[kwlug-disc] [kwlug-announce] Meeting Monday: OpenWRT

Khalid Baheyeldin kb at 2bits.com
Fri Aug 15 22:06:11 EDT 2014


On Fri, Aug 15, 2014 at 9:54 PM, Paul Gallaway <paul at gallaway.ca> wrote:

> On Thu, Aug 14, 2014 at 2:05 PM, Khalid Baheyeldin <kb at 2bits.com> wrote:
> > Those who have that router can test using the proof of  concept that is
> > detailed here
> >
> > http://sekurak.pl/tp-link-httptftp-backdoor/
>
> Looking at the link, the exploit is run from:
> http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html
>
> I tried testing from the LAN side and the page was not found. Just the
> nature of how it is executed tells me that OpenWRT has completely replaced
> it.
>

Yes, the page says a 200 is returned, but it returned a 404 for you, so we
are half way there.

The page also says: "the router downloads a file (nart.out) from the host
which has issed the http request and executes is as root"

So, do it with wget on a host that has an HTTP server, then check the HTTP
logs to be 100% sure.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140815/e1f716cb/attachment.htm>


More information about the kwlug-disc mailing list