search

shownb / shownb.github.com

shownb.github.io
shownb.github.io
5 stars 1 forks source link

FRITZ!Box + telnet #24

Open shownb opened 6 years ago

shownb commented 6 years ago

1 获取固件地址 http://download.avm.de/fritzbox/fritzbox-75xx/deutschland/fritz.os/FRITZ.Box_75xx.1xx.07.00.image,http://download.avm.de/fritzbox/fritzbox-75xx/deutschland/fritz.os/

2 分解固件

vidar:/tmp # git clone -b binaries https://github.com/PeterPawn/YourFritz yf
Cloning into 'yf'...
remote: Counting objects: 2555, done.
remote: Compressing objects: 100% (73/73), done.
remote: Total 2555 (delta 41), reused 83 (delta 30), pack-reused 2449
Receiving objects: 100% (2555/2555), 27.73 MiB | 5.02 MiB/s, done.
Resolving deltas: 100% (1516/1516), done.
vidar:/tmp # cd yf/juis
vidar:/tmp/yf/juis # juis_check 192.168.178.65 ===> meine (für diese Demo benutzte) 7412 hat diese Adresse als IP-Client
root/bin/juis_check: No newer version found, check was made with source version '137.06.83-43527'.
vidar:/tmp/yf/juis # juis_check 192.168.178.65 Version=137.06.00-00000
root/bin/juis_check: Found newer version: 137.06.83
URL=http://ftp.avm.de/archive/fritz.box/fritzbox.7412/firmware/deutsch/FRITZ.Box_7412.137.06.83.image
DelayDownload=3385
vidar:/tmp/yf/juis # cd ../toolbox/
vidar:/tmp/yf/toolbox # wget -q http://ftp.avm.de/archive/fritz.box/fritzbox.7412/firmware/deutsch/FRITZ.Box_7412.137.06.83.image
vidar:/tmp/yf/toolbox # TOOLBOX_IMAGE_SIZE=3 ./build_shellinabox_implant_image FRITZ.Box_7412.137.06.83.image > SIAB-7412.image
vidar:/tmp/yf/toolbox # ls SIAB-7412.image
SIAB-7412.image
vidar:/tmp/yf/toolbox #
vidar:/tmp/yf/toolbox # cd ../eva_tools/
vidar:/tmp/yf/eva_tools # eval $(./eva_discover INTERFACE=vlan10 FROM=192.168.178.2 TO=192.168.178.1 BLIP=1);[ $EVA_FOUND -eq 1 ] && ./eva_to_memory ../toolbox/SIAB-7412.image
Found AVM bootloader: AVM EVA Version 1.2605 0x0 0x47409
Found hardware revision: 209
Memory size is 0x08000000 (128 MB)
Memory size limited to 128 MB
Image size is 0x563e00 (5 MB)
Setting temporary memory size to: 0x07a9c200
Setting temporary kernel args to: mtdram1=0x87a9c200,0x88000000
Image uploaded to device.
vidar:/tmp/yf/eva_tools #

https://www.ip-phone-forum.de/threads/modfs-starter-einmal-impfung-mit-shellinabox-für-vr9-boxen.283038/

https://www.ip-phone-forum.de/threads/fritz-box-kennwort-vergessen-was-nun-mail-recovery-a-la-avm-oder-besser-nicht.294386/

Discovered open port 51968/tcp on 192.168.178.1
Discovered open port 443/tcp on 192.168.178.1
Discovered open port 8184/tcp on 192.168.178.1
Discovered open port 8181/tcp on 192.168.178.1
Discovered open port 49443/tcp on 192.168.178.1
Discovered open port 51797/tcp on 192.168.178.1
Discovered open port 49200/tcp on 192.168.178.1
Discovered open port 5060/tcp on 192.168.178.1
Discovered open port 8186/tcp on 192.168.178.1
Discovered open port 80/tcp on 192.168.178.1
Discovered open port 54487/tcp on 192.168.178.1
Discovered open port 8182/tcp on 192.168.178.1
Discovered open port 8185/tcp on 192.168.178.1
Discovered open port 49000/tcp on 192.168.178.1
Discovered open port 139/tcp on 192.168.178.1
Discovered open port 8089/tcp on 192.168.178.1
Discovered open port 53/tcp on 192.168.178.1
Discovered open port 8183/tcp on 192.168.178.1
Discovered open port 445/tcp on 192.168.178.1

shownb commented 5 years ago

https://www.ip-phone-forum.de/threads/fritz-box-7580-firmware-153-06-90-telnet-service-freischalten-geht-auch-für-7560-und-7590.296678/