정보 취득
파일 시스템 분석
파일 및 디렉토리 크기 확인
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ du -h --max-depth=1
56K ./share
13M ./lib
8.0K ./dev
7.3M ./bin
4.0K ./media
12M ./sbin
3.6M ./usr
1.2M ./www
4.0K ./private
4.0K ./mnt
9.2M ./etc_ro
4.0K ./home
4.0K ./var
4.0K ./sys
12K ./etc
4.0K ./tmp
4.0K ./proc
45M .파일 개수 및 유형 통계
전체 파일 개수
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type f | wc -l
1303전체 디렉토리 개수
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type d | wc -l
138라이브러리 파일 개수
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type f -name "*.so" | wc -l
60스크립트 파일 개수
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type f -name "*.sh" | wc -l
58실행 파일 개수
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type f -executable | wc -l
547특이 파일 탐색
- 순서대로 설정 파일 / XML 파일 / 데이터 파일 / CGI 스크립트 파일 / 비밀번호 관련 파일
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type f -name "*.conf"
./etc_ro/lld2d.conf
./etc_ro/lighttpd/lighttpd.conf
./etc_ro/lighttpd/lighttpd_webdav.conf
./etc/jcpd.conf
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type f -name "*.xml"
./etc_ro/lighttpd/www/web/hnap/GetWirelessMode.xml
./etc_ro/lighttpd/www/web/hnap/SetPortForwardingSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6FirewallSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetSysEmailSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetFactoryDefault.xml
./etc_ro/lighttpd/www/web/hnap/SetMyDLinkRegistration.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6Status.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6LinkLocalOnlySettings.xml
./etc_ro/lighttpd/www/web/hnap/GetMultipleSSID_GetWLanRadioSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetDynamicDNSIPv6Settings.xml
./etc_ro/lighttpd/www/web/hnap/GetMACFilters2.xml
./etc_ro/lighttpd/www/web/hnap/SetAddStorageUser.xml
./etc_ro/lighttpd/www/web/hnap/SetMultipleActions_WLanRadioSecurity.xml
./etc_ro/lighttpd/www/web/hnap/SetAdvNetworkSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetSIMCardInfoAlpha.xml
./etc_ro/lighttpd/www/web/hnap/GetWLanRadioSecurity.xml
./etc_ro/lighttpd/www/web/hnap/SetDeviceSettings2.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv4FirewallSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetFirmwareSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetTriggerWPS.xml
./etc_ro/lighttpd/www/web/hnap/GetUSBDevice.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv6LinkLocalOnlySettings.xml
./etc_ro/lighttpd/www/web/hnap/GetRouterSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetSysLogSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetSiteSurvey.xml
./etc_ro/lighttpd/www/web/hnap/GetInternetConnUpTime.xml
./etc_ro/lighttpd/www/web/hnap/GetSysLogSettings.xml
./etc_ro/lighttpd/www/web/hnap/Login.xml
./etc_ro/lighttpd/www/web/hnap/GetVirtualServerSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetGuestZoneRouterSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetWLanRadioSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetMyDLinkSupportStatus.xml
./etc_ro/lighttpd/www/web/hnap/SetInternetProfileAlpha.xml
./etc_ro/lighttpd/www/web/hnap/GetUSBStorageSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetMultipleActions_WLanRadioSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetWanStatus.xml
./etc_ro/lighttpd/www/web/hnap/GetFirewallSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetAudioRenderSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetInterfaceStatistics.xml
./etc_ro/lighttpd/www/web/hnap/SetTriggerWirelessSiteSurvey.xml
./etc_ro/lighttpd/www/web/hnap/SetSysEmailSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetMyDLinkSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetLocalHostInfo.xml
./etc_ro/lighttpd/www/web/hnap/GetSMBStatus.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6StaticSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetWiFiVerifyAlpha.xml
./etc_ro/lighttpd/www/web/hnap/GetPortMappings.xml
./etc_ro/lighttpd/www/web/hnap/SetAccessPointMode.xml
./etc_ro/lighttpd/www/web/hnap/SetForwardedPorts.xml
./etc_ro/lighttpd/www/web/hnap/GetDeviceFeatureAlpha.xml
./etc_ro/lighttpd/www/web/hnap/SetCAPTCHAsetting.xml
./etc_ro/lighttpd/www/web/hnap/GetWLanSettings54.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv66to4TunnelSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetMultipleSSID_SetWLanRadioSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv6AutoConfigurationSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetMultipleSSID.xml
./etc_ro/lighttpd/www/web/hnap/GetWebFilterSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetVirtualServerSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetWiFiOpMode.xml
./etc_ro/lighttpd/www/web/hnap/GetWirelessSiteSurvey.xml
./etc_ro/lighttpd/www/web/hnap/GetWPSStatus.xml
./etc_ro/lighttpd/www/web/hnap/SetLanguageDefaultSetting.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv6Settings.xml
./etc_ro/lighttpd/www/web/hnap/SetMultipleSSID_SetWLanRadioSecurity.xml
./etc_ro/lighttpd/www/web/hnap/SetDLNA.xml
./etc_ro/lighttpd/www/web/hnap/GetClientStats.xml
./etc_ro/lighttpd/www/web/hnap/SetSMBSettings.xml
./etc_ro/lighttpd/www/web/hnap/AddPortMapping.xml
./etc_ro/lighttpd/www/web/hnap/StartFirmwareDownload.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6Settings_orig.xml
./etc_ro/lighttpd/www/web/hnap/GetRouterLanSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetQoSSettings.xml
./etc_ro/lighttpd/www/web/hnap/RenewWanConnection.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv66rdTunnelSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetAPClientSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetTimeSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetDLNA.xml
./etc_ro/lighttpd/www/web/hnap/SetMACFilters2.xml
./etc_ro/lighttpd/www/web/hnap/GetMulticastSnooping.xml
./etc_ro/lighttpd/www/web/hnap/GetWLanRadios.xml
./etc_ro/lighttpd/www/web/hnap/GetMyDLinkSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetRouterSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetMultipleSSID_GetWLanRadioSecurity.xml
./etc_ro/lighttpd/www/web/hnap/SetWanSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetAdministrationSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetAPClientSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetCAPTCHAsetting.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6WanType.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv66in4TunnelSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv6AutoDetectionSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetStaticRouteIPv6Settings.xml
./etc_ro/lighttpd/www/web/hnap/GetMultipleHNAPs.xml
./etc_ro/lighttpd/www/web/hnap/SetStorageUsers.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv6StaticSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetMACFilters.xml
./etc_ro/lighttpd/www/web/hnap/GetLanguageDefaultSetting.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6IngressFiltering.xml
./etc_ro/lighttpd/www/web/hnap/SetMultipleActions_SetWanSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv66in4TunnelSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6Settings.xml
./etc_ro/lighttpd/www/web/hnap/GetOperationMode.xml
./etc_ro/lighttpd/www/web/hnap/SetFirewallSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetVersionInfo.xml
./etc_ro/lighttpd/www/web/hnap/SetTriggerADIC.xml
./etc_ro/lighttpd/www/web/hnap/GetNetworkStats.xml
./etc_ro/lighttpd/www/web/hnap/PollingFirmwareDownload.xml
./etc_ro/lighttpd/www/web/hnap/GetDynamicDNSIPv6Settings.xml
./etc_ro/lighttpd/www/web/hnap/GetConnectedDevices.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv66rdTunnelSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetDynamicDNSSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetStaticRouteIPv4Settings.xml
./etc_ro/lighttpd/www/web/hnap/GetScheduleSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv4FirewallSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetPortForwardingSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetAdministrationSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetUSBStorageDevice.xml
./etc_ro/lighttpd/www/web/hnap/GetListDirectory.xml
./etc_ro/lighttpd/www/web/hnap/GetDeviceSettings.xml
./etc_ro/lighttpd/www/web/hnap/Reboot.xml
./etc_ro/lighttpd/www/web/hnap/GetGuestZoneRouterSettings.xml
./etc_ro/lighttpd/www/web/hnap/RenewIPv6WanConnection.xml
./etc_ro/lighttpd/www/web/hnap/GetStaticRouteIPv4Settings.xml
./etc_ro/lighttpd/www/web/hnap/GetRoutingTableIPv6.xml
./etc_ro/lighttpd/www/web/hnap/GetClientInfo.xml
./etc_ro/lighttpd/www/web/hnap/SetClientInfo.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv6PppoeSettings.xml
./etc_ro/lighttpd/www/web/hnap/getwan.xml
./etc_ro/lighttpd/www/web/hnap/GetWanSettings.xml
./etc_ro/lighttpd/www/web/hnap/DoFirmwareUpgrade.xml
./etc_ro/lighttpd/www/web/hnap/GetStaticRouteIPv6Settings.xml
./etc_ro/lighttpd/www/web/hnap/GetDeviceSettings2.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv66to4TunnelSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv6FirewallSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv6IngressFiltering.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6SimpleSecurity.xml
./etc_ro/lighttpd/www/web/hnap/GetAdvNetworkSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetDMZSettings.xml
./etc_ro/lighttpd/www/web/hnap/RestoreFactoryDefaults.xml
./etc_ro/lighttpd/www/web/hnap/SetWiFiOpMode.xml
./etc_ro/lighttpd/www/web/hnap/SetIPv6SimpleSecurity.xml
./etc_ro/lighttpd/www/web/hnap/GetCurrentInternetStatus.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6AutoConfigurationSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetWirelessMode.xml
./etc_ro/lighttpd/www/web/hnap/GetMultipleSSID.xml
./etc_ro/lighttpd/www/web/hnap/GetWLanSettings24.xml
./etc_ro/lighttpd/www/web/hnap/SetDelStorageUser.xml
./etc_ro/lighttpd/www/web/hnap/SetWebFilterSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetISPListAlpha.xml
./etc_ro/lighttpd/www/web/hnap/SetMulticastSnooping.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6AutoDetectionSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetRoutingTableIPv4.xml
./etc_ro/lighttpd/www/web/hnap/GetWLanSecurity.xml
./etc_ro/lighttpd/www/web/hnap/SetAudioRenderSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetWANDHCPSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetOperationMode.xml
./etc_ro/lighttpd/www/web/hnap/GetQoSSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetFirmwareValidation.xml
./etc_ro/lighttpd/www/web/hnap/GetInternetProfileAlpha.xml
./etc_ro/lighttpd/www/web/hnap/GetDMZSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetWLanRadioSecurity.xml
./etc_ro/lighttpd/www/web/hnap/SetWLanRadioSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetIPv6PppoeSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetMultipleActions.xml
./etc_ro/lighttpd/www/web/hnap/GetFirmwareStatus.xml
./etc_ro/lighttpd/www/web/hnap/SetTimeSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetDeviceSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetNetworkSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetFirmwareState.xml
./etc_ro/lighttpd/www/web/hnap/IsDeviceReady.xml
./etc_ro/lighttpd/www/web/hnap/SetMultipleActions_DeviceSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetOpenDNS.xml
./etc_ro/lighttpd/www/web/hnap/Logout.xml
./etc_ro/lighttpd/www/web/hnap/GetSMBSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetScheduleSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetForwardedPorts.xml
./etc_ro/lighttpd/www/web/hnap/DeletePortMapping.xml
./etc_ro/lighttpd/www/web/hnap/SetRouterLanSettings.xml
./etc_ro/lighttpd/www/web/hnap/GetDynamicDNSSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetUSBStorageSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetMyDLinkUnregistration.xml
./etc_ro/lighttpd/www/web/hnap/GetNetworkSettings.xml
./etc_ro/lighttpd/www/web/hnap/SetSMBStatus.xml
./etc_ro/onetouch/device.xml
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type f -name "*.dat"
./etc_ro/Wireless/WIFI3/RT2870AP.dat
./etc_ro/Wireless/RT2860AP/RT2860AP-5G.dat
./etc_ro/Wireless/RT2860AP/7615_SingleSKU_BF.dat
./etc_ro/Wireless/RT2860AP/SKU_24G_CCC_BF.dat
./etc_ro/Wireless/RT2860AP/RT2860AP-2G.dat
./etc_ro/Wireless/RT2860AP/SKU_5G_IC_BF.dat
./etc_ro/Wireless/RT2860AP/SKU_5G_FCC_BF.dat
./etc_ro/Wireless/RT2860AP/RT2860_dbdc_def.dat
./etc_ro/Wireless/RT2860AP/SingleSKU_24G_IC.dat
./etc_ro/Wireless/RT2860AP/SKU_24G_IC_BF.dat
./etc_ro/Wireless/RT2860AP/SKU_24G_CE_BF.dat
./etc_ro/Wireless/RT2860AP/RT2860_def.dat
./etc_ro/Wireless/RT2860AP/RT2860_def_hs_dbdc.dat
./etc_ro/Wireless/RT2860AP/RT2860AP-DBDC.dat
./etc_ro/Wireless/RT2860AP/SingleSKU_24G_CE.dat
./etc_ro/Wireless/RT2860AP/SingleSKU_5G_FCC.dat
./etc_ro/Wireless/RT2860AP/SingleSKU_24G_CCC.dat
./etc_ro/Wireless/RT2860AP/SKU_5G_CCC_BF.dat
./etc_ro/Wireless/RT2860AP/SKU_5G_CE_BF.dat
./etc_ro/Wireless/RT2860AP/SKU_24G_FCC_BF.dat
./etc_ro/Wireless/RT2860AP/SingleSKU_5G_CCC.dat
./etc_ro/Wireless/RT2860AP/RT2860_def_hs.dat
./etc_ro/Wireless/RT2860AP/7615_SingleSKU.dat
./etc_ro/Wireless/RT2860AP/SingleSKU_24G_FCC.dat
./etc_ro/Wireless/RT2860AP/SingleSKU_5G_CE.dat
./etc_ro/Wireless/RT2860AP/SingleSKU_5G_IC.dat
./etc_ro/Wireless/RT2870STA_5G.dat
./etc_ro/Wireless/iNIC/RT2860AP-factory.dat
./etc_ro/Wireless/iNIC/RT2860AP.dat
./etc_ro/Wireless/RT2870STA.dat
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type f -name "*.cgi"
./bin/prog.cgi
./sbin/seama.cgi
./sbin/fwupload.cgi
./etc_ro/lighttpd/www/web/HNAP1/dllog.cgi
./etc_ro/lighttpd/www/web/HNAP1/dlcfg.cgi
./etc_ro/lighttpd/www/web/HNAP1/dlquickvpnsettings.cgi
./etc_ro/lighttpd/www/web/wireless.cgi
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type f -name "passwd*"링크된 파일 탐색
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ find . -type l -exec ls -l {} \;
lrwxrwxrwx 1 lee lee 12 Jan 27 17:13 ./lib/libdb-4.so -> libdb-4.8.so
lrwxrwxrwx 1 lee lee 21 Jan 27 17:13 ./lib/libresolv.so.0 -> libresolv-0.9.33.2.so
lrwxrwxrwx 1 lee lee 18 Jan 27 17:13 ./lib/libcrypto.so -> libcrypto.so.1.0.0
lrwxrwxrwx 1 lee lee 22 Jan 27 17:13 ./lib/libpthread.so.0 -> libpthread-0.9.33.2.so
lrwxrwxrwx 1 lee lee 18 Jan 27 17:13 ./lib/libjson-c.so -> libjson-c.so.2.0.1
lrwxrwxrwx 1 lee lee 18 Jan 27 17:13 ./lib/libnvram.so.0 -> libnvram-0.9.28.so
lrwxrwxrwx 1 lee lee 12 Jan 27 17:13 ./lib/libdb.so -> libdb-4.8.so
lrwxrwxrwx 1 lee lee 16 Jan 27 17:13 ./lib/libgmp.so.0 -> libgmp-0.9.28.so
lrwxrwxrwx 1 lee lee 19 Jan 27 17:13 ./lib/libid3tag.so.0 -> libid3tag-0.9.28.so
lrwxrwxrwx 1 lee lee 19 Jan 27 17:13 ./lib/libutil.so.0 -> libutil-0.9.33.2.so
lrwxrwxrwx 1 lee lee 18 Jan 27 17:13 ./lib/libnvram.so -> libnvram-0.9.28.so
lrwxrwxrwx 1 lee lee 16 Jan 27 17:13 ./lib/libjson.so.0 -> libjson.so.0.1.0
lrwxrwxrwx 1 lee lee 16 Jan 27 17:13 ./lib/libjson.so -> libjson.so.0.1.0
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./lib/libzebra.so.1 -> libzebra.so.1.0.0
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./lib/librt.so.0 -> librt-0.9.33.2.so
lrwxrwxrwx 1 lee lee 16 Jan 27 17:13 ./lib/libfcgi.so -> libfcgi.so.0.0.0
lrwxrwxrwx 1 lee lee 20 Jan 27 17:13 ./lib/libcrypt.so.0 -> libcrypt-0.9.33.2.so
lrwxrwxrwx 1 lee lee 21 Jan 27 17:13 ./lib/ld-uClibc.so.0 -> ld-uClibc-0.9.33.2.so
lrwxrwxrwx 1 lee lee 16 Jan 27 17:13 ./lib/libgmp.so -> libgmp-0.9.28.so
lrwxrwxrwx 1 lee lee 21 Jan 27 17:13 ./lib/libc.so.0 -> libuClibc-0.9.33.2.so
lrwxrwxrwx 1 lee lee 16 Jan 27 17:13 ./lib/libm.so.0 -> libm-0.9.33.2.so
lrwxrwxrwx 1 lee lee 13 Jan 27 17:13 ./lib/libz.so.1 -> libz-1.2.3.so
lrwxrwxrwx 1 lee lee 18 Jan 27 17:13 ./lib/libnsl.so.0 -> libnsl-0.9.33.2.so
lrwxrwxrwx 1 lee lee 15 Jan 27 17:13 ./lib/libfl.so -> libfl-0.9.28.so
lrwxrwxrwx 1 lee lee 15 Jan 27 17:13 ./lib/libssl.so -> libssl.so.1.0.0
lrwxrwxrwx 1 lee lee 15 Jan 27 17:13 ./lib/libfl.so.0 -> libfl-0.9.28.so
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./lib/libpcre.so -> libpcre-0.9.28.so
lrwxrwxrwx 1 lee lee 15 Jan 27 17:13 ./lib/libogg.so.0 -> libogg.so.0.8.0
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./lib/libdl.so.0 -> libdl-0.9.33.2.so
lrwxrwxrwx 1 lee lee 15 Jan 27 17:13 ./lib/liblua.so -> liblua.so.5.1.5
lrwxrwxrwx 1 lee lee 13 Jan 27 17:13 ./lib/libz.so -> libz-1.2.3.so
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./lib/libpcre.so.0 -> libpcre-0.9.28.so
lrwxrwxrwx 1 lee lee 19 Jan 27 17:13 ./lib/libid3tag.so -> libid3tag-0.9.28.so
lrwxrwxrwx 1 lee lee 16 Jan 27 17:13 ./lib/libfcgi.so.0 -> libfcgi.so.0.0.0
lrwxrwxrwx 1 lee lee 15 Jan 27 17:13 ./lib/libogg.so -> libogg.so.0.8.0
lrwxrwxrwx 1 lee lee 21 Jan 27 17:13 ./lib/libgpg-error.so.0 -> libgpg-error.so.0.8.0
lrwxrwxrwx 1 lee lee 18 Jan 27 17:13 ./lib/libjson-c.so.2 -> libjson-c.so.2.0.1
lrwxrwxrwx 1 lee lee 19 Jan 27 17:13 ./lib/libgcrypt.so.11 -> libgcrypt.so.11.8.0
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/login -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/mount -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/kill -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/fgrep -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/mkdir -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/iproute -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/ln -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/dd -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/sh -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/date -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/mknod -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/echo -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/chmod -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/hostname -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/cp -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/grep -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/netstat -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/pwd -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/iplink -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/uname -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/mv -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/ping -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/touch -> busybox
lrwxrwxrwx 1 lee lee 11 Jan 27 17:13 ./bin/nvram_get -> ralink_init
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/vi -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/egrep -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/cat -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/addgroup -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/adduser -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/delgroup -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/ash -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/sed -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/ls -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/ping6 -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/iprule -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/iptunnel -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/sleep -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/deluser -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/ipaddr -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/ps -> busybox
lrwxrwxrwx 1 lee lee 11 Jan 27 17:13 ./bin/nvram_set -> ralink_init
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/rm -> busybox
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/umount -> busybox
lrwxrwxrwx 1 lee lee 9 Jan 27 17:13 ./bin/rtinicapd -> rt2860apd
lrwxrwxrwx 1 lee lee 7 Jan 27 17:13 ./bin/dmesg -> busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/klogd -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/poweroff -> ../bin/busybox
lrwxrwxrwx 1 lee lee 6 Jan 27 17:13 ./sbin/udhcpc -> udhcpd
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/vconfig -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/arp -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/route -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/insmod -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/reboot -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/halt -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/mdev -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/init -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/ifconfig -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/lsmod -> ../bin/busybox
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/syslogd -> ../bin/busybox
lrwxrwxrwx 1 lee lee 9 Jan 27 17:13 ./sbin/preinit -> /dev/null
lrwxrwxrwx 1 lee lee 14 Jan 27 17:13 ./sbin/rmmod -> ../bin/busybox
lrwxrwxrwx 1 lee lee 9 Jan 27 17:13 ./sbin/hotplug -> /dev/null
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/tftp -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/cut -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/wc -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 './usr/bin/[[' -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/expr -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 './usr/bin/[' -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/md5sum -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/awk -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/dirname -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/tftpd -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/arping -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/top -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/time -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/wget -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/test -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/udpsvd -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/crontab -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/hexdump -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/taskset -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/tr -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/printf -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/uptime -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/find -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/killall -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/logger -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/bin/free -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/sbin/udhcpd -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 6 Jan 27 17:13 ./usr/sbin/pppd_v6 -> ./pppd
lrwxrwxrwx 1 lee lee 6 Jan 27 17:13 ./usr/sbin/xmldb -> ./dxml
lrwxrwxrwx 1 lee lee 11 Jan 27 17:13 ./usr/sbin/dhcp6s -> dhcp6-multi
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/sbin/sendmail -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/sbin/chpasswd -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/sbin/crond -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/sbin/telnetd -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 17 Jan 27 17:13 ./usr/sbin/brctl -> ../../bin/busybox
lrwxrwxrwx 1 lee lee 6 Jan 27 17:13 ./usr/sbin/dxmlc -> ./dxml
lrwxrwxrwx 1 lee lee 6 Jan 27 17:13 ./usr/sbin/xmldbc -> ./dxml
lrwxrwxrwx 1 lee lee 9 Jan 27 17:13 ./www/tmp -> /dev/null
lrwxrwxrwx 1 lee lee 11 Jan 27 17:13 ./init -> bin/busybox특이점 파악 및 단서 잡기
-
디렉토리 크기
lib: 13M (주요 라이브러리 포함)bin: 7.3M (실행 파일 포함)sbin: 12M (시스템 관리용 실행 파일)etc_ro: 9.2M (설정 파일 포함)- 주요 정보가 포함될 가능성이 높은 디렉토리는
lib,bin,sbin,etc_ro
-
파일 및 디렉토리 통계
- 파일: 1303개
- 디렉토리: 138개
- 실행 파일이 547개로 상당히 많은 비중을 차지하고 있으며, 이는 MIPS 기반 시스템에서 필수 도구들과 관련된 바이너리가 많이 포함되어 있기 때문일 것으로 추정
-
설정 파일 (
*.conf)lighttpd.conf및lighttpd_webdav.conf: 웹 서버 설정 분석 가능lld2d.conf: 네트워크 관련 설정jcpd.conf: 아직 내용이 밝혀지지 않은 특이 파일
-
XML 파일 (
*.xml)/etc_ro/lighttpd/www/web/hnap/에 위치한 대규모 XML 파일 세트는 HNAP 프로토콜과 관련된 설정 및 작업을 정의하고 있음- 주요 파일들(예:
SetPortForwardingSettings.xml,GetFirewallSettings.xml)은 네트워크 관리 인터페이스 및 설정 취약점 탐지에 유용
-
데이터 파일 (
*.dat)RT2860AP및RT2870STA관련 무선 네트워크 설정 파일들이 다수 포함- SSID, 비밀번호, 채널 설정 등 무선 네트워크 정보가 하드코딩되어 있을 가능성이 있음
-
CGI 스크립트 (
*.cgi)/sbin/fwupload.cgi: 펌웨어 업로드 관련, 잠재적인 취약점 분석 가능/etc_ro/lighttpd/www/web/HNAP1/*.cgi: HNAP 프로토콜 실행과 관련된 CGI 스크립트들
-
링크 파일
busybox를 참조하는 다수의 링크 파일: 시스템 유틸리티들이busybox로 구현된 최소화된 환경을 사용 중- 주요 라이브러리들이 링크되어 있으며, 암호화 관련 (
libcrypto.so,libssl.so)도 포함됨
추후 분석 방향 정하기
설정 파일
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ cat ./etc_ro/lld2d.conf
icon = /etc_ro/icon.ico
jumbo-icon = /etc_ro/icon.large.ico
wl-interface = ra0
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ cat ./etc_ro/lighttpd/lighttpd.conf
server.modules = (
"mod_setenv",
"mod_fastcgi",
"mod_cgi",
)
server.document-root = "/etc_ro/lighttpd/www/web"
## where to send error-messages to
#server.errorlog = "/var/log/lighttpd_error.log"
#server.errorlog = "/dev/console"
index-file.names = ( "index.php", "index.html", "Index.html", "index.htm", "default.htm" )
mimetype.assign = (
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "application/ogg",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jar" => "application/x-java-archive",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".cpp" => "text/plain",
".log" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
# ".txt" => "text/plain",
".txt" => "text/html",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar",
"" => "application/octet-stream",
)
url.access-deny = ( "~", ".inc" )
server.upload-dirs = ( "/var/run" )
server.max-request-size = 16384
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
## bind to port (default: 80)
#server.port = 81
server.use-ipv6 = "enable"
server.port = 80
$SERVER["socket"] == "0.0.0.0:80" {
# listen on all ipv4 interfaces.
}
server.pid-file = "/var/run/lighttpd.pid"
fastcgi.debug = 1
fastcgi.server = (
"/HNAP1/" =>
((
"socket" => "/var/prog.fcgi.socket-0",
"check-local" => "enable",
"bin-path" => "/bin/prog.cgi",
"idle-timeout" => 10,
"min-procs" => 1,
"max-procs" => 1
)),
".fcgi" =>
((
"socket" => "/var/prog.fcgi.socket-0",
"check-local" => "enable",
"bin-path" => "/bin/prog.cgi",
"idle-timeout" => 10,
"min-procs" => 1,
"max-procs" => 1
))
)
fastcgi.map-extensions = ( ".htm" => ".fcgi", ".html" => ".fcgi" )
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.pemfile = "/var/private/lighttpd.pem"
server.document-root = "/etc_ro/lighttpd/www/web"
}
server_root = "/var/web"
cgi.assign = (
".cgi" => "",
".htm" => "/bin/prog.cgi",
".html" => "/bin/prog.cgi",
)
alias.url += ( "/cgi-bin" => "/etc_ro/lighttpd/www/web/cgi-bin",
"/HNAP1" => "/etc_ro/lighttpd/www/web/HNAP1" )
$SERVER["socket"] == ":49152" {
server.document-root = "/etc/linuxigd0"
}
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ cat ./etc/jcpd.conf
product=SX UVL Plus
hostname=
netif=
wireless if=
portnum=19540
ds_port=19540무선 네트워크 데이터
- SSID, 암호화 정보, 하드코딩된 비밀번호가 있는지 분석하려 했으나 양이 너무 방대함
- 추후 따로 분석해볼 예정
HNAP 프로토콜 파일 분석
- 마찬가지로 양이 너무 방대함
- 추후 범위를 조금 좁혀서 하나씩 따로 조사해볼 것
CGI 스크립트 분석
┌──(lee㉿kali)-[~/Desktop/Firmware/_DIR882A1_FW104B02_Middle_FW_Unencrypt.bin.extracted/_A0.extracted/_8AB758.extracted/cpio-root]
└─$ cat ./sbin/fwupload.cgi
EL� @4�*p4(▒44@4@44@4@pHH@H@▒▒@@�'�'�'�'A�'A�``@`@Q�td/lib/ld-uClibc.so.0����AG��������
P%@`@�@�@ @
)
p�'A(Appp@
p1p!p%1
▒
&
"*)0 %-!($.',/�(A��U��P%@
p(A����A���'A�(A���� $�(A��f�'A
�(A���0
@0 @@�0%@! %@�%@�%@��$@��$@��$@;�$@B�$@]�$@��$@d�$@p$@k`$�#@}�#@I -�#@4p#@x`#@�P#@3"_init_fini__uClibc_main__deregister_frame_info__register_frame_info_Jv_RegisterClassesmemchrmemcmpmemsetFCGI_fopenmallocFCGI_fseekFCGI_ftellFCGI_freadntohlnvram_safe_getstrcmpcrc32FCGI_fclosefreeFCGI_printfFCGI_perrorlseeksnprintf__errno_locationftruncatestrlenFCGI_fwritesystemgetenvstrstrexitlibnvram.so.0_DYNAMIC_LINKING__RLD_MAP_GLOBAL_OFFSET_TABLE_libc.so.0memmemlibfcgi.so.0libjson-c.so.2libm.so.0libcrypto.so.1.0.0libnotifyrc.solibrcm.solibssl.so.1.0.0_ftext_fdata_gp_edata__bss_start_fbss_end<���'!�����'����▒��B<���'$����
9']��B<���'$���#9'g�� �'!�B<���'!�▒������'��$$�����'��� �������▒������ � �����'��A<�(�B<���',��(��$��
...
��!@��A<A<�'R&�'s&#�r����s&A<�("��!RY� � �'rbSHRSmodel_nameUsage %s file_name offset : %d,length : %d
openftruncate_file,filename:%s/dev/consolew
fail :%s , status :%d
read head tailoffset:%dendoffset end:%dremove read head tailn :%derror end boundarylen:%d,%p,%sendoffset:%d - offset:%d = %d,strlen(p)=%derror:%d,%sUPLOAD_FILENAMEfilename:%s
SERVER_SOFTWARE:%s
SERVER_SOFTWARECONTENT_TYPEboundary=failed, can't find boundary=.
boundary:%sfailed, can't remove head tail.
check fw header FAILED
���������0 @@P%@@0%@ %@%@%@�$@�$@�$@�$@�$@�$@�$@�$@p$@`$@P$@@$@0$@ $@$@$@�#@�#@�#@�#@�#@�#@�#@�#@p#@`#@P#@� @@����� P%@����� 0
@�����0�
@�������@�����04@�����((@�����84▒@�����P 0 @�����0Agnu.shstrtab.interp.reginfo.dynamic.hash.dynsym.dynstr.init.text.MIPS.stubs.fini.rodata.eh_frame.ctors.dtors.jcr.data.rld_map.got.sdata.bss.pdr.gnu.attributes.mdebug.abi32
4@4pH@H▒▒`@%`@``+
�@�3�@�);@xA� @� �GP#@P#SP%@P%TY�%@�%a�'@�'k�'A�r�'A�y�'A�'~�'A�'��'A�'�(A(���(A�(�(A�(0��(@����o�)��(A�)�)�- 깨졌음...?
로그 파일 또는 임시 파일 등
- 비어있음
- 실제 운영 중이던 파일 시스템을 가져온 것이 아니라... 예상한 바
파일 분석 결과 중간 결산
lld2d.conf
wl-interface = ra0:- 무선 인터페이스
ra0를 사용하는 것으로 보임 - 라우터의 무선 네트워크와 관련된 설정임을 나타냄
/etc_ro/Wireless/에 있는 무선 설정 파일(RT2860AP/*.dat)과 함께 참조해야 할 것
- 무선 인터페이스
lighttpd.conf
- 웹 서버 구성:
- 문제점:
server.document-root가/etc_ro/lighttpd/www/web로 설정되어 있어, 해당 경로의 콘텐츠가 그대로 외부에서 액세스될 가능성이 있음.cgi,.htm,.html에 대해/bin/prog.cgi로 매핑된 부분은 CGI 스크립트에 의존하고 있어, 입력 검증 문제나 명령어 주입 취약점이 발생할 가능성이 있음ssl.pemfile경로가/var/private/lighttpd.pem로 설정되어 있으나, 해당 파일이 실제로 존재하지 않는다면 SSL 설정이 제대로 작동하지 않을 수 있음
- 문제점:
jcpd.conf
- 특이한 설정값이 많지는 않으나,
portnum=19540와 같은 값은 네트워크 서비스와 관련된 포트를 나타냄 - 이후에 열려 있는 포트와 서비스를 확인할 때 유용한 정보가 될 수도?
fwupload.cgi
- 단순 텍스트로 확인하기에는 제한
안드로이드는 리눅스의 꿈을 꾸는가