dzonerzy/libdzonerzy.so
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix date + links

Browse Source
This commit is contained in:
daniele.linguaglossa 2024-10-09 17:53:19 +02:00
parent fc56f232b6
commit 2c09d11eb9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
res/articles/glinet-from-zero-to-botnet.md
View File

@ -2,7 +2,7 @@
title: From zero to botnet
description: GL.iNet going wild (RCE + Botnet)
author: DZONERZY
date: Thursday, 19 October 2023
date: Thursday, 19 October, 2023
---
# Boredom, that bad guy
![Picture of GL.iNet](../assets/bored-hacker.jpg)
@ -40,7 +40,7 @@ The firmware was based on OpenWRT, as we can deduct from the firmware name, so t
Other handlers exist for different functionalities inside **/usr/lib/oui-httpd/rpc/**, but we are interested in the authentication mechanism, so let's focus on that.
More info about how ubus works can be found [here](https://hackmd.io/@rYMqzC-9Rxy0Isn3zClURg/H1BY98bRw).
More info about how ubus works can be found [here](https://hackmd.io/@rYMqzC-9Rxy0Isn3zClURg/H1BY98bRw){title="OpenWRT UBUS RPC"}.
# The vulnerability, Lua, for real !??
@ -266,7 +266,7 @@ This will return our beloved **root** ACL, and we can finally log in as root!
Yes, we have cookies indeed, but what now? Should I stop here and report the vuln? Maybe, but not that time. I was bored and wanted more fun, so I started looking at GL.iNet documentation, looking for neat API stuff to call and play with.
GL.iNet developers are friendly and provide excellent documentation for their API, which can be found [here](https://dev.gl-inet.com/router-4.x-api/).
GL.iNet developers are friendly and provide excellent documentation for their API, which can be found [here](https://dev.gl-inet.com/router-4.x-api/){title="GL.iNet 4.x web APIs"}.
I found some interesting API, the **system/add_user**, like the following.