fix date + links

This commit is contained in:
daniele.linguaglossa 2024-10-09 17:53:19 +02:00
parent fc56f232b6
commit 2c09d11eb9

View File

@ -2,7 +2,7 @@
title: From zero to botnet title: From zero to botnet
description: GL.iNet going wild (RCE + Botnet) description: GL.iNet going wild (RCE + Botnet)
author: DZONERZY author: DZONERZY
date: Thursday, 19 October 2023 date: Thursday, 19 October, 2023
--- ---
# Boredom, that bad guy # Boredom, that bad guy
![Picture of GL.iNet](../assets/bored-hacker.jpg) ![Picture of GL.iNet](../assets/bored-hacker.jpg)
@ -40,7 +40,7 @@ The firmware was based on OpenWRT, as we can deduct from the firmware name, so t
Other handlers exist for different functionalities inside **/usr/lib/oui-httpd/rpc/**, but we are interested in the authentication mechanism, so let's focus on that. Other handlers exist for different functionalities inside **/usr/lib/oui-httpd/rpc/**, but we are interested in the authentication mechanism, so let's focus on that.
More info about how ubus works can be found [here](https://hackmd.io/@rYMqzC-9Rxy0Isn3zClURg/H1BY98bRw). More info about how ubus works can be found [here](https://hackmd.io/@rYMqzC-9Rxy0Isn3zClURg/H1BY98bRw){title="OpenWRT UBUS RPC"}.
# The vulnerability, Lua, for real !?? # The vulnerability, Lua, for real !??
@ -266,7 +266,7 @@ This will return our beloved **root** ACL, and we can finally log in as root!
Yes, we have cookies indeed, but what now? Should I stop here and report the vuln? Maybe, but not that time. I was bored and wanted more fun, so I started looking at GL.iNet documentation, looking for neat API stuff to call and play with. Yes, we have cookies indeed, but what now? Should I stop here and report the vuln? Maybe, but not that time. I was bored and wanted more fun, so I started looking at GL.iNet documentation, looking for neat API stuff to call and play with.
GL.iNet developers are friendly and provide excellent documentation for their API, which can be found [here](https://dev.gl-inet.com/router-4.x-api/). GL.iNet developers are friendly and provide excellent documentation for their API, which can be found [here](https://dev.gl-inet.com/router-4.x-api/){title="GL.iNet 4.x web APIs"}.
I found some interesting API, the **system/add_user**, like the following. I found some interesting API, the **system/add_user**, like the following.