F8648P V2.1.10P5N15

[lightstal]

This version of the router will cause the tool to be stuck on [Samba_pwn]: Opening shell and nothing will happen.

[alez-repos]

For the moment that router firmware version is not compatible with the tool.

[codex-20]

Hi there.

My router has the V2.0.12P7N15 firmware and is also stuck on the Opening shell line.

Do you have any new feedback available since you commented on Feb 12th?

Many thanks for your time and dedication.

[alez-repos]

This router version has updated firmware with patched samba server. Sadly I dont have it to test as my router is freezed in previous version.

I could only continue investigating if someone donates one of these routers with that firmware version, or network hardware so I can replace and upgrade mine. Still, there are no guarantees that I'll be able to accomplish anything with that version.

[codex-20]

Thank you for your latest message. That's unfortunate! Hopefully you will be able to work on it the near future.

Thanks again!

[gorbypark]

I also just got a router installed and it is V2.0.12P7N15.

This router version has updated firmware with patched samba server. Sadly I don't have it to test as my router is freezed in previous version.

I don't know much python, but looking at samba_pwn it seems it was just logging in as "test"?

smbClient.login("test", "test", "", "", "")

was the the "hole" that was patched, they just had some test credentials enabled?

[alez-repos]

No, if you follow the flow of the code you will see that this user is created (via http post) prior to attemp a login. I choose test/test just randomly, any other name would have worked.

The flaw that allowed my program to work was a lack of management of symbolic links at the router samba server, allowing to extend the configuration. This has been patched in new firmware version like the one you have.

[gorbypark]

No, if you follow the flow of the code you will see that this user is created (via http post) prior to attemp a login. I choose test/test just randomly, any other name would have worked.

The flaw that allowed my program to work was a lack of management of symbolic links at the router samba server, allowing to extend the configuration. This has been patched in new firmware version like the one you have.

aha, it seemed too easy

[maximpedraza0]

Buenas Alez estoy en las mismas y el tema de hackeos no controlo nada... ¿Te interesaría q te montase una RPI con ssh accesible para q puedas mirar y hacer pruebas?