From 2c09d11eb986e042228ba19a9eee9ff401346a87 Mon Sep 17 00:00:00 2001 From: "daniele.linguaglossa" Date: Wed, 9 Oct 2024 17:53:19 +0200 Subject: [PATCH] fix date + links --- res/articles/glinet-from-zero-to-botnet.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/res/articles/glinet-from-zero-to-botnet.md b/res/articles/glinet-from-zero-to-botnet.md index 77eecf4..bd6058b 100644 --- a/res/articles/glinet-from-zero-to-botnet.md +++ b/res/articles/glinet-from-zero-to-botnet.md @@ -2,7 +2,7 @@ title: From zero to botnet description: GL.iNet going wild (RCE + Botnet) author: DZONERZY -date: Thursday, 19 October 2023 +date: Thursday, 19 October, 2023 --- # Boredom, that bad guy ![Picture of GL.iNet](../assets/bored-hacker.jpg) @@ -40,7 +40,7 @@ The firmware was based on OpenWRT, as we can deduct from the firmware name, so t Other handlers exist for different functionalities inside **/usr/lib/oui-httpd/rpc/**, but we are interested in the authentication mechanism, so let's focus on that. -More info about how ubus works can be found [here](https://hackmd.io/@rYMqzC-9Rxy0Isn3zClURg/H1BY98bRw). +More info about how ubus works can be found [here](https://hackmd.io/@rYMqzC-9Rxy0Isn3zClURg/H1BY98bRw){title="OpenWRT UBUS RPC"}. # The vulnerability, Lua, for real !?? @@ -266,7 +266,7 @@ This will return our beloved **root** ACL, and we can finally log in as root! Yes, we have cookies indeed, but what now? Should I stop here and report the vuln? Maybe, but not that time. I was bored and wanted more fun, so I started looking at GL.iNet documentation, looking for neat API stuff to call and play with. -GL.iNet developers are friendly and provide excellent documentation for their API, which can be found [here](https://dev.gl-inet.com/router-4.x-api/). +GL.iNet developers are friendly and provide excellent documentation for their API, which can be found [here](https://dev.gl-inet.com/router-4.x-api/){title="GL.iNet 4.x web APIs"}. I found some interesting API, the **system/add_user**, like the following.