Last active
March 17, 2020 05:42
-
-
Save mzpqnxow/fbc92f8407d615a9ba7396b150183cfc to your computer and use it in GitHub Desktop.
Ubiquity EdgeSwitch-48 500w version 1.7.4 (April 2018) - Jailbreak to a full shell with a nice little bug...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # uname -a | |
| Linux es48 3.6.5-1b505fb7 #1 SMP Tue Apr 3 19:13:28 CST 2018 armv7l n | |
| # id | |
| uid=0(root) gid=0(root) | |
| # dmesg | |
| Booting Linux on physical CPU 0 | |
| Linux version 3.6.5-1b505fb7 (es-builder@ES-Builder1) (gcc version 4.7.2 (Broadcom Linux) ) #1 SMP Tue Apr 3 19:13:28 CST 2018 | |
| CPU: ARMv7 Processor [414fc091] revision 1 (ARMv7), cr=10c53c7d | |
| CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache | |
| Machine: Broadcom iProc | |
| Memory policy: ECC disabled, Data cache writealloc | |
| BUG: mapping for 0x18000000 at 0xf0000000 out of vmalloc space | |
| BUG: mapping for 0x19000000 at 0xf1000000 out of vmalloc space | |
| On node 0 totalpages: 65536 | |
| free_area_init_node: node 0, pgdat c0380b80, node_mem_map c1215000 | |
| Normal zone: 256 pages used for memmap | |
| Normal zone: 0 pages reserved | |
| Normal zone: 32512 pages, LIFO batch:7 | |
| HighMem zone: 3328 pages used for memmap | |
| HighMem zone: 29440 pages, LIFO batch:7 | |
| smp_init_cpus: Enter ncores 1 | |
| smp_init_cpus: Leave ncores 1 | |
| PERCPU: Embedded 7 pages/cpu @c201e000 s6272 r8192 d14208 u32768 | |
| pcpu-alloc: s6272 r8192 d14208 u32768 alloc=8*4096 | |
| pcpu-alloc: [0] 0 | |
| Built 1 zonelists in Zone order, mobility grouping on. Total pages: 61952 | |
| Kernel command line: console=ttyS0,115200 mem=128M@0x0 mem=128M@0x68000000 root=/dev/ram mtdparts=spi1.0:960k(boot),64k(env),64k(shmoo),15360k(stk1),15360k(stk2),896k(cfg),64k(eeprom) | |
| PID hash table entries: 512 (order: -1, 2048 bytes) | |
| Dentry cache hash table entries: 16384 (order: 4, 65536 bytes) | |
| Inode-cache hash table entries: 8192 (order: 3, 32768 bytes) | |
| Memory: 128MB 128MB = 256MB total | |
| Memory: 255448k/255448k available, 6696k reserved, 131072K highmem | |
| Virtual kernel memory layout: | |
| vector : 0xffff0000 - 0xffff1000 ( 4 kB) | |
| fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB) | |
| vmalloc : 0xc8800000 - 0xf0000000 ( 632 MB) | |
| lowmem : 0xc0000000 - 0xc8000000 ( 128 MB) | |
| pkmap : 0xbfe00000 - 0xc0000000 ( 2 MB) | |
| modules : 0xbf000000 - 0xbfe00000 ( 14 MB) | |
| .text : 0xc0008000 - 0xc0332b6c (3243 kB) | |
| .init : 0xc0333000 - 0xc0358880 ( 151 kB) | |
| .data : 0xc035a000 - 0xc0382960 ( 163 kB) | |
| .bss : 0xc0382984 - 0xc0394f18 ( 74 kB) | |
| SLUB: Genslabs=11, HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 | |
| Hierarchical RCU implementation. | |
| RCU restricting CPUs from NR_CPUS=4 to nr_cpu_ids=1. | |
| NR_IRQS:292 | |
| Clock Div = 0x2012 | |
| Active frequency ID 6 | |
| a9pll0_status: clk 0xc036ffb8 | |
| parent rate 25000000 | |
| Clock divisor 4 | |
| Clock rate 400000005 | |
| Clock Div = 0x2012 | |
| Active frequency ID 6 | |
| Clock divisor 2 | |
| Clock rate 200000002 | |
| iproc_clocksource_init: CPU global timer freq 200000002 | |
| cpu_clk_freq: 200000002 | |
| HZ: 100, ticks_per_jiffy: 2000000 | |
| sched_clock: 32 bits at 100 Hz, resolution 10000000ns, wraps every 4294967286ms | |
| Calibrating delay loop... 795.44 BogoMIPS (lpj=3977216) | |
| pid_max: default: 4096 minimum: 301 | |
| Mount-cache hash table entries: 512 | |
| CPU: Testing write buffer coherency: ok | |
| CPU0: thread -1, cpu 0, socket 0, mpidr 80000000 | |
| Setting up static identity map for 0x267a98 - 0x267af0 | |
| L310 cache controller enabled | |
| l2x0: 8 ways, CACHE_ID 0x410000c9, AUX_CTRL 0x0a120000, Cache size: 131072 B | |
| Brought up 1 CPUs | |
| SMP: Total of 1 processors activated (795.44 BogoMIPS). | |
| devtmpfs: initialized | |
| NET: Registered protocol family 16 | |
| DMA: preallocated 256 KiB pool for atomic coherent allocations | |
| board_init: Enter | |
| GENPLL[5] mdiv=40 rate=2000000000 | |
| Sel=1 Ovr=1 Div=48 | |
| UART clock rate 50000000 | |
| board_init: Leave | |
| bio: create slab <bio-0> at 0 | |
| Switching to clocksource iproc_gtimer | |
| NET: Registered protocol family 2 | |
| TCP established hash table entries: 4096 (order: 3, 32768 bytes) | |
| TCP bind hash table entries: 4096 (order: 3, 32768 bytes) | |
| TCP: Hash tables configured (established 4096 bind 4096) | |
| TCP: reno registered | |
| UDP hash table entries: 128 (order: 0, 4096 bytes) | |
| UDP-Lite hash table entries: 128 (order: 0, 4096 bytes) | |
| NET: Registered protocol family 1 | |
| PCI: CLS 0 bytes, default 64 | |
| Trying to unpack rootfs image as initramfs... | |
| Freeing initrd memory: 808K | |
| pm_init: Initializing Power Management .... | |
| iproc gpiochip add GPIOA | |
| GPIOA:ioaddr f0000060 | |
| GPIOA:intr_ioaddr f0000000 dmu_ioaddr (null) | |
| PCIE0: LINKSTA reg 0xbe val 0x9012 | |
| reg[0xac]=0x10, reg[0xae]=0x42, reg[0xb0]=0x8000, reg[0xb4]=0x2c10, reg[0xb6]=0x10, reg[0xb8]=0x5c12, reg[0xba]=0x65, reg[0xbe]=0x9012, reg[0xc6]=0x40, reg[0xca]=0x1, reg[0xd0]=0x1f, reg[0xd2]=0x8, reg[0xdc]=0x2, PCIE0 link=1 | |
| soc_pcie_bridge_init: membase 0x8000000 memlimit 0x10000000 | |
| PCI host bridge to bus 0000:00 | |
| pci_bus 0000:00: root bus resource [mem 0x08000000-0x0fffffff] | |
| pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] | |
| pci_bus 0000:00: busn_res: [bus 00-ff] is inserted under domain [bus 00-ff] | |
| pci 0000:00:00.0: [14e4:8344] type 01 class 0x060400 | |
| pci 0000:00:00.0: PME# supported from D0 D3hot D3cold | |
| PCI: bus0: Fast back to back transfers disabled | |
| pci_bus 0000:01: busn_res: [bus 01-ff] is inserted under [bus 00-ff] | |
| pci 0000:01:00.0: [14e4:8346] type 00 class 0x020000 | |
| pci 0000:01:00.0: reg 10: [mem 0x00000000-0x00007fff 64bit pref] | |
| pci 0000:01:00.0: reg 18: [mem 0x00000000-0x0003ffff 64bit pref] | |
| pci 0000:01:00.0: reg 20: [mem 0x00000000-0x00ffffff 64bit pref] | |
| pci 0000:01:00.0: PME# supported from D0 D3hot D3cold | |
| pci 0000:01:00.1: [14e4:8346] type 00 class 0x020000 | |
| pci 0000:01:00.1: reg 10: [mem 0x00000000-0x00007fff 64bit pref] | |
| pci 0000:01:00.1: reg 20: [mem 0x00000000-0x00ffffff 64bit pref] | |
| pci 0000:01:00.1: PME# supported from D0 D3hot D3cold | |
| PCI: bus1: Fast back to back transfers disabled | |
| pci_bus 0000:01: busn_res: [bus 01-ff] end is updated to 01 | |
| pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 01 | |
| PCIe map irq: 0000:00:00.00 slot 0, pin 1, irq: 218 | |
| PCIe map irq: 0000:01:00.00 slot 0, pin 1, irq: 218 | |
| PCIe map irq: 0000:01:00.01 slot 0, pin 2, irq: 218 | |
| pci 0000:00:00.0: BAR 9: assigned [mem 0x08000000-0x0a7fffff 64bit pref] | |
| pci 0000:01:00.0: BAR 4: assigned [mem 0x08000000-0x08ffffff 64bit pref] | |
| pci 0000:01:00.1: BAR 4: assigned [mem 0x09000000-0x09ffffff 64bit pref] | |
| pci 0000:01:00.0: BAR 2: assigned [mem 0x0a000000-0x0a03ffff 64bit pref] | |
| pci 0000:01:00.0: BAR 0: assigned [mem 0x0a040000-0x0a047fff 64bit pref] | |
| pci 0000:01:00.1: BAR 0: assigned [mem 0x0a048000-0x0a04ffff 64bit pref] | |
| pci 0000:00:00.0: PCI bridge to [bus 01] | |
| pci 0000:00:00.0: bridge window [mem 0x08000000-0x0a7fffff 64bit pref] | |
| PCI: enabling device 0000:00:00.0 (0146 -> 0147) | |
| PCIe port 1 in End-Point mode - ignored | |
| pci_bus 0000:00: resource 4 [mem 0x08000000-0x0fffffff] | |
| pci_bus 0000:01: resource 2 [mem 0x08000000-0x0a7fffff 64bit pref] | |
| Registering iproc_pmu_device | |
| bounce pool size: 64 pages | |
| squashfs: version 4.0 (2009/01/31) Phillip Lougher | |
| jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. | |
| msgmni has been set to 244 | |
| Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254) | |
| io scheduler noop registered | |
| io scheduler deadline registered | |
| io scheduler cfq registered (default) | |
| Serial: 8250/16550 driver, 2 ports, IRQ sharing enabled | |
| serial8250.0: ttyS0 at MMIO 0x18000400 (irq = 123) is a 16550A | |
| console [ttyS0] enabled | |
| serial8250.0: ttyS1 at MMIO 0x18000300 (irq = 123) is a 16550A | |
| brd: module loaded | |
| loop: module loaded | |
| nbd: registered device at major 43 | |
| tun: Universal TUN/TAP device driver, 1.6 | |
| tun: (C) 1999-2004 Max Krasnyansky <[email protected]> | |
| mousedev: PS/2 mouse device common for all mice | |
| TCP: cubic registered | |
| NET: Registered protocol family 10 | |
| sit: IPv6 over IPv4 tunneling driver | |
| NET: Registered protocol family 17 | |
| 8021q: 802.1Q VLAN Support v1.8 | |
| GENPLL[5] mdiv=40 rate=2000000000 | |
| qspi_iproc qspi_iproc.1: 1-lane output, 3-byte address | |
| m25p80 spi1.0: found mx25l25635e, expected m25p80 | |
| m25p80 spi1.0: mx25l25635e (32768 Kbytes) | |
| 7 cmdlinepart partitions found on MTD device spi1.0 | |
| Creating 7 MTD partitions on "spi1.0": | |
| 0x000000000000-0x0000000f0000 : "boot" | |
| 0x0000000f0000-0x000000100000 : "env" | |
| 0x000000100000-0x000000110000 : "shmoo" | |
| 0x000000110000-0x000001010000 : "stk1" | |
| 0x000001010000-0x000001f10000 : "stk2" | |
| 0x000001f10000-0x000001ff0000 : "cfg" | |
| 0x000001ff0000-0x000002000000 : "eeprom" | |
| Freeing init memory: 148K | |
| linux_kernel_bde: module license 'Proprietary' taints kernel. | |
| Disabling lock debugging due to kernel taint | |
| PCI: enabling device 0000:01:00.0 (0140 -> 0142) | |
| linux-kernel-bde (512): Payload size exceeds device capability (256) | |
| # cat /proc/cpuinfo | |
| Processor : ARMv7 Processor rev 1 (v7l) | |
| processor : 0 | |
| BogoMIPS : 795.44 | |
| Features : swp half thumb fastmult edsp tls | |
| CPU implementer : 0x41 | |
| CPU architecture: 7 | |
| CPU variant : 0x4 | |
| CPU part : 0xc09 | |
| CPU revision : 1 | |
| Hardware : Broadcom iProc | |
| Revision : 0000 | |
| Serial : 0000000000000000 | |
| # cat /proc/meminfo | |
| MemTotal: 256404 kB | |
| MemFree: 65444 kB | |
| Buffers: 232 kB | |
| Cached: 50724 kB | |
| SwapCached: 0 kB | |
| Active: 119480 kB | |
| Inactive: 46088 kB | |
| Active(anon): 114612 kB | |
| Inactive(anon): 0 kB | |
| Active(file): 4868 kB | |
| Inactive(file): 46088 kB | |
| Unevictable: 0 kB | |
| Mlocked: 0 kB | |
| HighTotal: 131072 kB | |
| HighFree: 452 kB | |
| LowTotal: 125332 kB | |
| LowFree: 64992 kB | |
| SwapTotal: 0 kB | |
| SwapFree: 0 kB | |
| Dirty: 0 kB | |
| Writeback: 0 kB | |
| AnonPages: 114624 kB | |
| Mapped: 20500 kB | |
| Shmem: 0 kB | |
| Slab: 17096 kB | |
| SReclaimable: 14132 kB | |
| SUnreclaim: 2964 kB | |
| KernelStack: 1424 kB | |
| PageTables: 660 kB | |
| NFS_Unstable: 0 kB | |
| Bounce: 0 kB | |
| WritebackTmp: 0 kB | |
| CommitLimit: 128200 kB | |
| Committed_AS: 188024 kB | |
| VmallocTotal: 647168 kB | |
| VmallocUsed: 5364 kB | |
| VmallocChunk: 580948 kB | |
| # cat /etc/passwd | |
| root:$1$bWnLxz3A$48UWQ.CfWg4.O8RwstIKO1:0:0:root:/:/bin/sh | |
| bin:*:1:1:bin:/bin: | |
| daemon:*:2:2:daemon:/usr/sbin: | |
| sys:*:3:3:sys:/dev: | |
| sync:*:6:8:sync:/bin:/bin/sync | |
| halt:*:8:10:halt:/sbin:/sbin/halt | |
| operator:*:12:0:operator:/root: | |
| nobody:*:65534:65534:nobody:/:/bin/sh | |
| lighttpd:*:101:101:lighttpd:/:/bin/sh | |
| # ./lsofarm -i4 -n -P | |
| COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME | |
| switchdrv 611 0 19u inet 855 0t0 UDP 127.0.0.1:49160 | |
| switchdrv 611 0 20u inet 858 0t0 TCP 127.0.0.1:2222 (LISTEN) | |
| switchdrv 611 0 43u inet 900 0t0 UDP 127.0.0.1:4567 | |
| ubnt-infc 617 0 7u inet 773 0t0 UDP *:10001 | |
| opensshd 818 0 4u inet 1304 0t0 TCP *:22 (LISTEN) | |
| lighttpd 862 0 6u inet 1430 0t0 TCP *:443 (LISTEN) | |
| sh 1083 0 0u inet 1641 0t0 TCP 1.1.1.18:56126->1.1.1.2:3333 (ESTABLISHED) | |
| sh 1083 0 1u inet 1641 0t0 TCP 1.1.1.18:56126->1.1.1.2:3333 (ESTABLISHED) | |
| sh 1083 0 2u inet 1641 0t0 TCP 1.1.1.18:56126->1.1.1.2:3333 (ESTABLISHED) | |
| sh 1083 0 19u inet 855 0t0 UDP 127.0.0.1:49160 | |
| sh 1083 0 20u inet 858 0t0 TCP 127.0.0.1:2222 (LISTEN) | |
| sh 1083 0 26u inet 1641 0t0 TCP 1.1.1.18:56126->1.1.1.2:3333 (ESTABLISHED) | |
| sh 1083 0 43u inet 900 0t0 UDP 127.0.0.1:4567 | |
| sh 1846 0 0u inet 23465 0t0 TCP 1.1.1.18:56205->1.1.1.2:3333 (ESTABLISHED) | |
| sh 1846 0 1u inet 23465 0t0 TCP 1.1.1.18:56205->1.1.1.2:3333 (ESTABLISHED) | |
| sh 1846 0 2u inet 23465 0t0 TCP 1.1.1.18:56205->1.1.1.2:3333 (ESTABLISHED) | |
| sh 1846 0 19u inet 855 0t0 UDP 127.0.0.1:49160 | |
| sh 1846 0 20u inet 858 0t0 TCP 127.0.0.1:2222 (LISTEN) | |
| sh 1846 0 26u inet 23465 0t0 TCP 1.1.1.18:56205->1.1.1.2:3333 (ESTABLISHED) | |
| sh 1846 0 43u inet 900 0t0 UDP 127.0.0.1:4567 | |
| lsofarm 2396 0 0u inet 23465 0t0 TCP 1.1.1.18:56205->1.1.1.2:3333 (ESTABLISHED) | |
| lsofarm 2396 0 1u inet 23465 0t0 TCP 1.1.1.18:56205->1.1.1.2:3333 (ESTABLISHED) | |
| lsofarm 2396 0 2u inet 23465 0t0 TCP 1.1.1.18:56205->1.1.1.2:3333 (ESTABLISHED) | |
| # df -h | |
| Filesystem Size Used Available Use% Mounted on | |
| /dev/mtdblock5 896.0K 744.0K 152.0K 83% /mnt/fastpath | |
| /dev/loop0 1.6M 1.6M 0 100% /mnt/www | |
| # mount | |
| rootfs on / type rootfs (rw,relatime) | |
| proc on /proc type proc (rw,relatime) | |
| none on /sys type sysfs (rw,relatime) | |
| /dev/mtdblock5 on /mnt/fastpath type jffs2 (rw,relatime) | |
| tmpfs on /mnt/application type tmpfs (rw,relatime) | |
| /dev/loop0 on /mnt/www type squashfs (ro,relatime) | |
| # | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment