wkgrMrZBCKCKSPCwvvJT640iL/DwdXazf5ZHujePKI+wRcvYIunTkpjtzi0KRm1YUwtMe3jayZieEI6VEPusVbhL/VLj7nfBWlJBIy3J3GTq2myBybCtFQGNJPO5Wrh4Cx9lyXG15e3YDudShYVWVBF2AhoEhNQwhbSdBRyetZ8loWSrWNNCwZQPhpgaGU1OUPPM2VT0RwquXQ10MnuqCoSQyPUQmNcBo8goDmXHGslMkjBQpaS45yhqmAa9La/bC/F+66HLrCU0IIiJMSISIaKZzEBNhYlqEqBaiRESIaGHCQsNyCC1HISN1UsKc2QgZAqEBhszlY7oIGgIjZ0qYDoLIOQh+E+z6wp+i9WwgyUqLQklWGqRyZZOAYS3XwkCXuTkaOYPZhetUBK/yLSg7PO/ydG0BzW8UkLPBGXmNjLwIPoWdT6d7caLHXLPTcI+HWv3FXSCvaZEvtvMEGtPUzUwQEMnwvbKeZ9rkhcIVMhALtft06Qcbe17FbuCY904sr9I2BFiOpLc+pe+3oxScOsqn1h3Sn5tbb1haKSetA0rlbRzpHmn3JmKX0hPbZWt4qBTkBhfdX/yMYP7WdZ1MOotuGM4suZVungEtnT+WxrVottcSWO+cGQEntnTSR3ombRzdazWVcGK4w+Xqwtt2rrA5nWjRGMRLnrqSPpPfyivHM9LSjQ71Dk0etZujKa+D+lqngGNQQCphOQpBsQr1k+sBf5sVy+eq5JIP/r5dKM2ZljVf5kzvDhRO201NvoSz4JGj01WIXznkHu2y53SVp42ns9DdM4O4XV2ZV5+zbbMg/jTptPRwgF3rexQ4ssWeWQgQLT5R7k2A3Aoedxq5f2ZiCwS1cdhay+ikZAm1HMVCYo+mu8S9dM0weAU5jqeIU9IgVZLXEFatusgVlnB0v8MxNhyBj7cizci5b16GciooV5N5esJFlSjcJv7SmA1qIIWGYzoLTBcBc/mOFKSMDLVNDazZtonFK5ciZIgLew8iTl6hLlxBuqqGmpYmtI4ujNPvIKOQ1qcYz0wwmBlnIDPBiJFk0kiTMLKkZZZMbu+AzO0TkNLICXjTfDeVjiVmZG4vhUZUhIiKMCUiTEkoSomIUhqKUKJFKdEiREWYUK7ds9ZsiMyQMNJMGRk00ggDc8WRIUFq5iyKFFgLHwyLjQBNmHQIIVx7F66HGM2Ho77MLAxhOgQGAh3TUbDsI2epUm52Rgbx7PWnL9/cKQyzlhxla3ddu1MGpGT1RzujIMkkvYQUyNnpnwXayw6W/z1fALsXUFBAiImAX4XUUXBeM8YsIhXLfya0BcnCYnFmCw+f5DJ1psW9y4Pc8tsepM6j1DEynflaMwe//C9urgV8LzTD6Mo+XxcKX5xCzGsOWAn36I7NfSCkDKTccTe8ei2TTqFnsoQjEax1/wGWPrZScr+Trpw8VeDyZHwKzBmrdh
|
|||
|
|
</ol>
|
|||
|
|
<p>经过上面的步骤发现网卡不对,在ubnutu上网卡为ens33,还是切换到kali进行实现步骤如上:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=err>┌──</span><span class=p>(</span><span class=n>root</span><span class=err>㉿</span><span class=n>kali</span><span class=p>)-[/</span><span class=n>home</span><span class=p>/</span><span class=err>…</span><span class=p>/</span><span class=n>Pwn_CVE</span><span class=p>/</span><span class=n>CVE</span><span class=p>-</span><span class=mi>2018</span><span class=p>-</span><span class=mi>17066</span><span class=p>/</span><span class=n>_DIR</span><span class=p>-</span><span class=mi>816</span><span class=n>A2_FWv1</span><span class=mf>.10</span><span class=n>CNB05_R1B011D88210</span><span class=p>.</span><span class=n>img</span><span class=p>.</span><span class=n>extracted</span><span class=p>/</span><span class=n>squashfs</span><span class=p>-</span><span class=n>root</span><span class=p>]</span>
|
|||
|
|
<span class=err>└─#</span> <span class=n>chroot</span> <span class=p>.</span> <span class=p>./</span><span class=n>qemu</span><span class=p>-</span><span class=n>mipsel</span><span class=p>-</span><span class=k>static</span> <span class=p>-</span><span class=n>E</span> <span class=n>LD_PRELOAD</span><span class=p>=</span><span class=s>"./libnvram.so"</span> <span class=p>./</span><span class=n>bin</span><span class=p>/</span><span class=n>goahead</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p><a id=img14 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605083108.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA5MAAAEpCAYAAAAOIXazAAAgAElEQVR4nOydd3hUxfrHP9sT0pAEEhJQykXEe1GEq2InBCIl9CaEJiSogD8VsHAFInhDkSICXikicKU3Qbp0gdBFrlcuNmoAA4QECAnZdn5/hF12k83uOcluCsznefIoZ3Zm3jPv98ycKWdGlZCQIK1avY5KoeE4o0IgKOtIkhWVSl3aZpQIKpUKg0GPWq0ucN2GJEn2/96+nWv/tyN6vR6tVlNoXEdyc41YLBav2C8oeYRmBEoRmhEoRWhG4Aq1WoWfn5/P85EkCZVKhUqlwmQyYTSafJ6nwJly9RZes2YNNqxbzoZ1Kzh+LIWwsFCv59Gndw/6vdrL6+mWFN26diQ2tqnLsJIoP4Hv0Gq1To21rfJ0pGuX9jSLeQmVSoVOpy2QhkqtsjfWBcJcpKfX67xguaC0kKMZ27+FZgQgNCNQjtCMwBX5feYL8g806HQ6oY1SoFx1Jk+fPkPrNl3p2DneZ3lERUXwwAMVfZK2RqPh+LEUoiIj7uYXGcHxYylUqODvlTwef7w+1atFuQwrifIDqPOX2gx6I9GneRSHsm5fYajVdyvmwirpJ55owEMPPQjk6S3/73S6u5VsYWk4NtwqlQqVWnmDkPzxKEaOeE9xPIF3kaMZR0pTM4KygdCMQClCMwJXFJxPLhlEh7LkKVedSUH5oHr1KF5q8rzP89Fo1ISHVyYurgWhoZVkxysp+0qL/CPAOp0Wg0GPwaBHqym4hMgjLpYYecJkMmGxmBXHE5QOZUEzgvKF0IxAKUIzgpJCdChLloJrDTwQHBxE0sgP+NvfHkWSJM6eO8+MGTP56b//A/IqggGJfejSuSOSJLFnbwoTJ00lJyeXptEv0rZNK0JCgqlaNYL5CxbToX0cOp2Ovv1e58aNm8W+Ib1ex7ChbxLTNBqTycS+lANMmvwZOTm59t80jX6RgQMTCa9ShfT0dOYvWMyatesLpKXVapj0STIarZahw4bb12FrNGoWfT0XtVpN9/h+Xl23PzY5ifPnU6levRrBwUFERITz/gej+OOP0wA8/9wzDHlnMCEhwVitVlau+oZZs+c7pREaGsrMf02lXr26nE+9wIgPR3Pm3HlZ+bvznxwWLZxLRHgVQkKC2bBuOQADBw3h7LlUQJ5/3FG5chgjP3yPqKhIQkMrcetWFikpB/n555Okp1/zaL8n+zzha/2786/FYmHC+DGcPPkrzz//DI/UfZjzqRf4YPgoUlMvOpRRZaZOGc/DD/8Fo9HI0Hc/tOvHVv7NYpq6LP8BiX2J79GNWbO/QqvV0rZtayKrRvDcC83IysqWrQ+zxYzJJL5nKW0sFgsajeulY4Wh1SpuFoC7y40sFqt4xyvHCM0IlCI0IyiL2Ga7xTeUvkfxzGTfPvHoDQZaxXWiRauOfDbtC65lZNrDu3XpSNPoJnTp1puWrTvi7+/PgMR+9vA6dWrz1jvvs33HbqKjXyC+V38yMjJp1KiBV27o9dcSqFWzFnFtO9OuwytEVq3KwDcG2MPr13+UsclJjJ8whRdeepnB/zeM86kXCqSj0WiYMG5MgY5kHioqVgyhYsUQp+Ud3uK5ZxszYcKnDH5zGMd//Ime8d3sYT+f+B+Jr71JTPM2JCQOom+fnjRoUN8p/jONnyJpdDLRMa05e+YcI0a8LztvT/7zRHzP/iSPncipO0tqW7fp6tRR8+QfT3yUNJzf/zhFpy49iW3Rjqxbt0g5cIjTp8/Ist+TfZ7wtf7d+ddisSBJEu3atmbkqI9p2qw1aWlpvDv0LScbGz/9d6Z+9jmt4jpz5OgxJ/28/loCtWvVLrT8Z8+Zz6LFy+jSuT0REeF06PgKubm5ZGVly7o/G2azRWyOUAawaQZcb2LhiLsZASWzBVar8Ht5RmhGoBShGUFZRcxQlgyKO5N//vkn9R55mNjmMQQGVuDEiZNcuHDJHt6hQxv+vXAJGRmZmM0W5i9YRGzzaHv4uXOp3Lhxk5ycHE6cOInZbCE7JweD3uCVG2rVsjlLli4nJyeX3Fwji5esoGWL5vbwzp3as3nzNo4cOQZAaupFjh495pSGWq1mbHISeoPBRUcyr+Js274bcW27YDJ5fynfzl3fc/3GDQDOnD3HAxVD7GEZGZmkp18D4Oy5VH797XcerF7dKf76DZtIS7uC1Wpl2YpVNGzYAINBLytvT/4rLp7844l6j9Rl3979QN5o04kTv/D4Y3c7076239f6d+dfSQKr1crGTVtIS7uCxWJl1epvefLJRk42rlu/ibPnUlGpVJw9e55KD1S0f2vSulWsrPIPDAxk0uRpGI0mRiUlKy5fk8mE2SyWuZY2Ns3IxaaT/H9KEIMI5RuhGYFShGYEZRnRofQ9itcZLF+xhrTLV4hr1ZL33n2bg4eOMG7cZHvnJzy8Con9+9C9W2cAVGp1iS5FCAsLJf1ahv3fV9PTCQsLRa1WY7VaiYysyqFDR92mERpaib83eoLZc+YVOj3u7Wnzwkbz8q7frWRr1qxB3z49CK9SBUmSqFWzpttK+Nq1DDQaNYGBgeTmXvNoh6/958k/njh69EeaxjTh6LHjBAUG0KhhAyZOmlZi9vta/578m78BzcjIJCCgAhqNGoulsPK7G19O+UuSxOEjP2A2m7FaJTZv2Wb/vdz7M5nMWMyisS8LFGUJmlIcZyWsVrH2rLwjNCNQitCMoCwjlrz6liItWt+9ex+7d+/DYNAzY/pk3n57IKPHjAfg8uUrzJu/kE2bt3rVULmkpV0mzGEzlrDQUDIyMu0vylcuXyUioorbNK5cucrAwUP4cvYM0tPT2bZ9d4Hf2EY5lAjTYrGQk5NDUHAwXPwTgKDgYEwmE7m5Ro/xVSoVc2ZNY+asuSStGgvAV19+7jZOlcphGI1Grl+/LstGb/hPcrOHlyf/eOKTSVNZvHAu9R55GJPZzPwFC9mzN0WR/e7sk4Ov9K9SqfhyznRmzpxL0krX/s3fWIeFhnL9xg03HUln5Ja/JEl5DbcKpy3Z5N7ftOlfyLJHUHxUahVIhQ9I+foFzxFXmhGUPYRmBEoRmhGUd0SH0ncoXuYaF9eCug/XyYusVmG1Wp2Ws61Zu55+/XrZO2x169ahVq0aXjI3D6PRxK1b2dSokXcEguOxGpu3bKNH9674+/vh728gPr4rGzdusYevXvMtrVu9zFNPNkKtVvPQg9Vo/PSTBfL45ZffGDJsOGNGj+SpfMsItVoN365ZxvpvV7g8L8kdO3ftITGhDyHBwYQEB5OY0IcdO7+X1ZnSaNSEhATbl1XWeLA61apF4e/vfKzI008/SUBABXQ6LX16x7Nz1x7MDrNE7srPG/67dCmNiIhwKt5Znuu406on/3iiVctYDh46Qr+EQbz2+lusWv2tU7gc+93Z5wlf6V+j0RAQWIGI8Cpcu5aBn5+BOrVr8uCD1e3+NRj0aDQaGjd+ipDgYPz89HR/pTM7dnwv234l5a9WqzHo9Y4Tm6z9dgMDBvTloYeq4ednoH79R6ldu+D99e7VnYT+fWTbJVCORqPBz98Pfz8//P398PMzoNM5n/dm00xJ4UozKlXe+XEGgx4/PwN6vY4SOH5M4AKhGYFShGYE9xJiyatvUDwzqVapGT9uNKFhlcjKusX+/QeZPmOWPXzJ0pUEBQXw9YI56HQ6Tp85y4zpM71qtCRJJI+byIRxY1Cr1SxesoI5X+bteDl7zjyGDhnM2m+Wotfr2b5jF9Nm3M3/yJFjjB4znn8MH0pERDgXLlxi/oJFLvM5fPgHkkaP5dMp40l87U1OnDgJgNUqkZl5/c7SQGVDY+PGTWL48GFs2rgagF279jB+wmRZcc1mCx//8xNGjnyf7OxsTp86y6dTP6dd29YsXbbS/rvz51KZO+dzIiMj+M9PP5P80SSndNyVnzf8
|
|||
|
|
<h3 id=toc-4>b.patch 原程序来实现</h3>
|
|||
|
|
<p>先ida动态调试一下手动修改值:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=err>┌──</span><span class=p>(</span><span class=n>root</span><span class=err>㉿</span><span class=n>kali</span><span class=p>)-[/</span><span class=n>home</span><span class=p>/</span><span class=err>…</span><span class=p>/</span><span class=n>Pwn_CVE</span><span class=p>/</span><span class=n>CVE</span><span class=p>-</span><span class=mi>2018</span><span class=p>-</span><span class=mi>17066</span><span class=p>/</span><span class=n>_DIR</span><span class=p>-</span><span class=mi>816</span><span class=n>A2_FWv1</span><span class=mf>.10</span><span class=n>CNB05_R1B011D88210</span><span class=p>.</span><span class=n>img</span><span class=p>.</span><span class=n>extracted</span><span class=p>/</span><span class=n>squashfs</span><span class=p>-</span><span class=n>root</span><span class=p>]</span>
|
|||
|
|
<span class=err>└─#</span> <span class=n>chroot</span> <span class=p>.</span> <span class=p>./</span><span class=n>qemu</span><span class=p>-</span><span class=n>mipsel</span><span class=p>-</span><span class=k>static</span> <span class=p>-</span><span class=n>g</span> <span class=mi>23946</span> <span class=p>./</span><span class=n>bin</span><span class=p>/</span><span class=n>goahead</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>IDA动态调试附加上这个端口!<br>
|
|||
|
|
修改地址:0x45CDD4 (将v0的赋值修改为0,就不会报错了)<br>
|
|||
|
|
<a id=img15 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605090459.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAn4AAAHlCAYAAABrmfF9AAAgAElEQVR4nOy9f3gb13nn+xlJlvxDsmWbEhMr7voHoIQUN2tX6iYBraplkmYBJbVaOeyPa1ftcx1Qe3XvAv2ha/ku+9Dso63lVdoAu6tGhNze6rF3b4qYvXRTAc1mzUZRiNxs5VXipciWgC0njhJTZGzZkmyRBDH3j5kBB4MBMCBBgADez/PMQ2LmzJl35hxwvnzf856jXL58WUUQBEEQBEFoeFbV2gBBEARBEAShOojwEwRBEARBaBLWTE5O1toGQRAEQRAEoQoozTjGb3JyktbW1lqbIdQR0meEcpE+0xhIOzYXzdDeEuoVBEEQBEFoEkT4CYIgCIIgNAlram1APfJwcgNXr6Xh/Tl4Pw3X0zCThpl5mNW3uXmYy0Ba29avgRd/765amy7UCOkzQrk8nNrA1WvzWp8x95eZNMxmLH1mXu83KutvkH6zkpB2bC6y7X1d/1u/AttbhN8iuHotzQM/t5q5dzPMvZsh/e4q5t5VmHtXJf1uhrl308zNzJG+lmbunTnUKZWr96yrtdlCDZE+I5TL1WvzPLBjFXNXVpHWt7kr86SvQPpKhrkradJX0qTfSzN3ZY75d+a1fuOSfrOSkHZsLuqhvWsm/IaHh3nnnXcclb3tttvo6upaZovK4P055t7NcP6vVHhvFq5fh5kZmJ2FdBrm5yGTAVXVtkngZzK1trrukT4jlEvd95krqzj/V+jeIps+Mz+/0GdWqTAF3Nd4/Ubasbmo6/a+vvLbuyZZvcPDw2zYsIEbb7yR1atXFy177do1ZmZmmJ2drVjjLjVr55PD8Be/chvtwDxwbXae/v/8Clfem2Fubo50Op330/h93RqFF3o/W5H7aCakz0ifKZe67zPfVDj78K1kgAygmrZCn28DdgS/z0v99yzR+pVDI7ajAqwG3vwJfOCDMAvM0djt6JRGbO+V9r2ticfvnXfe4a677uKnP/0pq1atYtUq+xyTTCZDJpPhlltuYWpqqspWFuF6GgXtBW5sV96b4S8OfNy2eEaFeRXmM7Dzfz9RRUOXzsaNGwG4fPlyTe2QPlM/SJ+pEDNpAL428ZdMTH2fQOeXCr48fvnPb6d1zT381b5zWudpIBqlHTMsCL7/8TJEIvDyy7B9O/j98OB2mEHbtBMaqx2d0kjtbXxHvzfxBh/7zcPZIiP/pZeOrXdnj2snVK+9azrGb82aNaxatYq77rqLt956i9nZWQDWrl3LHXfcwY9//GMymQw33HBDLc3MZybNKrSXdwZYu3Y1c3NzAPzWgd/j1ls3cuuG27j11o184bf/l+wL/Lab15BOpwtWa7wwrdTyBXr58uWCdtUC6TO5SJ8pTf32mXkAvnIuzMlfO1fUY3D/+gd49dXvaeeViBjZtU2tRboT6r0dzYLvjYvw2G9neOZPM3zj6wp9favYskXB74ePbtfPK9KO5ja0ft/qoS2dUO/tbf6efn/iR3z2Fx7gK1/813h7/oRXJn7Etjzh56z6Snx/ayb8DCV/11130dbWxtWrV3nllVcA+OhHP8r69esB+PGPf1xQ8deMmXlWobWT8SI3Xs5/9sVndG+NkuO1mVcV5jNkX/Z2GF9gayPa7WtGpM/kI32mOPXdZ7T+8ZOfvM6BZ3+R//D43xcMG33x1/6e/V98UDtPLew5KNRXnJSrJY3QjgrQ0wP/+vcz9P4rlRtWq6RV+PRnVLzeNF+Pr6KnZzVnz+rnFWlH6/e+0N+BeqUR2tv8Pf3Wy//E337ze6zf0QPA3Xfdya9/9hPZ49oJpT1+lfr+1jyr99KlS9x9992sX7+eBx54AICbb76Zq1evcunSpRpbV4DZ+RzvzTwLL2fjBf5/HDzI+lvWs/6WDdxyywbWr9/AF37n0aLeG8EZ0meEcqnPPqO9Ej54wz0kX/0eKvDH3/wdrl6/zP23P8Dgd0P86oNBHtvZx5/99e+y56GAdp6DF0i9Us/taND5SWOXAqjabLoZhc94Mzz9x6YxbQ3cjk6p5/Y2/3P2yj/9iNjA79O5fStnXp7gyT+J5hzXTqhyqLfYmBzrsVKfy2HVqlWk02m++93v8rGPfSyr4q9evcp3v/vdbJkVx+w8CvbeG8Nr86fPHM16bdIZzYuTUYt7b5xiVfil/gMo1lbF9jmxQfqMQ6TPSJ8pl1ktZPQXB85lvQd/N/aXHPjEl/jVB4N47nmYb4+/SAbo+dUvmV4g5V2mUDsWagNjX6Hw4nK1Zb23o8HMvKL/ZqR5LIi/HCqgA4p97wu1ZzntIt9bG/T2NkTd5Svv8crEG3Rs/RAq8NmePwF9/4YNNy/6e2uwmO/vGrNLsBau4lWrVrFmTb7jce3atdkX44pr3LlS3hv4vSfyvTe//VvOvDelvqzFXrjFwn52Y6+s+5y4kqXPLALpM9JnymUuf6yQ67YHOPaN32VwJMyvbA/wKx8P5ISUsicUoNQLvlgbmY9Z27Na1HM7Gix4+yBP/JlxIASKPftSQ0DswsMrLVRcz+1tHt/3z7feza0bbmbjjh7eOjvAz//mYV6Z+BGe7VsdfW8NKvX9XWNt9FIdodTnclm3bl02Zn/16lUA1q9fz4MPPsgrr7zCzMxMiRpqwFzGdryWeXzWkT/+YtZrk84seHCceG/KeabV/qLa9Q/pMw6QPpNzfekzDphbCBkZwq7/s/8v3/vBN/mvL5/ky3/zu/zXxEn+0++fyw0ZlXiDVMIbs5S2W0pb1nM7Gnz7vyk89ClD8IEh/l76usXj50AJlOt1tzu/Uv3Ayedyqef2Nr63Z16e4J9/+ENZ0XfHjh5+/XOfYOTlCT6+favj761BJb6/NR/jd+edd7J+/XrefffdrPv2Yx/7GLfeeit33nlnNnNnRZHOZKfmMF7k6XSaeRX+4ND/mZOh+Su/9pi+ApeivdCXOF7LSQbXSsqoXA6kz5SH9Jl67TMLngND2P37v/kdvvjY3/Opj/42z329n+f/9qmcJI/sCQ6opQd2sdRzO6aBgQEtq/fv/krhs7+h8vOfUjjz3xT++j8r/MyHtOPXgRthWUK99UY9t7fxvX1l4g1OffN7vHV2gAwwdXaA/+dvv8NXvpbg9/jskodoLOb7W1Phl8lk+OEPf8jc3ByTk5PZ/f/wD/9Aa2srP/nJT1aeGxcgrXlv0mj/s61B88rMZ+CP/93RPK+N8TNTIkPTKcXCeNbjjYb0mcUhfaY++wzkZu9+P/lN9v+HB/nEh/eQODfEwz8fzAkFl6KeRJ6Vem/H94D27fDlATj3MkQiCifD2jx+h/8IHtgOV4C3gEqt2FqvbQ31397G9/bbL09w+r/05nyPt239EKMTP3L8vTWo1Pe3ZmP8jDl5Vq1alW1AI5afyWRyGnWlNe76NbD3D0a1t7I+An8tWtjOeIH3/eEf5I3X+vxvLD1DczFtVOycUv8RFhrfJX2mPKTPSJ8pm7T2SrjVtOvsHy28JoKf6auKGStBLDZaO27frnn3fvIT+OAHF/Zv1Lflwm6870r0/DZSe1/++y/lFenaejfv2OxfDuzadc1SY/yL4bbbbuOdd95h7dq13Hjjjdn9iqKNcVAtac2XLl3itttuq4ptTnjx9/L/H/vUE//AfAY23ryajApfOvolbeyWuvCuLzVey2iHUl/AYmG7QoPxCx03PhcazG89bq1D+owzpM9InymX9TfADuOfhYye4p1hYY3PrLtAzXEbrL+p+IuwVIa3sa9YVmA121LaMR/r997u70Cp77Vde64E8SftXZxKfH9rslYv1HYR5qWuxWfHZ3tf4O13r9muuWr+ecuNa3jtr6vzn3qjIX1GKJdG6zPNirRjcyHtvbzUTPjVkmZoWKGySJ8RykX6TGMg7dhcNEN7r7DguCAIgiAIgrBciPATBEEQBEFoEkT4CYIgCIIgNA
|
|||
|
|
成功运行之后就会出现登录页面,在浏览器访问ip地址后:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=n>http</span><span class=p>:</span><span class=c1>//192.168.126.131/dir_login.asp/</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p><a id=img16 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605084611.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAn0AAAIbCAYAAACe3iiKAAAgAElEQVR4nOydeWAURfr3P9UzkzsETLgFIYQIiAdIkAVXUREED/BC9OcCu4uC6wGiuB6s16K+HggoKOCuAqsrIB7oGkDBGxSCKIecIVxyhyN3MkfX+0fPTGYmk8lMMpOD1EeHzHRXV1V31/Htp56qFmPGjJFPP/NPfPllw3r6/KFvhe2KyPHTj2vo0bNXpfvVPVHUR1S5VSgaJ1XV/bZtWtVibhTBoPnbqBrpuqHPH/ryy4b1fvepe6Kor6hyq1A0TgLVfSX46id+RZ9CoVAoFAqF4sxCiT6FQqFQKBSKRoASfQqFQqFQKBSNACX6FAqFQqFQKBoB5nBHqOs6AJqm9GRtsfD99ykqKgz5uL+OuSsCuVEogkOVW4WicTJ79mwKCgpCPm7SpEkRyE3jIqyiz263s2XzZqJjounatVs4o6Z5SjLHc0+ENc4zhaKiQtq3P4fWbVoHFf7UyVNs2rQxwrlSKAKjyq1C0TgpKCigU6dOtG/fPqjwubm5rF27NsK5ahyETfTZ7XZ+++03srLWITSNqKhoOnbsGDaL3/HcE0EJv+YpydWKu6HTuk1runc/P6iwx44dJTf3eIRzpFBUjSq3CkXjpH379vTqVfkaf54cOnSII0eORDhHjYOwiD5d19myeTNZWev4Q9++FBUW8fXXXyHlFaSlpVUrzsrEm7/tnqKtMgEXSUvhvr17ADinQ8cahaktWrRoyY033VzX2VDUMarcKhSNk4ZW99u0acPo0aPrOhtnBDUWfVJKtmzZzPr1WVx8cS/OO687DocDq83KN19/jcmkcc45HUK2+PkTaNUVbrU1NLxv7x6/FcRVeWqLWTNfD/mYNm3a1IMOdSUPpbxC+rrljE2t46w0Is7cclud8hTKMaq8KsJJ7Zen+lL3n3nmmZCPOeeccyoXgsvGIobMhb7T2bV6PCGZnlzHcjd33z2XuXOBuzORcwaHJ3wdUyPRp+s6W7ZsZt26dfT5wx/o2rUbQgjMZjN9+vTBbDbz1apVXN7/ClJTU2ttcoc/a2BllsNwiMFzOnR0VxLfSuRZeWrzienW4cOJjY0LKuxPP/5IYWHlTrWrJiYzgkUcf3WA97Ztz7F22Thc7VPO7Gu4ZOkw1i5LY1aD7AwraXRzZjOk9xNkATCKhbmvclW1op9I8xHzje8Z3teufP9WptTSdTvTy23Nqc8CcCUPpdzGAvfvDO9yU2mZDXTcHuYM7sXkrEri9CKUsIpqE6E2oz7W/bvuuov4+Pigwq5atYr8/PwI56hhkj2jH50nrPHY0pfpu1Yz3ql8q63C7HY7mzZuZN3atfTp04cuXbpiMpnc+y2WKDIyenNe9+588/VX7NixvbpJVYvjuSeq/IQTf5WmrioPQGxsHImJiUF9zObA2v+qIaNgWzY57i0ryVyQQQaf8GX5RvbszCJj6CBSGcDU3IbVAayamExzr87QxR7m3PsEXRc6y81CGDF4tse1CJKVE2k+Aha6yp9v450zmyGuxr0WOZPLbc0JpRzXcpnPyWbbyEXutmztFJh8r6tcBiizgY7LWcHSrpXF6Zt+CGEV1SPCbUZ9q/vx8fEkJSUF9bFYLLWSp2FzJFLKoK12oYYPP9l8vngNfafvMvKReTewhgmdx7IMIHtG9USf56SNnj0vpmvXbn4bYLPZTK9eGXTt2o3Vq1eze/du95IutU11JniESn14WooIqelkZHkIvJxsto18mIe6ZrHT3cobQnDowI4Y1oRrmJND+ffZE2mekkzzlGSGzPYcOljJQ87tFURXzmyGuPe54tvDnMHecaya6P07Z/Y1NJ+40hl9ebrNU5LLt/tw1asnOJ67iJG+O3JWsDQrg3RXa5uaTkbWTioOfhj5au4pCFdOdOZ7D3OmzmfkwsoshCt5qPcnDF3nJ/1a4Iwtt1543h/PMmd8HvJbLDzLcVUEW+Z943T9DlR+/CSXOo5MD8t7alo3cJXLQGU20HG++wYOq6SshxjW33XMmc2QlImsquxarfS9dqHU+0D315neSlfbMpFV7u1VlQfPOKqIv8rz8ReXZ/tXO21G46j7hvVLCIHoN4NsljFWCOO3+9OPGdl+Dlw21rnfKZqqwjN89gz6Ob+PHVueVj9XQhXiLs/X2GUeeRy7zDt8vxn4y6qb4Zmsdpn1OnfDePP5XD5ZBuzaGrroc03aWLP6B3r3voQePXt6Wfh8MZvNXNKnD926dmPVyi/JyQn+WbC5T8WqbFt9wreynBGVJ3UQQzPKBV7OF59AeieuGjKKBZnO1i4nm210I82vpSOLyTuHGE+r656Dya87G9o9zBl8G9umrHdaDDwbsJU81NvTWtGNyb0nsoqOXD00g6ydu93hMhdkwM4V7s5yz84sRg4Z4HwS3sqUdSf8xB8Kvue1lewKxbgjY5etZwpPcN/sPUb+R8xn5MLljMXohLdN9ddJGNeAhXVrGT0jy60Hqyb2YunQ9U5ryQCmelr91z3HthGuzj9cVFbmKyNA+QmiXORkb4WMdMrvWjBl1t9x5aya+QRMuT8oV4bAYQcwZGQWk2eWK6mcLz4ha+QQZ3jfa9WL5pm+1y6Eel/l/c1i8lSYmXuC47mvcpVvO1RleQgi/irPBwK2fzm112ac6XWf7BmMmrAGuJtMl39f3+nsktK/NSzszIVhErlrOn2BNRNG+ReYXgxmjjM8c6cwI3sZY51+g5kBfRTTGD/ew8q4ayvGQG9funWG7J1bQhd9vx84wPr1Wei6TvMWLRBCAMaU6q2//eb1OXnyJGAIv6ZNm2Kz2fjm6685fuxYUGn5G46N5BBtOPB1gK1th9jIYDS4LoG3ZyeGRS81nQznsK93I+5LBlPuc1oFUtPo6uqAclawNGsUD43z08iszGQBoxjiMiYMGMJI5pO50mmdcA03r8xkwciHmZm+02mJNDoDt5UDT2vkAKZ6WCeCImcnWZ6/U9PoWmngjoydZTTqc2a/woKRi5g6oDyOobNcAnYUC5ydxKqJvZjc1RmuDjkzy63BzpnXMDV9PZle5czDwtL7CbIqEUUucmZf4/GwGYz1r5IyHxD/5afKtHNmc9/kLEY+5Bz+C7bM+h7nc64j3Jb7yvEX1l9+rxoyChZkusXOl0tdAs3ftfJ/7UKr94HubwZTZnmcs287lDqIoRlGW1P5ta8i/iDOJ2D7V4ttRn2u+49/NpQVWxdwurj6ff3nL09gDX2ZvmsOhhwazBxP4TR4GHcDsIWdgcSY2zIngrO4ubmbYYOBtHS6h5LxtPGsdgvSIRjzQ5znEFRespkxZa7ze3fSq+vTl5ySwqBrKo5X79i+nW+//Yas9Vlkrc/iq69WcejQQa8wcXFxXN6/P02bNQs12QZBZebx+lSJqkt5g7uSzAVOK0LqIIY6/fr27MwiI71TaJH6dk6+eFkgOpGe4fw6YAgjnUNJqzLnM3LIAFLTYOkXewyLY8Ywrk7FGIJaOIoFI4IdtvFDajoZnr9zstkWMPw4Zk7ZyuTJ3VjoJTA9LC9uAbuH7G3Agts8hneymNy7GvmsAWdyuYUsFizwLWXGZAb/Fmb/pI5b7vGwGUGrrJ/yEzhtwyLOlPXlIiCoMuvnOHcWlvtY1wNlt2JYv/kdcD9TnEKKnBUs5TnuDVW0BFvvQ72/OTvJYj4j3OKufIKK/2sfevmpPN1ARL7NqO91f3fuZqZ/dx8PfHgp/9v6L/KKTyKlZODAgQwfPrzqCNZMYMJcP9u9RJMhqKpk8BzDMuj6hDoruDxTbN0VZNDBc8i82/n97kzcroJB5CV7xihc8zncYpFqiL74+HjatWvndyZuq1atGDVqNKNGjSY2NrbCfs1konPnzrXmhOmiNpZs8Vd56mMlqjYDhjAy6xO+XJnNNrdFryNpXbPYmePpzxcCvp2
|
|||
|
|
成功!!</p>
|
|||
|
|
<h1>开始寻找存在漏洞的页面</h1>
|
|||
|
|
<p>在这里需要绕过路由的账号和密码!<br>
|
|||
|
|
<a id=img17 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605103035.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4YAAAIvCAYAAAAoF8WfAAAgAElEQVR4nOzdZ5Qc1Z338e+tqg6TR5OlUc4ZgYQCwQSbjAgGJ8BgknNar9Njex3Wce112l2vvQ4YsA02QRbJZAQyQSAkEMoJhVGWRmlyd1fd50WFru7pSQozEvP/nAPdXbfytM6pX9+kxk2coenEV7/8Oe7964Ns2bqts9WEEEIIIYQQQpykjL4+ASGEEEIIIYQQfUuCoRBCCCGEEEL0c6qrpqRCCCGEEEIIId7ZpMZQCCGEEEIIIfo5CYZCCCGEEEII0c9JMBRCCCGEEEKIfk6CoRBCCCGEEEL0c6qoeIAMPiOEEEIIIYQQ/Zg1a/ZZfX0OQgghhBBCCCH6kDQlFUIIIYQQQoh+ToKhEEIIIYQQQvRzEgyFEEIIIYQQop+TYCiEEEIIIYQQ/ZwEQyGEEEIIIYTo5yQYCiGEEEIIIUQ/J8FQCCGEEEIIIfo5CYZCCCGEEEII0c9JMBRCCCGEEEKIfk6CoRBCCCGEEEL0cxIMhRBCCCGEEKKfk2AohOgTTZU1NFVW9vVpCCGEEEIIjmMwjBkO5WaSiNLH6xDiCMnfRvQFbVpsm3kmG8+7CID60RPYP2oiABvPu4htM89Em1ZfnqIQQgghRL913J7ClFZYpmZ8tIFDKYs9TpxWu+c59IL3nMvtt92Us+z9H7z5aE+TH/7gWzz99AKeW7CwW+vfduuNVFWW84Mf/RyAaDSKoRStbW1dbltbW8PPf/rD4HNzcyvbt2/n9SVv8vAjj2PbdlD2+c99nDPmzALAtm3q9+9n0aLX+dt9fyeZTPbkEts5Vn8b34gRw7jqyksZOmQoVVXlHDx4iLVrN/DgvIfZvmPnUZ1rd8Xjce6+89d89vNfZdeu3T3e/re/+QW/+8NdLF78RsbyiRPH8/X/9wWu//BHj+v5/ew/v8fCf77C/IceO6rj5HIifO9S+cWsu/gDNJQNomLzKgCshMKwlbuCWcz2qbNpGDSZ0U/eQ6SlodP9GYbBlVdcyvTp0xgyuJa9e/eyctVa/va3eTS3tGSse/557+Ka984lFoty59338uKLi9ote/XVJcy9/GLOOmsOVZXlNDe3sGXLVv76t3lsfHvzEV+3EEIIIcTJ4rgFwwSK+lQUjWZWvJ64cni6sYaDTs8PubVuG9/81g+7XrEXrFm7jp27SoLPV191OQMHVvGLX/6m2/v45Ke/SHNzCyUlxYwaNZzrPngtM2dO55vf+j7JZCpY76mnnuPP99xPNBphzOiRfOqTtwHw57/cd1TXcCz/NpddeiHvvXou8+Y/ysMPP86hQ4cZUDaAiRPG4Th21zsQACx+/Q02bdpyXI/RV987ZVpseteHSMRqiDWB5eU2ZYPlfUWsFog1QVteDZvOuY5xT/8Bbady7i8Ssfi3r3+JaDTKfffPZ/uOnQwdUsv7rr2SH//4O3zzWz9k//4DgBuKb73lw/zbt77Prp27O1x2y83XM2zoUH772z+ya/ceCgsLGDtmNIcbGo/omoUQQgghTjbHJRjmGQ4XFexkQuQwG5IFrEoOYHikkQsLd/JaazmbE/k92p/jODQ3Nx+PU+2xF19cdNT7aG5uobm5mebmZnbu3MWbby7n5z/7AXMvv4R5f38kWC+ZStHa2kpraytLli7j8SeeZfpppxzVsY/l32bYsCF84P1X89WvfYcdO3YFy/fV72f9+o1HdZ79zb1/ffC4H6Ovvnf1o88iFakh5mUsq9V7TYBKppf55XakhvoxZ1K25oWc+7vowvdQWFTE//vat2lrSwCwe/celr21ku9+5+tc96Fr+Z9f/Q6A6uoaDh48yNuhWr/x1eMylpmmydlnzeF73/9P1qxdD8DBg4fYtm3HEV+zEEIIIcTJJgiGp502jcsuuYA331rOJRdfwO7de/nOv/+oRzvLMxxaHINZefVcW7gFS9ucEt3HBexkXVsxFVYbcZWiWQ9iTzJ2TC7gW//2FbZv38Hv7/gTACNHDufb3/oqX/v6v1NVVcVll1zA5i1bOWPOLEzT4KWXF/GXex4glcpdG+E3UTv3nDMpKSlmzdr13HHHX9izdy8AH77hA5SWlvDf//NbrrziUq5571wAZs86nWeeeT44j55obGzi4Uce56ILz894QM+mtWb/gYM93j8cn7/NFXMv4YWFL2eEwo7k5+dz04c/yLRpU9DA66+/wZ///LegCW5X9x3gXWefwVVXXkp5eTnrN2wkmUyxePHSDpsBlw0o5eaPXM+kSRNoaWnhiSef5ZFHn+jWtXXkwgvO4z3vPoeagTW0tLTw0kuv8ue/3IfjOIDbZPTDN3yA6adNw9EOK1es5n9/84d2+xk+fCjf/uZX+OnP/5fly1dmNGk+7bRpzL38YrZv38GMGacSjUR4+ZXXuPOue4LvbUlxMbfccgNTJk+ktbWVFxa+xLnnnMUnPvWv3b6W3vjeaTNCQ80ZxJpUsCzqZjnM1nQn52iCjHWaqmdTvv6lnLWGl19+Effcc38QCn2JRIK/3fcgX/3Kv3DnXfcwbdoUPvOpj6KU4q/3uH+DP9zxJ2679caMZZ/81BcxDINBgwYGwTCX8847m7mXXURZWTnrN2zgjjv+xM5de4Lyyy67iHeffw6lJcWsW7+RO+74c8b3VwghhBDiRGbNmT2TVxa9BsDkyRNobm7ml7/8DYcOH+rxziZFD7GirZRqoxVLp5sRFpNgRmwfKAMLTau2eNwehA0klYntgNPJOCiGYRCPxwH3IRXAcWySyRS//f1d/PhH32HBCy+yadMWbr/tJu5/YD7btu2gqqqKSZPGs3LVGr7xze9SXV3NZz/9MVpaWrnv/vk5j/W+a6/ktFNP4ac//1/a2tq44fr3881vfol/+cLXMprbATz08D+Ix+M9bkqay8YNm6m8roJIxGp3HIDKygrOPedM7rjzniPa//H42wwbOpjHHn+6W8f/ypc+y549+/j6N77LgAGlfOITt/HR2z/Cf/3P/wFd3/fpp53CR266jv/51e/YtHkLM08/jZs/cj2LFy/NeTzDMPj617/IokWL+fX//YGammq+/MXPsW/f/uD7ni0aiQXfs2BZNJrxuaGhkd/f8Wfq6+sZO2YMH//YzWzbtiMIp1/4/CdobGrhm9/+ARHLYujQIcF31ldWVspXv/x5/nLP/SxfvjLnuYwdM4pXXnmVB+c9TGVlBf/vK//C9u07ePyJZ1BK8dWvfJ7tO3by5a9+i8LCAm73wk5PHe/vnV1Qi9UazWia4NcYRlNg2Ollsabwlnkk8gcSaajL2F9+fj5lA0rZsPHtnMdbtXodAAMH1vDii4tobm7l1puv51Of+VKwTv3+g+2WvbDwJW695cMMHTqYFxa+1K5Z75lnzOaaq+fyHz/+JfX7D/Deqy/ni1/8LF/68jdxHIcrr7iUs86cza9+9VsOHDzExAljOXT4cI/ulRBCCCFEX7JOP/204EH5cEMDP//lr4Paj55qckxGRQ/TjElCRYjqrMEqtMNgs5Gi/BTlRisHnSgr20rZa8exFR3WVA0dMpi77/x1xrKnn3me3/3+Lnbu3MX8hx7ltltv5MWXFuHYNo899lSw3oEDh4LakPr6A9z71/u54fr35wyGkUiEyy+7mO9890ds3eo+kP7qf3/P//7PT5gx/VReWbT4iO5Ldxw4cAClFAUFBRw86Ibyyy69kMsuvTBYp6mpmZasgTW663j8bcrKymhtSQ+6M3HieL79za8En3ft2sNnP/8Vxo8fy5AhtXz/hz8jkUiwr34/v/7NH/j+d7/BXX/6K83NzV3e9yvmXsLfH3qUpW8sA+DJp57jnHPO7PB6p02byoDSUuY/9BjJZIq3397Ck089R/j7nu1zn/1YzuXhQVfC34FX6l9j2rRJjB83mucWLGTUqBGMGTOaT3zyC0FNaP
|
|||
|
|
<p>有两种方式可以绕过:</p>
|
|||
|
|
<h2 id=toc-5>1.修改前端的asp页面的js代码</h2>
|
|||
|
|
<div class=highlight><pre><span></span><span class=p>/</span><span class=n>home</span><span class=p>/</span><span class=n>kali</span><span class=p>/</span><span class=n>Pwn_CVE</span><span class=p>/</span><span class=n>CVE</span><span class=p>-</span><span class=mi>2018</span><span class=p>-</span><span class=mi>17066</span><span class=p>/</span><span class=n>_DIR</span><span class=p>-</span><span class=mi>816</span><span class=n>A2_FWv1</span><span class=mf>.10</span><span class=n>CNB05_R1B011D88210</span><span class=p>.</span><span class=n>img</span><span class=p>.</span><span class=n>extracted</span><span class=p>/</span><span class=n>squashfs</span><span class=p>-</span><span class=n>root</span><span class=p>/</span><span class=n>etc_ro</span><span class=p>/</span><span class=n>web</span><span class=p>/</span><span class=n>dir_login</span><span class=p>.</span><span class=n>asp</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>找到这个页面并且修改里面的前端检验逻辑,将非空检查这些代码去除:<br>
|
|||
|
|
<a id=img18 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605103129.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA7AAAAGZCAYAAACwgd0VAAAgAElEQVR4nOzdd3gU1frA8e/Mzu6mh3QChBaqkaKgiBUsKIqoqIAXEAugXClewB+KBWkCcr0WQCwgTb1claKCoKAiTREBpXcS0kMS0rPZMvP7IwmkZxMCKL6f58nDQ3b2zJkzk9155z1FGTJkiLF8xdcEBoVRUkpyLKFhEQghhBBCCCGEEH8G6qWugBBCCCGEEEII4Q4JYIUQQgghhBBC/CXUeQBrCu7I4298zI4965ndy6vUriKHzeePvZvYf/bnJ3bPu5t6Sl3XQgghhBBCCCHE5Uaru6I8aXHvcKaMv5eWrix0o5LNbL/x9jML+c1R+F9HejSZlW0rhBBCCCGEEEIUqcMAVsezcUOyv5hI3++b8fqSgZVslsGJ3/eyy153exZCCCGEEEIIcfmrwy7EBeydO5Zhb20ixlbFZtYOjPh0Jb/t+o7vl4yiR8M6jKGFEEIIIYQQQly2Lmr0mLn/B/671MThX/eS6H8d/xzfnymvRLN3+Fck6hezJkIIIYQQQggh/mouYgCrk7r1U2ZsLf7/PuxX3MqivjfQxfdrVslAWCGEEEIIIYQQVbiEy+joZGZkYag++PnINMRCCCGEEEIIIap2UQNYc2AQ9Yr3qPjQqlU4Sl4CsenSf1gIIYQQQgghRNXqtAuxZ0Q7rmnuiyk8Ah9FJbhNF7plZRH/xy6OFlzJ6IUz6R69gsXfnoTWdzP8dg+il37FL/l1WQshhBBCCCGEEJejOgxgVer3GMHsZ9ueLTRi8CTmDkpl2dB+TPl1P4umLiFo1P08OykYLfsUvyyYyOvv7UXiVyGEEEIIIYQQ1VGGDBliLF/xNYFBYaVeSEmOJTQs4hJVSwghhBBCCCGEKO0STuIkhBBCCCGEEEK4TwJYIYQQQgghhBB/CRLACiGEEEIIIYT4S5AAVgghhBBCCCHEX4IEsOIvQ63Xmo7NrOV+r9RrxVXNPS5BjYQQQgghhBAXkwSwdcTfFMRtmicSRlVEJeSaXgy8qwU+Su1KUPw7M+7Dt5k37jZCS121GlcMnMCCj6YysGX54NZdni3vZtLCj9m8/XNeutZc63KEEEIIIYQQF85fJoD1VkMY6hHFHM8OvOvRljGaV10uYnuevLjNHEF/czidLnVVasByxyR27tnE/r2b2L93A+/3qUct48uqmVryj5fG8vzUodzuV4s9mBrRd8ZEBtT7mcmT15Gil3zRyf75U5kbE8XYN0dwk39tjsCb7v8czQMNolnwwiQWHXDWogwhhBBCCCHEhVbnAawpuCOPv/ExO/asZ3YvrzKvKvhF9WbiR5+y9df1/PzNWzx7Q0D1QZPiywOWhrQ3MvncHs0CRxq/6gW46rrylfA1NeJFa1NuViqraT6bHQmsdiTzx0WqU11w/Pohjw0YzoDnVnHiQjam6zgr3p7Pe7M+ZmOWUcM3q9S/byTPdrXx1ZQ3WZesl9/EdoxFL33IzqBevDTiarxrXEEDRTHhivmV1T/uIy6npnUUQgghhBBCXAx1mMT0pMW9w5ky/l5aurLQK4gBTI3v4433nyFixxJeG3sEW2AgOUczqS5cUPGiqaJzxJHIJper2u3rloKGB41Vhco7qBqcdqXw5UWsVV0wMuPYuzcOU05HcuugURWTBf+wZnTsfgdt4z/mvY0ZRefKSewPnzCnNoWaWtB30LVYds/hvS1ZlZ57V+wa3l3xEIse7Mud7+9iRWpNDshOcvIZ6BxEsAqpF+vJiBBCCCGEEKJG6jCA1fFs3JDsLybS9/tmvL5kYJnXLXR5bBDXpK/g0eeXsseugFF9kKFQmCY2Ff1HKfpdYR7Oyh3WNjxEPOMLUslAIdLchvFaHu/lx7ALK3dYW3OXkcTXhh93mrzwp4BfHdEscRVQnMurp4bykDmYdoqGCRv7nUl87swiVQlgpEcTOhRt18+jA/0wOOk8zHSHDR2or7ViktmrsH7ks6rgMKtLJQmtXGNuRG+TN8GKTpLrNF84ktlvFNe/+vpVydqYnqNGMbxXexp55nJy25e8MXUJ21J1UBswePESnoifz7zc63nszraE6LGsnfkSE9ckuJfBrqp8wBTWhafGD+Ph65sR7KWh5Kdy/EQch1YFoZJF4yfnserZtoUXmvMos/sO5b2jRUfmRv1MzbtyS1OdfbO2kFhlgxSwZ8M2kgb0pvt1vqxcXXmwW55O+ukzEBREoAoXLbUvhBBCCCGEqJE67EJcwN65Yxn21iZibBW8rLXmpusDOHMon5tmfcwvu3/gl69n8FRn/8q7ECtW7rR24D2PcCJQ6WBuxweeHZlrCaxBN1EFPzWEdkYS/yk4xlrDyvXmYCKLq6XWZ5QlnHZKDusc8XzhtOGlWjEDGNksKzjC2848XOSz3n6EqbYjzC8KXgHSXKeYUXCUNx25FcQ9Kq3MzRmimTnlPMWH9lSy1XCGm4MJPXvQVdevalY6jXqN6f3COPTRDMZPXU16+8G89foDNDadKz/orr7cFLuQoQ+NYn5MY3qPfJAObj26qKZ8U2MG/XsKT7U+wTvDHue+wW+yPkMj49t3ePl/x3Ghk/DlDAYNGM7Q9/biqOT8VFU/S2QkTZQMjh5Nqzagd504xjGXhchWjdy+sFWLNyFNr+aurg1Rc3LJduupgRBCCCGEEOJSuHiTOHk1oHGwiaBuPWiz/yPGPDOTVdkdeOb14dziW0kIazjYZj/KNEcaSRgccRxjqu0IrzkyyavBrnUjhU+dOZw28jmoOwEzfgCoRGnBNCKLZQWnWOtKY6PzFG/YT5MIgJPTej5xug7opOv5RBv5JJco22HYOKnnEm1U0LVZ8eFGkxWbK5Glzgx2uZJZ4szFbAriOrfqVw3PTjzYuxF56z9g0uIfWP/VQl5deADL1fdwb+S5U+v841OmLdlNbNJRftmTBkHBBLtz5qsr36M1V7e1EP/9Kr7eE8OJ3Wv4cqeJqx66nTZFAXRB6kn27DnA/tjsSjOilddPwcfPFxPZZGRXn0818rPJtoOfv6+bF7ZKw0dmsf7rNxgSsZc3xi9mn2RfhRBCCCGE+NO6aAGsopkxKwYpX73Bc+//wLat63jrwy1kB3bh5qjK0oE6WUYeMboDOwZ5Rj7RRh6xFQWLVTKKsqMGLsPgbMpXsdBYMWEYeZyo/aFVSlU8qK8YnNYLsBft/4xhIw8r4WrJpq+kftUwhTahmY9O7PFYCpPeOiknYshWGtGsSYmlYJwunEXlO+2OuivfFsPRWJ2wTtfSxkfB5B/FdW09sSclkVKTE1RF/VxOF6CimSp+aymKCdUELpe7UajO6e9m8+yEhWzVr2H4qNtp8JeZl1sIIYQQQoi/n4u2Eo2Rl02WE1SjOFgBZ2Y2uXji7XVBFm9xQ9GgWjfG4tZKFcUqdTEVVSX1VlBQlItQvusIC15aTNeFT/Dfzf/AqZjIP7qBqa99Q1KddMU1yElNI4/WhARqVDc4VQ0IIUTTSU2pvrtxMVviQTZ+fZhTYdez4rEoWmhfEW8/74oLIYQQQgghLoCLl29ynODgcZ3ANq0IK+oe6tu4IYFGEqfia9tv0zj7T3EIrNZkJVOjgARdR1W8aVrFPgzFwEDBVMOgU8dGMgohqhULAAoBigdeFJBQ0TTNNeQ6fYroXJWIyAg8AFAJi2yCjxHH8ZgatKluYACqUvpyqL58lcCrOtMi7hMeu+MRenS7m5sefo1VJ+ouAnQeOsBBpw9RHRpTXRLW44o2tFQz2b8vvobzMCl4eHhAXi45MgZWCCGEEEKIP606zcB6RrTjmua+mMIj8FFUgtt0oVtWFvF/7OJoZjzrvvydoS88wsSnM/j0eCD3DeuMc+dcvjpW2wDWyRldRzH50FbJ5KQaTB/NXIMQVmevM50kazD/sDQmxJmHQ/Whs5LPUnsyp4q2yt
|
|||
|
|
<div class=highlight><pre><span></span><span class=kd>function</span> <span class=nx>onlogin</span><span class=p>()</span> <span class=p>{</span>
|
|||
|
|
<span class=cm>/*</span>
|
|||
|
|
<span class=cm> if (document.test.show_username.value.length <= 0) {</span>
|
|||
|
|
<span class=cm> alert("请输入用户名!");</span>
|
|||
|
|
<span class=cm> document.test.show_username.focus();</span>
|
|||
|
|
<span class=cm> return false;</span>
|
|||
|
|
<span class=cm> }</span>
|
|||
|
|
<span class=cm> if (document.test.show_username.value != "")</span>
|
|||
|
|
<span class=cm> {</span>
|
|||
|
|
<span class=cm> document.test.username.value = Base64.Encode(document.test.show_username.value);</span>
|
|||
|
|
<span class=cm> }</span>
|
|||
|
|
<span class=cm> if ( document.test.password.value != "")</span>
|
|||
|
|
<span class=cm> {</span>
|
|||
|
|
<span class=cm> document.test.password.value = Base64.Encode(document.test.password.value);</span>
|
|||
|
|
<span class=cm> }</span>
|
|||
|
|
<span class=cm> document.test.show_username.disabled = true;</span>
|
|||
|
|
<span class=cm> */</span>
|
|||
|
|
<span class=k>return</span> <span class=kc>true</span><span class=p>;</span>
|
|||
|
|
<span class=p>}</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>这样就可以成功绕过!将账号密码都置空,从而绕过strcmp的对比!!</p>
|
|||
|
|
<h2 id=toc-6>2.动态调试修改strcmp的比对结果</h2>
|
|||
|
|
<p>成功锁定函数:<br>
|
|||
|
|
<a id=img19 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605085908.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA0MAAAHnCAYAAAB60oY+AAAgAElEQVR4nOzdf4gj657f97euz/7yud7ZDeou1saQeLtvtrrLJn84hO1BKJENYWYSGKOxkjiGcyGkRxeF253EF4dwnHL53iGXGRy3DMKa/sc+IWyCGNkTzHRDSCoRYuQEO7YJ6i77TDs4BLJWq4jPrNc43nvuUf6oklq/VfrZavXnBc0ZlZ4qPaWS+jzffr7Pt2J/+2//ndYf+AP/EqM8ePCAH/44z/e/992hzzcaDVq//C+O3H+Yf//kH1B+YfItIAZ8C/h3/+P/hv/h1Z/E/+2f8vU38NMWfP1NjK+/ufnv9rdj/KH0n+Z//W9/OHDMX9v+Of7e9T+P3If+9pP2H/Z897ZlPL/s149q0rFH+RvvfoP9/X0+fvzIN998w6/8yq/QaDT45ptvAPjWt76FYRj85m/+Jt/61rf49NNP+ft//+/z60/+xEz97Bf7x/8QwzBm3v+PvPx/5vqc/sPyfz5wzF/6pV/iq6++ityH/vaT9h/2fPe2ZTy/7Nefxiz7/7W/9tdm+pz+sT/2x2buZ7dGo6HPKfqcTjrmbX5OG40G3/nOd+Y6xr/xZ/8e/+S3v4Zvwg/kNy1+lr/L//hffZfrf/JTftoC+8/8Kb796bf59qe/h08//T18+9u/hz/+7/1J/uDT/5R/8r/8+YFjxmIxWq3WyNfsf37S4/5tw9oDkZ+fdLxp+xil7bj+jdo2SpT3q5/3r5k8+Hce8zv/7z8I+vKTFrGficEvfBI0+Gdf32wDfu5X9vnqv/6rmP+bF6lPUX355Zcz/V79I3/+N/lbf+7X+C2gFf780f8ixq/G/xV+/V9+Su3vvOUP/uq/zn/4x/9C5/nfC/zh5/87/9PLnYnHj/rdH/f7IMrvn1FtFv27bdr26/r/20+q1Sq/7/f9Xn7u535uIS8UxaefxEj/qXrfL8Wv+aZF53/co34pfv311zO95izBwLh9fm17/PvV//zfu/7nY4OT/uf720zaf9r+RTnGuL5F9Tu/8ztA8AFvf7g/+ST4pfjNN990trXbrJNvf8LKP6ezDLIm/dKctG+3r776auwvxv7n+9tM2n/a/kU5xiLoczodfU6Ht9HndLT/+c/+2sC2fzX7N/npN/BLv/t38U0L/sKrv8BPW+HHOPzs/rQFP/nJTwb2bQ/8owREbf3tWq1Wz/P9bfqfbz9uv+ak5/uPMayfw44x6vlJ/Z/Uv1F9GGVS34b59q/u8Dtf/l/EfvkX+Na/8Cn8LiAWg1j4efzd30CrBT+F2E9/jn/2N/8u3/7VyUHEynwdnOMvdm36W3/u5ryP/017xR1aze+Wtvbvxv5ti+zLOv4e++TJk8crDYQATv+jPzCw7U/+mdl/KbYH/tMECP3t2gP+/m2jnm8/br/mpOf7jzGsn8OOMer5Sf2f1L9RfRhlUt+G+fQXf5mPHz/ysz/7s/z8z/98Z/uoX+zX19d8+ou/HLlPy/bf/ye/d2DbH/3Ts39O279gphl49beb9Iuq//n24/ZrTnq+/xjD+jnsGKOen9T/Sf0b1Ydhor6//R48eDD15/TBgweRj79s+pze3c/pNPvf9c/pML/ws7+LXz/8i3z99df85Cc/Gfnfb//CzwzsG2Vgvog2wwKQaR7P8hrTPD9Lf6Yx7f6//zf+Ov/3n/i3+e2/c0EsNum8Ynz7V3f4/b/x1+fp4kJ9+2fgD7f/uPRNK/whCOBarZvpIsJ/t/f7heiD9ijf/WG/n7r3G/W7a1ybYb/b+7dFmaUa93t1knX9PRb76quvxn5al5EmN8x/8Of+G776rd+e+Evxd//8z/A3/rv/cu7Xk9X4P6rn/NPf+seR2n76i7/MH0o8Wthrz5smN8y/9fkb/vFv/dOJn9NPf/4T/s+/uvq/IMlsXNfl48ePkdo+ePCAVCq1sNeeN01uGH1ON9NtfU4XkSYnskqzpsndd7Ok8E5rHf9/uzbBkMiiLSMYElm0ZQRDIoukYEjuGgVDs5t11vsuGLlm6Bb6IiIiIiIia2aTgp+o1muFpYiIiIiIyIooGBIRERERkXtJwZCIiIiIiNxLM68Zevv2bdejv7GAroiIiMi6+fVf//Xb7oLI1HrHqSKjfTJr/e7PPvtswV1Zjf5yfi9fvrylnoiIiKy/L7/88ra7ICKyNJ/88Mf52+7DrXvx4sVtd0FERERERFbsk1H3DxIREREREdlkKqAgIiIiIiL30id/8S/9lUgNNYMkIiIiIiKb5JM/858dTWx0n9YV+dUiBbcBVgY7bd52dxaqc24hK2NzZ0/RK+OU6jePh12vKG1WxqdaLOBubd7namnOy8Qew1krzaO+pzbve+rxPFaCM5vX/ScrIiIiSzNzae11tahBkrG9NU8nKBZcttYp2PDKFFxI5WwS8SW+zqrO3Uxj22k6Qcasbe66TsBnkbHTmAPbew0NgPva9rQZcZzB71f4HndibYNULtv7Wes7lpHKkR31Ybyq8vBxnYOT3EAg1O0ufU/H/24y+cGJwe5jRwGRiIjICm1OMBQObEhlSBmlmQe+8UQWO7HQnq0F77IORgpzmYGQrJhPtTIkUOnoC5CG8MoOpbpFxrbHtJt0HI+yU6JupMjZCeLtvpWr+OnwcRgIdQItv0qxUKDIsIDI4/muS+0wQ+to+Af2Tn1PI/5u2jnK8oEiu4/LPB0yGyYiIiKLtyEFFDzKhQv2czbZxBx/Kd50W3EUC20Ov/oGt2GRyVizHcArh4HQ+IBp8mHCQCib6Pp8xUmkuwKjSh2szM0MTDxB0oLGhYffd7yrfIVTLM5er8u06jym+920c5TkkDqPn3sr6JuIiIhsyMyQSdqec+A0cX1JkAZ0sZ/jGW9u1t50DQL71+Q0Sg5dyUdzDzqXqb/vkdbgdJ3TtOcezEi0Hw2mVEXqzyqNOfdR64G8skOJwX73nNtAEBG5Q1TcBkbqGSaVqfeGYLbQSOXm/Ex6BJOO5uhz8D0uGmAlzYH94ALPT3Rde49Xxw0OTp4NnxlZw+/p+M/qtL+bgnS50+NLzl+bmh0SERFZsg0JhhYg4vqShlugYGWwbZN2etCbqkk2Eb9J3VmXNUMDA/gSTvth9yDcK/OGZ9h2e0QanFdxuyuFya9S7E5z6hP93EekVFU9SJidfk/szypNOPep1EsUjBQ5O0s8PK9COT51oNeZjUnEYeQkQp2SM2ItUBiMbGWalJ3CTTAwbXDm+zSBrfiYPZrXNDDYb0+MtD8jqRSG63LdhM4Lnl9yisHJkxHHW7fv6RI+qztP9jk4dnl7nuaRoiEREZGlUjA0LSNFruuvvnsWlHpGc2ukM3AcPUvRbpft3TB4Xv0D2hn51Qp1LDL9KVXdA8co/VmlBZ070BdsmCRTBnX3Ei9tRp+N8KsEWWdjgpauax/sUqRQcmj2FS2oly7J2DZByyDAGAzOeoOq4DTC4zSvaQCR3xq/SjFMG0tQpdgXzVx92QS2+M5O1AOOsKrv6TI+qzsmmQOX0pc+PFrD3ysiIiIbRMHQtDZ03U1v2lqoeymKmSRlFHALDu6wSmERNa8bYCUnDvwn9meVFnTuwMDnJx7fApr4PhHHzj7VNy4NK0N2itmMeOIZqYsC7oWHn7gJoqxMd0pYnETSwi1VqCbNrnNcUIqnV8ZxmzfvX/9iobaDbXbnfa0Vfk+X9VmtXa7pH1lEREQ2iIIh6aoodjPgDWaSusVJZG0S7fSkmQIDHz/4w/8C+rNKizj3cbYYl2XWw6vgNgxSz6YNTeKEcVePZvQobLitbYxJx9naxqCO626RsbM3QdWoGbfaNR+AeSeHVmGZn9WDPRWDERERWTYFQ/deuJDd2ov4l/++wKDikYi84CIckNfHpYVN259VmubcowV+vt8EYz9ympkXVB0IA7JeQSrbqFmc9vvanjHZYt
|
|||
|
|
在该位置下断点并且修改v0为0<br>
|
|||
|
|
<a id=img20 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605092917.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABAQAAAFNCAYAAACXCL3sAAAgAElEQVR4nOzdf3xU933n+9dI4jdCEINllADF1UBEFJoa9eZ2FBdM6z5WgmYBe7UP2qbO5aYjuyRIWxbHa9Orauvg9OFyr8SW2NKmrH1ze2m1AbMxSJsmq0Axs480grSKDBdJiQE5kgUySEhCP+bHuX/MmdH8npE0Qj/m/Xw8zkPonO/5nu/MEWfm+zmf7/dYDMMwkIfGYrEwU99yi8Xi//dUtXEmv36ZXq2trWRnZ093M0REZI5pbGykr68vobJZWVls3749acfu7u7WZ5uIzGgZ092AVDOTO8MPo20z+fWLiIjI3JPMDr6IyFyTNt0NEBEREREREZGHTwEBERERERERkRSkgICIiIiIiIhIClJAQERERERERCQFaVJBEZkxzpw5M91NEBERERFJGZbe3l5N+y4iIiIyScfeeGu6myAiIjIuyhAQERERSZIDL3x5upsgIiKSsIzu7u7pboOITJPs7GwAdB0QERk/3zVURERktsrQh5lIagoMAug6ICIyPgqkiojIXKCnDIiIiIiIiIikIAUERERERERERFKQJhUUkUn5122ZDAy6YMgJQy4YdsGIC0bcMGouTjc4PeDyLksz4L/9ac50N11EZMr9h//wHzh37hzNzc0JlV++fDkvvfQSL7300hS3TERERAEBEZmkgUEXn/uNdJz3PTjve3DdT8N534LzvoHrvgfnfRfOESeuQRfOPifGHYOBX1kw3c0WEXkoXnvtNc6dO8etW7f4xIrlHDvyEjeb3+ORpfNJS7PQ98DJlt8p4dkvf5UPbtzkC1/4goIBIiLy0CggIDIDNDY20tfXl1DZrKwstm/fPsUtGochJ877Ht7/ewMejMLwMIyMwOgouFzgdoPHA4bhXbqBtZ7pbrWIzAGz5dr52muv8cYbb3DtX/6Ju7/8OSuXLWDY6SbNYuHBiIv/561vc+4ffsSja60KBoiIyENl6e3tNaa7ESKprLGxkczMTBYuXEh6enrMsoODg4yMjDA6OjrpL7bd3d1JebrAbzfCid1ZbALcwOCom8q/bab/wQhOpxOXyxX20/fvBRkWvnt456TbICKpZ7qunT6RrqHH3niLAy98OWL5539tHd+/PciiRfNYvng+ixekY7HA8KiH+0NORpwefn/To/wf9f+SlPbNBsuXL/f/u7e3dxpbEp2vjTO1fSIik6UMgQmY7g+H6T6+JFdfXx85OTl8/PHHpKWlkZYWea5Pj8eDx+NhyZIl3Llz5yG3MoZhFxa8wQDf0v9ghBP7/9eIxT0GuA1we+DJr/7nh9hQmW7Tfe2a7uNLcs2Ga+etW7dYu3YtH/z3d3jms9m8+JSVhp99zKWr3bh677PoU1Zcg90UfvpRnt60nLSu+9z9nw184jeL/PvGE9iphtn19+1ra+hrEBGRh2fGBwSifUhM5wdeb2/vtH54TdXxly9fPqu+SMw1GRkZpKWlkZOTw927dxkdHQVg/vz5fOITn6CzsxOPx8O8efOmuaUhRlyk4Q0EeID589NxOp0A/NH+P2XZsuUsy8xi2bLl/PGX/8AfDMhanIHL5ZrOls9punZO7fFn4vubqmbytfPJJ5/kpZdeYl3T91mTu4LlmYv534s+xVf/7Qre//v/zuPlr7Pwl+/yoO9jBns/pvfju3z4/ZP8/T/f4Jvf/CY3b96MWX/o57Y61smXjP/T+n4lIjPZjA8I+L7AhV5IdXGVucR3dysnJ4e8vDwGBgb8M1Jv3ryZpUuXAtDZ2Rn1Lti0GXGThjcY4AsK+Dr63/qrvzQzAixBmQFuw4Lbgz9wIMmna+fU0vs7M8z0a+drr73Gz372M5Zcv0rer1nxeNx4XC5cI0M8eODEcLtwjgzhdrkwPG5GPKPca/v/uDXySV577bWYdetvTUREkmHGBwTk4fB9sdAXjOl1+/Zt1qxZw9KlS/nc5z4HwOLFixkYGOD27dvT3LooRt1BGQJuxjr6vmDA1w4dYumSpSxdksmSJZksXZrJH/9vf6gMARFJipl67fz93/99Rvrv8//+7n9l+MEgC4eHGE7PwO1y8uCBk5HOdkb77uIcGWJ06AHDg0MMDTnjBgOiifT5HW1IQeAQmlhj+ePtH6+OqZonYCLHj9SGSFkV0V5jvHbEOna0IUvJfH9jtVNEJJo5ExAY7wU/0gdiaNnxpuHFG58a74Ml1v7xjq8PhNkvLS0Nl8vFj3/8Yz7/+c/772wNDAzw4x//2F9mxhl1YyFyhoAvM+D//MvX/ZkBLo83U8BjKENgJtC1M3nXTgVUp8dsuHY6nR4G+waZv+guHrcb57x5PHjgZPiDn+Fxf+zNGOjr48HAMP39yQuUxspi8XUyIw07CPx/Hmt/3++h+0Q7fjL/j0zk+PFeX+jv8eY4iDdkI9b7GK99E31/RUTGa9YEBOJFYGNdEBP5QAytO5EPlGjHSCSNdDwfwPGOH+t4sT4c9MV15klLSyMjI/y/5fz58/2d7On+YhvGGS9DAP706+EZAl/+I2UIPAy6dk7ttXOq7n7K+Mzka+eCzGWMjLjp733AvPnpjA4Nkz4vg8FBJw8+aGFkfg9ul5vhwWHu9w1z797DvS4m4+82Uic69N9T2VmNdsyHbaqOnejr0zVIRCZi1gQExnORe9gXxEgR5XhfcuNFpJMVRdeHw+yyYMEC/7jXgYEBAJYuXcqv//qv09zczMjIyDS3MAKnJ+IcAoFzBnzzyF/5MwNcnrEsAWUITD1dOycm0Tqm6u6njM9Mv3Zm/epGujvamZduYeFSJ4Zh4cHgCN0f/JL0lU48HjdD/SN8fNvJvMdyJ3SMRFPKJ1PvZPaPF2ibKvGCe5MJ6k12/3jtexjHFxGZNQGBWBK5IM71NKrJvD7fvoE/9aEyPR555BGWLl3K/fv3/amun//851m2bBmPPPKIf7bsGcXl8T920BcUcLlcuA349y+9GPSUgd3/9ku4PN6ggNtAGQLTTNfO5L6+ZAYkZHxm+rWzc8VjLLxylQXLM1g24mL0AYwMDPPhLz4mk4V45lu4OzqPD2/ex7Mle0LHiPb3N9m/x9k+jCbW8ZPRvskGBaf7+CIicyIgAPEviHP9ApnsDxR5+DweD7du3cLpdNLd3e1f/5Of/ITs7Gy6urpm3nABAJc3Q8AFWPBeVJxOJ24PHPnG62GZAb6fHj1lYEbQtXNuv75UMJOvnX19ffzJn/wJn/3sZ1nc+SG/+PAWK9YvYaRzANfgKCMPRrk9fx4LfjWLOz/vYcnKX2U4P58/+IM/4Fvf+hZZWVlR655oAGqyncaJ7j9TvlsEtj/a0KeJ1JWsfcZTpwIAIpIMcyIgkOwL8kQmoYqV5hrpQzvSB1KsNNnxtC+ROmRm8T03Oy0tzf/l1Tce1uPxBH2hnWlBgaUZ8My/b/H28M3ZAufjHTLgCwZU/Nm/D5tD4N/s1RwC003XzshldO2cPWb6tXPnzp0A/O3f/i3DL7zA3+z5Ip3//AHGvVEWuUbxeAzuNd9m0e0BlmX9CqVnz7IoK4snn3ySnTt3cvHixZj1x8vyidXhjZQVGLoukf0D/x3r+L5/RzperDqiGe/xQ9sf+DpD6x1P+xJJ2Q99HxJpX6LvjYYMiMhkWXp7e43pbkQsiVzoEonuxisTepzQi2+87YFlEmlnrDYmcsGP1b5YbUi03vHUIZPT2NjIggULmD9/PgsXLvSvt1gsABhG8H/Re/fu4XK52L59+6SO293dTXb2xFJT4/mdr9fRWP3H/qcJuM3AgNsYixu4DfjMzgN01//FlLQh1enaOf72xWpDrHonsr9M3nRdO30iXUOPvfEWB174ctR9hvr6uPTmm/zPmjdw3ff+raRnZvGbpS/whRdeYFGMjABJvngBARGRVDDjAwIiqaCxsZG+vr6EymZlZSXlC+1
|
|||
|
|
<h2 id=toc-7>3.登录界面前后端通信原理</h2>
|
|||
|
|
<ol>
|
|||
|
|
<li>前端js代码通过submit提交post请求将参数传给后端来处理</li>
|
|||
|
|
<li>后端通过websOpenListen函数持续监听前端发送过来的post请求并进行处理<br>
|
|||
|
|
<a id=img21 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605105045.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA5YAAAKiCAYAAACtl0NxAAAgAElEQVR4nOzdfXDb92Hn+TdASrIt2UpiULCdh6YNaRsimlO62U1ELsoOtp2NZHvtlipuLs020dql6GEvZFt51zexB8E46rm2uyV7w5ri2udNN83NYsyrtbbE3s4cEhYlnUyyrS8FiVhi3MmzQcKJZcuyJIL43R8/AMTz8xPBz2uGE+OHL/D7Al/8FHzwfbK8+eabBmXav38/jz0+xecf/Fze+yORCHa7vdynA+DeCzdy6Z0YvLsB78bgSgyuxuDqJlxL/G1swkYcYubfvm4484e3VXQeKSwSiXD77bfX9BwfX7jGoX/excZbG2y8tUHsrVjh/764gbFuwIf38O2nnHV6FZLu/PnzFV+LoOuxXVTzb2k6tWN7UDt2BrVjZ6i1HQHuXb2RS+9smm2Z3o5XY3AtntWWm4n2NNi3S+1ZL7oe21t3qytw6Z1YIpDE2XgrTuwtKxtvWdh4yyD2VpyNt2JsXN0g9s5WILn04T2trrZke3eDjbfiLP9XAy5fgytX4OpVuHYNYjHY3IR4HAzD/IsAH4q3utYN8cNP38Ol761isRT/zcYwLOz7SC8f/OqLTapZaboeO4PasTOoHTuD2rFzXHpnk0Mft7LxtpVY4m/j7U32vP4WD/3+Ee5c/yeiQPA9H+Y/fea/8M6VG8z27FV7tgtdj43V8mCpQLIlEAhw8eLFssru378ft9vd4BpV4N0Yf3TLXg6OwybX8861TXx/9R3evnyVjY0NYrFY5v/eHCMWi/Grf/Adrttl5b8/8elWv4K6+OGn78H40K3c5PwIlht2A2CxWjLKGHEzcMZ++jqxN9/hh5++p33Cpa7HlO19Paodk9SOnUHt2Bm2dTuC2ZZvW1n+ryR6Lc22PP1Xn+XQb/4G1t/6LT70jW/wyb/8S378f0/gv/s0rAO/1Fntua3bUddjSiPasQ2CZXWB5J4vfoc93Raef+TuVr+CuggEAtx444309PTQ1dVVtOw777zD1atXCQQC7XOxXolhATbT/t6+fJX/c+yTeYvHDdg0YDMOrt//T02saGNd+t4q7/2X/4x3z38TdneDxWrekbzSYon/NeJwLUb3Bz7EpZf+thVVzU/XI9AB16PaEVA7qh3Vju1k27cjwJUYX7bfRPzzEOc6DMAAYv/7N7H+lg/++nl4fYWPRKO8963X+G//283c9uEP8/GJ/6/VNa+bbd+Ouh6BxrVjKlhevXqVPXta0NWrQALAxYsXue2223jjjTewWq1Yrda85eLxOPF4nL1797K+vt7kWhZxNYYVs/3iwO7dXWxsbADwu2N/yE03vYebbtzPTTe9h9/73O+k2nD/Dd3EYrGcp7NYLDnHAAyj7CnBLWGxGBjxd2HPbiy7LNz4iSNcfvUbbF5+G4Cu997IDXd8kre/OY9hsWLde13JIbNNpesR6IDrUe0IqB07hdqxM2z7dgRzLh7m9xwj7S8KfOgb34DXVyCyAm+9hQHc8OEPm4+Lt9H/z9do27ejrkegce3YDfC9117j5aWXOXr0CO973/vqW/NS6hxIAN7znvfkHHvzzTdL3pfveQrd1yjd3d1YrVZuu+02fvazn3Ht2jUAdu/ezfve9z5+8pOfEI/H2bVrV1PrVdLVTayYbZhsy2T7/MVTf5K4MC0ZF+imYWEzTqq90xmGgcViyQmS+Y61nV3dZqj85F3cfPfvcdPhu3n9r74IwC2/80V22d4PFitvf+MsdLd+0ECGOl+P+a43KHzNtZvtez2qHdOpHU1qxxZRO2bYru346Nwqv3z5Gp/5sw02Nja4du0asViMa9eucf8HD7Lxl3/JR6JReOst/gfQ82u/RurbSp6RlGrHFtH1mKHe7dj9vdde4y/+4mnOnz/P7j27+c377mvuh6DOgQQyQ2R2w7755ps5x1sRIPNJ/mJw22234XA4uHTpEt/5zncA+OhHP8q+ffsA+MlPflLwl4WWubaZcaFustU+yTb8Xx96iH1797Fv743s3Xsj+/bdyO8d/0zBHwi2tW64/MrfcdO/OMquA+/nln/7JQB2vc/OxtqPufzK35k/6xTomW2ZOl+P+a43aJ9rrphtfT2qHVPUjlvUji2idkzZzu349uVrPPf7h3OOxw24evJf8R/f38+BK2ZP5Wu7buMP/vqvt/Jknh/E1Y4tousxpRHt2P3EE0/y2muvMTgwwK+6XM3/ZaENAkmxsNmKD8ba2hof/OAH2bdvH4cOHQLghhtu4NKlS6ytrTW1LmW7tomF/Bdq8gL9j3/yZOoCjcXNCzZuFP6BoBzZQ2bz9XCWc3/yeKnb5VfMyuaVi/x08iFu/YM/ZVfPrQBsrP+Un04+RNx6GXa12T+20BbXY7vZrtej2jGT2rEzqB07w3Zsx2SbvXNlA9st/xc39NzADTbz72tfcfGTf3eSXxy08/3vf59v/vef0P2e92z1WLb7SKsqbcd21PWYq57t2P3aa6/x0Y9+lNHRE9xyyy2NqG9xLQoktUp2fWcPsS10u1xWq5VYLMY3v/lNPvGJT6R+Lbh06RLf/OY3U2XazkapCxX+8D/kXqif+93iF2qxYJg9LDa7bEuH0lqscL0VS1fuDzWWm3bBZrf5JrXZSNhWXY/ZQ0ny/fJXzv26HhPUjhnUjpVRO9aZ2jHDdm3H9O80P/3xp1O9WbFEm128eInvf/8KkUiEjY3N1PxLSP+P4tI7M9LbJ9nRkX47/THp1I4l6HrMUO927P6fWhkqoWGBZDuzWq1055l7t3v37tRrbruLdSOed2hB+lCCx//4qdQFGotvXazFLtRKQmA1gTH7MaVuV6Jr33u55dNfZFfPrWys/RSAXQdu5Zb7/5jXv/pFNi/+vOrnbpgGXY/F/sHMN1og+7GtHGKyPa9HtWM2teMWtWOTqR1zbMd2TM4924xbuPX9X83osTz3n11861vrHD58B/F4nAsXfoRB2tTKIl8lCgXG9MBQKHCqHaug6zFHPdux+53Ll3n33XfrWsGKNCiQNFq+uZvFbldiz549qbHNly5dAmDfvn187GMf4zvf+Q5Xr16t+rkbJhZPrbKVbMtYLMamAScf/vcZk6F/83/+t8TiZltuGlT9A0FygZ/029kKrS7bcEacG3o/ya6e93Pt9R/x06f+CIBbT/4pu2/5ADf0fpK3v312a/uRdtGg67GS66Gaa0fXYxa1Yw614xa1Y5OpHXNsx3bc6tWC7//g06meyo3E9xmX6xd573vfy9tvv01vb3dq5VhT4WRZzpof+QJnudSOWXQ95qhnO3avrq7yF0/P8NDJk/zSL/1i1ZWqWgsCSSnJXxLS/7eZ8yxvvvlm9u3bx1tvvZXqhv7EJz7BTTfdxM0335xaoamtxMwLNQZYMEd4bmxssBmHPz71ZM4FmvzfeJFFmMpRbGhs9v1NZcR562//G8Y7V7n8yt8R33MFgNf//N9zw6F/ydv/4//Bcn2bLdwDLbkeiw3xSSq06lozbNfrUe2YSe1YHrVjA6gdc2zHdrx27ZoZPuLwCx/K7LGce+ZXeeutS/zgB1d5/fXXicWqGwpbzdoeascK6XrMUc927P5lp5N/DIV4emaGB0dHmx8uWxRISinWZd1I8XicH/zgB2xsbBCJRFLHv/Wtb2G32/npT3/afsMKgBt3WRg+GTIbJjEYfTfmL0DJNvQ+ejJnaMFv/y/VD2muZr5ko+dYGoYF450rEAPLLosZIHdZsFxvzrWMv3s5dYwYWK17MIw2Cpgtuh5L/WLbqpXVtuv1qHbMpHasjNqxztSOGbZrOybbLGZYePWffifVU7kRh41NC9/45pv8+MfXiMU2+afv78kMlg2kdqyQrscM9W7H7pMn/4inZ2b4h7//B4LBIO9//23s2bOnEXXPa183TQ8k2dplSeDk+H2r1ZpqyOSY53g
|
|||
|
|
<li>成功处理后,后端会发送新的页面信息给前端,实现前端页面跳转!<br>
|
|||
|
|
# 成功绕过登录验证<br>
|
|||
|
|
成功登入之后就可以访问访问:<div class=highlight><pre><span></span><span class=n>http</span><span class=p>:</span><span class=c1>//192.168.126.131/d_wizard_step1_start.asp</span>
|
|||
|
|
</pre></div>
|
|||
|
|
由于kali2023自带bp,所以可以直接使用bp拦截实现命令注入:<br>
|
|||
|
|
<a id=img22 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605100111.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQoAAAJXCAYAAADb6mn/AAAgAElEQVR4nOzdd1yV5f/H8dcZbJyIaDlTy9TMlRtnLhRXjpxltmyav8rUylXu1dKWoxxpmvZ1p6Y5cuTO3FtRRNyyBM45vz+Qo8A5cFAB0ffzESH3usZ93Tf3+XBd120oUaq8DREREREREREREXmoGbM6AyIiIiIiIiIiIpL1FCgUERERERERERERBQpFREREREREREREgUIRERERERERERFBgUIRERERERERERFBgUIREREREREREREBzFGR17I6DyIiIiIiIiIiIpLFzGXLPZXVeRAREREREREREZEspqHHIiIiIiIiIiIiokChiIiIiIiIiIiIKFAoIiIiIiIiIiIigCFHzjy2rM6EiIiIiIiIiMi9YDAY8PbxpVChouTOnTursyOSrRieKFNFgUIREREREREReWBERl7j2pULPP5EWQULRdLBnNUZEBERERERERG5l3x8cgIQEnJSgUKRdNAchSIiIiIiIiLywPHxyUlUZERWZ0MkW1GgUEREREREREQeSDabZlsTSQ8FCkVERERERERERESBQhEREREREREREVGgUERERERERERERFCgUERERERERETuU0HNGtOsaaOszoZIhps2dSLFihXN6mxgzuoMiIiIiIiIiIgk99KLXWnfvjUABQsEMGXajCzOkUjG8fbywsfHK6uzoUChiIiIiIiIiNx/gpo1Yuq0mQC0f66VAoVyR8qWLc0br/fE3z+fS9uHh19g4reT2bv3QAbn7P6kQKGIiIiIiIiI3FcCA2sSUCCAZctXAvD2W68RGFiT9es3ZnHOJLt5s9fLREZGMXjoSJe2r1enNm+83pM33/4gg3N2f1KgUERERERERETuCwULBlAgIID2z7Vi2fKVXL8eAcCy5Stp/1wrIq5HcC4sjNDQsCzOqWQX+fL58c2kH9PVQ7Bu3VoZmKP7T/t2rWnfrhWgQKGIiIiIiIiIZKHAwJr079sH3xy+9mURERFM+2mW/efly1fx+Wef8OUXo25tcz2CYSPHqZehuKx58yb89dd6IiOjkiz38fGmXt3aLFm6IlPykd/fn2eeqZhqelWfqURkVFSmDIFu364Va9f+zV/rNihQKCIiIiIiIiJZp0O71qz/exPLl68i9Nw5h70Fd+zcTbPm7YCEXocFCxSgadNnE/ZVoFBcVK9OLerWqcngISPtwUIfH28GftqXqKioTAsUArRv35qiRQszcdLkFOvq16tNr9d7MmbsV5mWn7/WbWDv3gMYMy1FEREREREREZFk1m/YRGCtGhQoEODSkOLQ0DAKFAggsFYN1m/YlAk5lAfFoCEjMGBg4Kd98fHxtgcJDRgYPSbzgnLnw8MZNHgkVatW5o1ePZOsSwwSTvp2Mv9s3ZEp+YmKjmbgJ335dfZU9SgUERERERERkazz69wFAPT7qA8FAvKn+Xbjl17sSo8eXfnq6+/s+4o4ExUdjY+3NwCRkVEMGjKCQZ9+xMBP+wJgwMCgISNu9TD09iYqOjrD83XixEkGDR7JoIF97cvq1alN3bq1mPTtZNb8tSHD85Doww8H4p/fDwBTPv9HBmVayiIiIiIiIiIiyezdd4AjR4/x+ms9yOeXly3/bHO43btvv06rVkEMGjKCZctWpnnc69cuU6hQkXudXclGSpUqQX7/fGzdltA7Ly4ujo2btlC/bmCKICFA61bNuXLlKhs3bsnwvF25cpVdu/+jS5f2uLm5UaxYkUwPEgJERkURHn6B8PALGnosIiIiIiIiIllv/fqNrN+wCR9fH6fb+Pj6sH7DJs1LKC5bumwFdevWIr+/v31ZZGQUH/T9lA/6fpokSJjf35+6dWuxdFnmzVWY2LMwKjo6S4KEkFDuMmVKU6ZMaQUKRUREREREROT+UKlCeXbt2uN0/a5de6j49FOZmCPJ7vbuPcC+/Qd4//238PHxdrqdj48377//Fvv2H8jQNw1PmzqRYsWKJll24sRJXuzxhsMgoaPt77VRowYz6NO+DPq0rwKFIiIiIiIiIpL1ChYMIH9Afnbu2g3A46VK8MX4EXwxfgSPlyoBwM5duwkoEEDBggFZmVXJZkaP+QpsMHL4IOrWqZVifb26tRg5fBDYyPCXmnh5euLj45Vh298JL09PBg8dSYfne+hlJiIiIiIiIiKS9UqUeIxzoecIDQ2jxwtdePHFLvz992YAfvj+K6ZNm8nUn2ZyLvQcJUo85tIbkgFsNltGZluygYiISAYNGUFQs8a88EInXuj+PMdPnAageLHCeHt7s2z5KubO+z3JUOSMEBkVRZ3AmlitabfL4sWKYLPZOB92IUPbsc1ms38pUCgiIiLZiOMHJD3/i4iIZH9h58Lwz+/P7JmT8c3hQ/+Ph7BhwyYAateuQb++vWnSuAH++f0JOxemAKCkS2RkFHPn/c7SZSt4pkpF8uXLB8C6dRvYum1nhgcIE40e8yVvvN6TwNo10tw2Kjqan6bP5nx4eIbmyWq1Eli7BlarDcMTZaroyhIREZH70K1HFH0OEBEReTjUrl2dAgEB/LFiFdevRyZZlyOHD00aP8u5sDA2bNjs0vFCzxzjmao1MyKrIg+M59q25Lm2wQAKFIqIiMj95G6Dg3qsERERkVsSAoUp56QTEcc09FhERETuAwkBPteDgxqCLCIiImmz2TRHoUh6KFAoIiIiWczmQoAv6QauPe/rQ4GIiIigvySKpIMChSIiIpJFXOlFmNZQ5FR21mcCERERAWx6KBBxmQKFIiIikgXSChKmtt7m8Eebs/UiIiLy0DIYDBp6LJIOChSKiIhIlkgrCJh0fcrgoM3RcueHExERkYdMVNR1vLy9FSgUSQcFCkVERCSTOZuT0FEvQluSfzoNDtp7FeqDgIiIiCQECSOuXuKxEk8oUCiSDoYcOfPoihEREZEslt63HifdL72rRERE5AFmMODl7UPBgo+SM2fOrM6NSLZirla9dlbnQURERB5wKf+Sn7xX4W0/22xJeg4mLE/2b1uy3oOOehQm30ZEREQeOupNKJI+GnosIiIimc6VIOGtbWyOA4TO/p0sEX08EBERERFxjQKFIiIiksmShu6cBwkTexEm/X57UDBJLwGbg/6DjpaJiIiIiIhDChSKiIhIhko+5Mfxy0pSCRImCwzu2/ufhhGJiIiIiGQABQpFREQkE9mS/DsxKJj8OyQLEtrg0KGDeHh6kzuPPwaDIbMzLiIiIiLywFOgUERERLLErSHHjtYlDRIeO3YM3xy5MzV/IiIiIiIPG2NWZ0BEREQeHre/oCTxe/Ihx456Enp6+WR+ZkVEREREHjIKFIqIiEgmcdR1MOF/SYce3woS2rDh4emdeVkUEREREXmIKVAoIiIimc4eGEy55tZbjkl4cYnZ7Ja5mRMREREReUgpUCgiIiIZxvHbiR29Bflmb8LEHoU2m/1LLy4REREREckcChSKiIhIpkgRM7ztDceJCxKHHIuIiIiISObTW49FREQkUzkadpykN6H9hSbpixge/WT0XeWrxNAP7mp/EREREZHsTj0KRbKBSP8CRPr7Z3U2RETuguOgn83eqzBlb0J1LBQRERERyVwKFKbBw2jFzxSHm0EfVyTz2ExmQqrW4mj9JgBcLPkkl0qUAeBo/SaEVK2FzaQOwSKSjaUYdpy4+M56E6ZlQLniDChX/J4eU0RERETkQZOuSMPwYQNZuXINq9esc2n7l3t2J7+/H8NGjAfA3d0do8FAzI0bae776KMFGD92uP3nqKgYzpw5w7btu1i4aBkWi8W+rve7r1OzRjUALBYLFy9dYvPmbcz5dQFxcXHpKWIKBpsBs8lGaffrXI03c97qSYzlzuOrxYsXpXWrIIoULkL+/H5cuXKVgweP8Nv8hZw5G3pXeXWVp6cnP0+bxDu9P+Lcub
|
|||
|
|
将<code>ls</code>写入date数据段,实现命令注入成功!<br>
|
|||
|
|
<a id=img23 href=https://raw.githubusercontent.com/Brinmon/Brinmon-blog-img/main/Pasted%20image%2020240605100329.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA1kAAAGVCAYAAAAMtDvVAAAgAElEQVR4nOydd3gVxdrAf7un5aQCqfSAYvsu0i5eFQSSkEAg9FBDMzSlqBQVsFCUpoDSpEmv0ktCkd4RqZcr0jtSQ0JJO22/P06yySEh54Sg4L3ze57zQHZ2Zt55Z3Z33n3fmZVeKFdBQSD4E5AkieDg0ly4cPF/sv7nHaPRjR3b1tM0OoarV/8AoEKFfzB96gRqhzfgwcNkoT+B4G9MQIA/TZtEERYWQmzs+zx4mPysRRIIBIL/GSRhZAkE/7tEN2vEux1j0On0WK02bt66ydSps9i3/8CzFk0gEBSQunVq88orLzFr9gLu3bv3rMURCASC/ymEkSUQCAQCgUAgEAgETxH5WQsgEAgEAoFAIBAIBP9NPFdGlqSRkbTPSCRZY//lhSSBrAWNzv6v/BypLw/5JY2M/Kz0+giSBLLm+ZDlSfi7y/84tFoNWq2T8S/42/Ok4/evHB81a7yNh4f7X1LX81j/3x2hP4FAILDj0tO2R/cu7N+7hT27NjF71uSnKkDLFk2JiAhF1srIGg2K1ZaVKAFaA2jd7P/PLxod6Nyzfhp97udJMmgM9p+Ui0ok7Hm1Rvu/UoahpXHLkO0xavwT5A8NqUFMmxYAlCkTTPzaJcTHLefYvw/hF1gsV1kUmw1J1iA/4SRJ1mrQGPRoDHpkvfaJyshEq9VhdHNDp3O9nKlTxrFn1yb2791Cn949Xc6n1+vw8HBXfwbDY/o/Dzq0b0Psu+3Uv59EflcY/OUAhg8b5PS87P3/tJBlGYPBgMFgQH7kxUHz6EbUDqv5VOv7b0Sj+XsYqE8yfvMaH0+boKAAhgz+3EGfsl6bdf/5kw293Or/byC4dCkWLZjJti3xxK9dyquvvuyQ3q1rRz7u+0GB63na+nv0/vtn8SzvvwKB4L8Xl56YWq2WRYuXUe2dcDq++/5TFaBChfKUKlUCSaPBZjbDoyvEJM3jjRigVKkSHDuyl53b1zv8yr34AtisYDXZ/80TG9gs9h+2nMkaN7scVhNYUsCSCuZUsKSxPn4F1WrWVGX85z8rsXVznMvy5y1WTvmLFStK5coVALhw4SL1G7SgaXTrvOVXwGY22z2F8pNYe6BYrVjTTdhMlhxpxYoF8v3YERw7sjdHml6v47MBfYlbs4TVqxYxZvQwvL28sFjsbfL1LcL4cd+wZ9fPbN8azwe93kOSHGXs9t6HVHsnnDlzF6LVuj45tFitpKebKBMcTI/3u+SzxXaKFw+icOFCgN0LoNNpURQFi8WKRiM7GHHu7kbc3AxonsBTsPHnLaxb97PT87L3P4BGI+PmZsDd3YiHhztGY/4NQEWxYbFYsFgsKIrj+KlUqSIvvFAWg0H/RO3KC6PRDQ8Pdwd5tVqNqsvMvzPPc3c3YjDoyT48JAkMBj3u7sZc07VaDS+8UJrpU8dx5tSRHOlDh3zGti3x7N+7hd07N7J392Z+nDbRQc7HjW9Jso9vo9HI1199Tof2rdDrHcsHeKNqFX5aNJvNP69h0YKZ+PoWUdMiIkJZvGgWO7atY+vmOFq2aJpDT3nlDwz0Z/IPY/ll31b27dnMx/0+QH7kGs+U/99H9zqMX4DGjepz/Nh+ft6wwv7CZu0SGkRFOuTPa3w8bTrFtmfp0pXcv/9APWYzWbCmm1Cs1lxfVpV78YUnvr6d1f/V0M/Zt2czP29Yxfr4FUye9B2vvfaKQx5JktiwbgVbNq11MEL9/Hw5dmQv340doR4bOWIIx47spWjRQPVYlUoVmPnjJPbu3syuHRsZ/vUgAgL8n0p7Mpk0cQyz5swnJKw+7Tp05ezZcw7pN2/e4dof1wtcT279V5D+yX7//TN50vuvQCAQ5MXTfR3/hEhaDYrVilKALThCwqKwWnMxphQbyBKQx5s1Bbsxkxuy1m4kWdIAG8g6u9EjSfbjVhMoit3DZUl78gbkKpctf/JbTTmN1MxTFLBZrXZd52IoPSkNoiL5oNd7rFm7jpCQnB6P97p1wtvHh0ZNWqHT6Rg5fAg9enTh8y++BmD4sEFcvXKVOpFNMBjcmDF9AufOXSB+3cYCy2az2rBho3jxotSsVZ1xEwrmhdVqdUiShNlsRlEUss/4zGYzsiyj0WiQZZnU1NR8jecn2c1PkiUMBjckCaxWK4qiIMsyOp0Oq9WKzeaaAIoC6emPGf9khoppsVpt5GrEPyFWq1XVmdlsH5NyRshrZprBYMBms0/yNRqNamRnyqvX69FqtVisVlAUh3RZlolu1piePbqyanUctWrVyJH/y0HD0Ot16HQ6zGYzQwZ/xu+/n1JlzGt8Z+raw91I7bAQpk2flWEwKphMZgDKBJdm5Igh9Ok3gKNHj1OkSGHu3k0E7LeQF18oy9dff8OFi5coWzaY2TOncOL3kxw/fsJpflmWGTN6OKdPnaFmn0gKFy7M3NlTOHfuAitWrs0hf0RE7UfGr50jR47RqUsPtQ8eJa/xUS8ygsTEpKeyG2VgoD8R4WE0aJQ/T0HJksWpWas6kyZP/1PqX/zTcsaNn4wkScS0acGUH74jtHaUaqiWL/8aKSmpGAxWKlWqwKFDRwDwdHfn5s1bVK5UEUmSUBSF8v94lcTEJDw9PIGbVKlSie/GjmDo0BFs274LNzc3IuuGk5aaWqC2ZMfDw50SJYqzf/+vAOr4yc6q1XE5jj2KRiPj5+dL1apV2LfvAAkJdx3SH6e/p9U/fyZiN1WBQPBnUCAj69tRX/Pbid+ZPWcB3l6eyBoNSUn3aNKkAbVqVOfD3p8iSRJdu3SgeXRTFEVh1+69fDv6e1JT0wH7RMPP358fJozl1Vde5srVa3z+2RAuXr4CgLe3F4O+6M8/XglGURQuXbvDxElTOX7sqN3Y0ejsYXw6d5AsdqPElmH4YH/T3O/jPoSFR2BOT2XPrp2MHjNOrb/r++8RE9OaadNnodVqadIwgjKlSlDtndq8UfWfNGzSBB9vb4oGFGb23EU0iW6OTquhY6fu3E9KtNdnTQebmRyvsIHq1d6iT++e+HhosdlsLFu1ganT52TksTJ85NdcuXqDkqVK4u3lSVCgP59+0p9zZ88D4OXpwdCvh1ClalX+uHqVyxfPP9KDbqBzywoplJMcPF/Z9Q8Ke349yKhh35CSktH+Lh2JadMyq/1NGlAmuDTV3qnNw4cpgP3humDeDLAptI6JdTBmjx//jRatOuBudKNzpw452l+2TDCHjxzDZrMhyzKHjxylatV/AuDpaSQstCb1opqhKAppaals/HkLTZs0UI0sWZbQ6/XIsqx6imRZUg0IWZYwGt1YtGAWsizTsnVHUlNT1fQF82dQskRx/P19iV+7hPR0E9179OHS5asAuLnpGTigL+G1wzCbzezes4+Ro8Zw/77j92QkCYxGA6O/GYbJbKFP3/5YrVYkSaJL5/bUrxeJgsLhw0f5dvT3pKWlAza+/24UV65cxde3CN7eXpQtW4ZP+3/J8eMnUBSF2rVr8eXn/dFoZCwWK3XrNUGWZUwmExaLhcAAf4YM+YwKr/+DW7fucPnKVWwZ/auRZXXIpaenq0Zd5oROksDDw4OuXTpQv15dFEXhUIZ8CQlJKIqC0ehG7bBadO/ehcCAAK5d+4MZM+exanWc6qkLCgri+7EjeemlFzGZTHzY+1NOnLAbIgaDnoED+hARXhuz2cyu3XsZPuJbkpOdv3CwWq3odDqHt/+Z3jKLxYrNZuOLzz/l8uXLlChRgiJFClG6dCk+/uRz/vOf35EkCa3W7plJT0tXjUGtVovJZMZms3HgwCEabmqJ0c2Ndzu2zRgzWfVJEqrh5e/vS/VqbzF8+LcujW+r1UZqairRzRqzc+cerly5liOkLiamBatWx3P06HHAcYKrKDBz1jwAbDYb589f5Ny585QqWVI1svLKbzDoqPB
|
|||
|
|
</ol>
|
|||
|
|
<h1>最后总结分析</h1>
|
|||
|
|
<p>通过拼接字符串将ls嵌入命令中实现任意命令执行!<br>
|
|||
|
|
linux知识点:</p>
|
|||
|
|
<pre><code>反引号 (``) 或 $() 形式</code></pre>
|
|||
|
|
<p>反引号用于命令替换,即在反引号内的命令会先执行,其输出结果会替换反引号的内容。现代脚本中,推荐使用 <code>$()</code> 形式,因为它更易读且支持嵌套。</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=err>┌──</span><span class=p>(</span><span class=n>kali</span><span class=err>㉿</span><span class=n>kali</span><span class=p>)-[~/</span><span class=n>tools</span><span class=p>/</span><span class=n>BurpSuite</span> <span class=n>V2024</span><span class=mf>.3.1.2</span><span class=p>]</span>
|
|||
|
|
<span class=err>└─</span><span class=p>$</span> <span class=n>date</span> <span class=p>-</span><span class=n>s</span> <span class=s>"`ls`2024-6-05 01:58:39"</span>
|
|||
|
|
<span class=n>date</span><span class=p>:</span> <span class=err>无效的日期</span> <span class=s>"清除许可证和数据.bat\n使用说明.txt\nBurpSuite\nCNBurp(无CMD窗口).VBS\nCN-JRE Burp.bat\nENBurp(无CMD窗口).VBS\nEN-JRE Burp.bat\njre\nLinux\nStart.bat\nStart.VBS2024-6-05 01:58:39"</span>
|
|||
|
|
|
|||
|
|
<span class=err>┌──</span><span class=p>(</span><span class=n>kali</span><span class=err>㉿</span><span class=n>kali</span><span class=p>)-[~/</span><span class=n>tools</span><span class=p>/</span><span class=n>BurpSuite</span> <span class=n>V2024</span><span class=mf>.3.1.2</span><span class=p>]</span>
|
|||
|
|
<span class=err>└─</span><span class=p>$</span> <span class=s>"`ls`"</span>
|
|||
|
|
<span class=err>清除许可证和数据</span><span class=p>.</span><span class=n>bat</span>
|
|||
|
|
<span class=err>使用说明</span><span class=p>.</span><span class=n>txt</span>
|
|||
|
|
<span class=n>BurpSuite</span>
|
|||
|
|
<span class=n>CNBurp</span><span class=p>(</span><span class=err>无</span><span class=n>CMD窗口</span><span class=p>).</span><span class=n>VBS</span>
|
|||
|
|
<span class=n>CN</span><span class=p>-</span><span class=n>JRE</span> <span class=n>Burp</span><span class=p>.</span><span class=n>bat</span>
|
|||
|
|
<span class=n>ENBurp</span><span class=p>(</span><span class=err>无</span><span class=n>CMD窗口</span><span class=p>).</span><span class=n>VBS</span>
|
|||
|
|
<span class=n>EN</span><span class=p>-</span><span class=n>JRE</span> <span class=n>Burp</span><span class=p>.</span><span class=n>bat</span>
|
|||
|
|
<span class=n>jre</span>
|
|||
|
|
<span class=n>Linux</span>
|
|||
|
|
<span class=n>Start</span><span class=p>.</span><span class=n>bat</span>
|
|||
|
|
<span class=n>Start</span><span class=p>.</span><span class=n>VBS</span><span class=err>:未找到命令</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>利用链:<br>
|
|||
|
|
前端发送post请求将时间数据发送给后端-》websOpenListen监听请求-》收到请求后使用sub_4572A4函数进行时间设置-》由于未进行任何过滤导致<code>doSystem("date -s \"%s\"", Var);</code>会直接将传入的参数作为system的参数-》从而实现命令注入!</p>
|
|||
|
|
<p>借鉴复现笔记:</p>
|
|||
|
|
<ol>
|
|||
|
|
<li><a href=https://1uckyc.github.io/2023/11/24/cve-2018-17066%E5%A4%8D%E7%8E%B0/ target=_blank>cve-2018-17066复现 | 1uckyc's blog</a></li>
|
|||
|
|
<li><a href=https://www.iotsec-zone.com/article/213 target=_blank>DIR-816 模拟执行与命令注入漏洞分析 - IOTsec-Zone</a></li>
|
|||
|
|
<li><a href=https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/cmd_injection_0/README.md target=_blank>VulInfo/D-Link/DIR-816/cmd_injection_0/README.md at master · PAGalaxyLab/VulInfo (github.com)</a></li>
|
|||
|
|
<li><a href=https://www.secpulse.com/archives/188250.html target=_blank>物联网终端安全入门与实践之玩转物联网固件(中) - SecPulse.COM | 安全脉搏</a></li>
|
|||
|
|
<li><a href=https://www.greynoise.io/blog/debugging-d-link-emulating-firmware-and-hacking-hardware target=_blank>Debugging D-Link: Emulating firmware and hacking hardware (greynoise.io)</a></li>
|
|||
|
|
</ol>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class=post-user-action style=margin-top:34px>
|
|||
|
|
<span class="btn btn-default pull-right" id=mark data-action=topic data-pk=14819>
|
|||
|
|
<span id=mark-text>点击收藏 </span><span class=i-seprator> | </span><span id=mark-count>0</span>
|
|||
|
|
</span>
|
|||
|
|
|
|||
|
|
<span class="btn btn-default pull-right" id=follow_topic data-pk=14819>
|
|||
|
|
<span>关注</span><span class=i-seprator> | </span><span id=follow-count>1</span>
|
|||
|
|
</span>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span class="btn btn-default pull-right">
|
|||
|
|
<span>
|
|||
|
|
|
|||
|
|
<span id=ready_reward data-toggle=modal data-target=#myModal>打赏</span>
|
|||
|
|
|
|||
|
|
</span>
|
|||
|
|
</span>
|
|||
|
|
|
|||
|
|
<div class=clearfix></div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class=related-section>
|
|||
|
|
<div class=related-box>
|
|||
|
|
|
|||
|
|
<span><a class=pull-left href=https://xz.aliyun.com/t/14818 title="Sharp4DefenderStop:通过令牌模拟停止Windows Defender"><span class=related-label style="padding:3px 4px;margin-right:3px">上一篇:</span>Sharp4DefenderSto...</a></span>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span><a class=pull-left href=https://xz.aliyun.com/t/14820 title=【翻译】以太坊的CREATE2:区块链安全的双刃剑><span class=related-label>下一篇:</span>【翻译】以太坊的CREATE2:区...</a></span>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div class="modal fade" id=myModal role=dialog aria-labelledby=myModalLabel aria-hidden=true>
|
|||
|
|
<div class=modal-dialog>
|
|||
|
|
<div class=modal-content>
|
|||
|
|
<div class=modal-header>
|
|||
|
|
<h4 class=modal-title id=myModalLabel style=text-align:center>
|
|||
|
|
积分打赏
|
|||
|
|
</h4>
|
|||
|
|
</div>
|
|||
|
|
<div class=modal-body id=button-value>
|
|||
|
|
<div style=text-align:center>
|
|||
|
|
<div role=group>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type1>
|
|||
|
|
1分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type2>
|
|||
|
|
2分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type3>
|
|||
|
|
5分
|
|||
|
|
</button>
|
|||
|
|
</div>
|
|||
|
|
<br>
|
|||
|
|
<div style=margin-top:20px>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type4>
|
|||
|
|
8分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type5>
|
|||
|
|
10分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type6>
|
|||
|
|
20分
|
|||
|
|
</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div class=modal-footer id=confirm>
|
|||
|
|
<button type=button class="btn btn-default" data-dismiss=modal>关闭</button>
|
|||
|
|
<button type=button class="btn btn-primary" id=reward_topic data-pk=14819>确定</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class="row box">
|
|||
|
|
<ol class=breadcrumb>
|
|||
|
|
<li class=active>0 条回复</li>
|
|||
|
|
</ol>
|
|||
|
|
<div class="box-container post-container">
|
|||
|
|
|
|||
|
|
<ul>
|
|||
|
|
<li style=min-height:50px;line-height:60px;margin-left:15px><strong>动动手指,沙发就是你的了!</strong></li>
|
|||
|
|
</ul>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class="row box" id=reply-box>
|
|||
|
|
|
|||
|
|
<div class="box-container clearfix">
|
|||
|
|
|
|||
|
|
<div class=reminder>
|
|||
|
|
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F14819%3Fu_atoken%3D42b455b09d6860ee262dcddd3783ba93%26u_asession%3D01CFy3zdCSkMfg5mDGfcLt9hAzhkM8N_3OzYgSGEhflcApBfFCJvou5KhaowYKFxGhJB-YY_UqRErInTL5mMzm-GyPlBJUEqctiaTooWaXr7I%26u_asig%3D05wbOwhypdirH8x5AtAGW4PG7w45NPTYrt_4FBRXGXINGWo1jDSv_7OGKlEJufZOUb8W5F63bo7DkKAT3ST7rqtq68r-LvuIXhkUDGXhgNBtIRA_Mu_nDkOjImzvNEg-XKGKsEEsh_jMmzyJq8YKgwN0KtjLqzMMQn4VPd_HtUvUXBzhvSc0Kr8URjOX9Xe4tkpKKeShQs6jH0l3MdlvbdChQShLqArqSEzfmfh03PKybRaDr_GQvN7pVcnxBdzLZUrz3Uz9zZoJVgNlHA2wEMpXNPe4FrPe1ARcWuHHjA2GA%26u_aref%3DlslfNxLq0zZlK9wNy7i98JKaiec%253D&from_type=xianzhi"><strong>登录</strong></a> 后跟帖
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<footer class=bs-docs-footer>
|
|||
|
|
<div class="container text-center">
|
|||
|
|
<div class=links>
|
|||
|
|
<a href=https://xz.aliyun.com/feed target=_blank>RSS</a>
|
|||
|
|
<a href=https://xz.aliyun.com/about target=_blank><span>关于社区</span></a>
|
|||
|
|
<a href=https://xz.aliyun.com/partner target=_blank><span>友情链接</span></a>
|
|||
|
|
<a href=https://xz.aliyun.com/notice>社区小黑板</a>
|
|||
|
|
<a href=https://xz.aliyun.com/connection>联系我们</a>
|
|||
|
|
<a href=https://report.aliyun.com/ target=_blank>举报中心</a>
|
|||
|
|
<a href=https://www.aliyun.com/complaint target=_blank>我要投诉</a>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</footer>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div id=waf_nc_block style=display:none></div>
|