Exploit-HS8545M-ONT

Please read this guide carefully and at your own risk

Usage

Find an exploit to load userdefined ko module

use kernel module .ko to run a shell script[/mnt/jffs2/hw/get.sh] on system reboot, but before you need find an exploit in /etc/rc.d/rc.start/1.sdk_init.sh

logical exploit in line 200-206
mkdir -p /mnt/jffs2/TranStar/
cp -rf /lib/modules/hisi_sdk/* /mnt/jffs2/TranStar/
in order to excute line 261-262, change obj.id = "0x00000001" ; obj.value = "4"; in /mnt/jffs2/hw_boardinfo
cp getshell.ko to /mnt/jffs2/TranStar/hi_epon.ko

Open getshell.ko module, compiled by hongs

use linux 3.10.53, and change vermagic=3.10.53-HULK2 SMP mod_unload modversions ARMv7 when you compile it

Other

add by hongs. 2019/10/02

modify 2021/1/25

test for HS8545M, V3R017C10S105, 1007.A, SD5116 CPU.

test for HS8545M5, V5R019, SD5117 CPU.

Credits

hongs, 0nday and others (see source code for details).

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
allshell		allshell
mnt		mnt
persist-root-shell-poc		persist-root-shell-poc
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Exploit-HS8545M-ONT

Please read this guide carefully and at your own risk

Usage

Find an exploit to load userdefined ko module

Open getshell.ko module, compiled by hongs

Other

Credits

About

Releases

Packages

Languages

cutff/Exploit-HS8545M-ONT

Folders and files

Latest commit

History

Repository files navigation

Exploit-HS8545M-ONT

Please read this guide carefully and at your own risk

Usage

Find an exploit to load userdefined ko module

Open getshell.ko module, compiled by hongs

Other

Credits

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages