https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
| . | |
| ├── matree | |
| ├── swift | |
| │ ├── 00503_0_254.242_2013mar02 | |
| │ ├── 00546_0_ensbdasa-09aug2013 | |
| │ ├── 00553_0_ensbdpix3-09aug2013 | |
| │ ├── 00554_0_ensbdpix4-09aug2013 | |
| │ ├── 00555_0_ensbdrtr1-2013aug09 | |
| │ ├── 00557_0_ENSBDVPN1-02AUG2013 | |
| │ ├── 00558_0_ENSBDVPN2-02AUG2013 |
| #/etc/pam.d/system-auth | |
| #%PAM-1.0 | |
| # Jump two rules if login succeeds. | |
| auth [success=2 default=ignore] pam_unix.so nullok_secure | |
| auth optional pam_exec.so /home/pamcam.sh | |
| auth requisite pam_deny.so | |
| # User gets here if authentication is successful. No denying, no cam module. | |
| auth required pam_unix.so try_first_pass nullok |
| <?php | |
| /* | |
| NB: THIS PoC ONLY WORKS IN QEMU USERMODE EMULATION! | |
| If anyone wants to fix this, go ahead (no pun intended). | |
| However, I don't have a vulnerable product and am unwilling to acquire one. | |
| ------------------------- | |
| UCam247/Phylink/Titathink/YCam/Anbash/Trivision/Netvision/others | |
| remote code exec: reverse shell PoC. |
| alignment top_middle | |
| background no | |
| border_margin 5 | |
| border_width 5 | |
| default_color d7d7d7 #413536 # grey 5f5f5f 3F3F3F 183149 3B3B3B 26211F | |
| double_buffer yes | |
| draw_borders no | |
| draw_outline no | |
| draw_shades no | |
| draw_graph_borders yes |
| BTC ${texeci 300 curl https://api.bitcoinaverage.com/ticker/global/USD/last} $alignr | |
| #ETH price in btc | |
| ETH ${texeci 300 curl https://api.kraken.com/0/public/Ticker?pair=ETHXBT | jq ".result.XETHXXBT.b[0]" | grep -oE "[0-9]*\....."} | |
| #ETH price in usd | |
| #ETH ${texeci 300 curl https://api.coinmarketcap.com/v1/ticker/ethereum/ | grep "price_usd" | grep -oE "[0-9]*\....."} |
| # Step 1: Extract source | |
| tar xvf /usr/lib/vmware/modules/source/vmnet.tar | |
| # Step 2: Patch source | |
| open /usr/lib/vmware/modules/sources/vmnet-only/netif.c | |
| replace "dev->trans_start = jiffies;" with "netif_trans_update(dev);" and don't forget the ";" (: | |
| # Step 3: Replace source | |
| tar cvf /usr/lib/vmware/modules/source/vmnet.tar vmnet-only |
| cd /usr/lib/vmware/modules/source | |
| sudo tar xvf /usr/lib/vmware/modules/source/vmmon.tar | |
| cd vmmon-only | |
| #open linux/hostif.c and replace 'get_user_pages' by 'get_user_pages_remote' | |
| sudo tar cvf /usr/lib/vmware/modules/source/vmmon.tar vmmon-only | |
| sudo tar xvf /usr/lib/vmware/modules/source/vmnet.tar | |
| cd vmnet-only | |
| #open linux/userif.c and replace 'get_user_pages' by 'get_user_pages_remote' | |
| sudo tar cvf /usr/lib/vmware/modules/source/vmnet.tar vmnet-only |
| #!/bin/bash | |
| #Use the extractor to recover only the filesystem, no kernel (-nk), no parallel operation (-np), populating the image table in the SQL server at 127.0.0.1 (-sql) with the Netgear brand (-b), and storing the tarball in images. | |
| sources/extractor/extractor.py -b Netgear -sql 127.0.0.1 -np -nk "WNAP320 Firmware Version 2.0.3.zip" images | |
| #Identify the architecture of firmware 1 and store the result in the image table of the database. | |
| scripts/getArch.sh images/1.tar.gz | |
| #Load the contents of the filesystem for firmware 1 into the database, populating the object and object_to_image tables. | |
| scripts/tar2db.py -i 1 -f images/1.tar.gz | |
| #Create the QEMU disk image for firmware 1 | |
| scripts/makeImage.sh 1 |
| ***Firmware Directory*** | |
| /home/unkn0wn/firmwares/wn/_rootfs.squashfs.extracted/squashfs-root/ | |
| ***Search for password files*** | |
| ##################################### passwd | |
| /usr/bin/passwd | |
| /etc/passwd | |
| ##################################### shadow | |
| /etc/shadow |
