[email protected] (Trent W. Buck) wrote:
> Rohan McLeod <[email protected]> writes:
>
>> James Harper wrote:
>>>> NetComm ADSL2+ Router NB6_REV2_16M
>>>> Software Version: 3.65p
>>>> And I'm in. It's a shell, but can't tell what. ps shows a 'sh' process
>>>> running.
>>> Actually:
>>>> ps --help
>>> BusyBox v1.00 (2010.01.12-11:52+0000) multi-call binary
>>> So... not bash.
>> thanks , interesting well that's a relief !
> IMO this is not a reliable test.
>
> I know of at least Thecus NAS installs which ship busybox,
> but include bash. Such a system would show the same "I'm busybox"
> output when running ps in bash, since it is not a bash builtin.
>
> I don't know offhand of a reliable test.
> Off the top of my head, I'd suggest "echo $BASH_VERSION",
> which seems to be under --posix (which more-or-less correponds to
> invoking as argv[0] = "/bin/sh").
>
> Probably the Right Thing would be to test for the actual vuln.
Thanks Trent:
Well as mentioned I can only Telnet 192.168.1.1 to the login prompt;
thus far can't find a working u/n and p/w combination to get me to the
shell;
definitely not the u/n "admin" and p/w "admin" (default) of the web
interface;
which seems to be the case for James.
Actually now I notice the firmware for my
Netcomm NB6Plus4W (iPrimus issued) is vs 3.65n
wheras Jame's NetComm ADSL2+ Router NB6_REV2_16M is vs 3.65p
iPrimus support nearly had a nervous breakdown when consulted;
couldn't even tell me whether it was deliberately blocked !
Netcomm support are supposedly going to email me
a working u/n and p/w and even gave me a reference number !;
if something eventuates, I post the result
regards Rohan McLeod
>
> _______________________________________________
> luv-main mailing list
> [email protected]
> http://lists.luv.asn.au/listinfo/luv-main
>
_______________________________________________
luv-main mailing list
[email protected]
http://lists.luv.asn.au/listinfo/luv-main
