From 04e26c87768e88eaf141abf0b8105b7a5338efe3 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 9 Dec 2023 13:33:52 +0200 Subject: [PATCH 1/4] extras/language/luci: remove unused config 5 It doesn't exists in the original luci file and actually meaningless --- extras/language/luci | 3 --- 1 file changed, 3 deletions(-) diff --git a/extras/language/luci b/extras/language/luci index 1ac5a58..8b953c5 100644 --- a/extras/language/luci +++ b/extras/language/luci @@ -30,6 +30,3 @@ config internal 'ccache' config internal 'themes' option xiaoqiang '/xiaoqiang' option OpenWrt '/luci-static/openwrt.org' - -config 5 'debuglevel' - From 9c89c8c922f829a2a6a5137284350c8ee9baeff0 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 9 Dec 2023 13:34:43 +0200 Subject: [PATCH 2/4] fix typos --- remote_command_execution_vulnerability.py | 4 ++-- tcp_file_server.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/remote_command_execution_vulnerability.py b/remote_command_execution_vulnerability.py index d1b1ab8..f596485 100644 --- a/remote_command_execution_vulnerability.py +++ b/remote_command_execution_vulnerability.py @@ -67,8 +67,8 @@ def get_stok(router_ip_address): stok = get_stok(router_ip_address) or input("You need to get the stok manually, then input the stok here: ") print("""There two options to provide the files needed for invasion: - 1. Use a local TCP file server runing on random port to provide files in local directory `script_tools`. - 2. Download needed files from remote github repository. (choose this option only if github is accessable inside router device.)""") + 1. Use a local TCP file server running on random port to provide files in local directory `script_tools`. + 2. Download needed files from remote github repository. (choose this option only if github is accessible inside router device.)""") use_local_file_server = (input("Which option do you prefer? (default: 1)") or "1") == "1" # From https://blog.securityevaluators.com/show-mi-the-vulns-exploiting-command-injection-in-mi-router-3-55c6bcb48f09 diff --git a/tcp_file_server.py b/tcp_file_server.py index ac430fd..1941a74 100644 --- a/tcp_file_server.py +++ b/tcp_file_server.py @@ -26,7 +26,7 @@ def run(self): self.server_thread = threading.Thread(target=self.server.serve_forever) self.server_thread.daemon = True self.server_thread.start() - print("local file server is runing on {}:{}. root='{}'".format(self.ip, self.port, self.server.root_dir)) + print("local file server is running on {}:{}. root='{}'".format(self.ip, self.port, self.server.root_dir)) def __exit__(self, exc_type, exc_val, exc_tb): self.server.shutdown() From 4f83759d7c95fb77943a2d49ffafd1c1d86776e7 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 9 Dec 2023 18:16:40 +0200 Subject: [PATCH 3/4] remote_command_execution_vulnerability.py handle error when key not found --- remote_command_execution_vulnerability.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/remote_command_execution_vulnerability.py b/remote_command_execution_vulnerability.py index f596485..553f28e 100644 --- a/remote_command_execution_vulnerability.py +++ b/remote_command_execution_vulnerability.py @@ -41,14 +41,14 @@ def get_stok(router_ip_address): try: r0 = requests.get("http://{router_ip_address}/cgi-bin/luci/web".format(router_ip_address=router_ip_address)) except: - print ("Xiaomi router not found...") + print ("Xiaomi router not found.") return None - try: + try: mac = re.findall(r'deviceId = \'(.*?)\'', r0.text)[0] + key = re.findall(r'key: \'(.*)\',', r0.text)[0] except: - print ("Xiaomi router not found...") + print ("Unable to find deviceId or key.") return None - key = re.findall(r'key: \'(.*)\',', r0.text)[0] nonce = "0_" + mac + "_" + str(int(time.time())) + "_" + str(random.randint(1000, 10000)) router_password = input("Enter router admin password: ") account_str = hashlib.sha1((router_password + key).encode('utf-8')).hexdigest() From 6467115dc7a32cc0a6b0d62acf5d4b128736c7fa Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 9 Dec 2023 18:17:05 +0200 Subject: [PATCH 4/4] set_english.py make miwifi.com as a default router IP --- set_english.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/set_english.py b/set_english.py index 0d59b16..fe28036 100644 --- a/set_english.py +++ b/set_english.py @@ -9,12 +9,13 @@ import os import ftplib -router_ip_address = input("Router IP address: ") -# router_ip_address = '192.168.0.21' +router_ip_address = "miwifi.com" +# router_ip_address = "192.168.31.1" +router_ip_address = input("Router IP address: [press enter for using the default '{}']".format(router_ip_address)) or router_ip_address session = ftplib.FTP(router_ip_address,'root','') -# Uploading a lenguage file will not succeed as the filesystem is ro +# Uploading a language file will not succeed as the filesystem is ro # languageFile = open('extras/language/i18n/base.en.lmo','rb') # session.storbinary('STOR /usr/lib/lua/luci/i18n/base.en.lmo', languageFile) # languageFile.close()