misterch0c

***Firmware Directory***
/home/unkn0wn/firmwares/wn/_rootfs.squashfs.extracted/squashfs-root/
***Search for password files***
##################################### passwd
/usr/bin/passwd
/etc/passwd

##################################### shadow
/etc/shadow

misterch0c

#!/bin/bash

#Use the extractor to recover only the filesystem, no kernel (-nk), no parallel operation (-np), populating the image table in the SQL server at 127.0.0.1 (-sql) with the Netgear brand (-b), and storing the tarball in images.
sources/extractor/extractor.py -b Netgear -sql 127.0.0.1 -np -nk "WNAP320 Firmware Version 2.0.3.zip" images
#Identify the architecture of firmware 1 and store the result in the image table of the database.
scripts/getArch.sh images/1.tar.gz
#Load the contents of the filesystem for firmware 1 into the database, populating the object and object_to_image tables.
scripts/tar2db.py -i 1 -f images/1.tar.gz
#Create the QEMU disk image for firmware 1
scripts/makeImage.sh 1

misterch0c

cd /usr/lib/vmware/modules/source
sudo tar xvf /usr/lib/vmware/modules/source/vmmon.tar 
cd vmmon-only
#open linux/hostif.c and replace 'get_user_pages' by 'get_user_pages_remote'
sudo tar cvf /usr/lib/vmware/modules/source/vmmon.tar vmmon-only

sudo tar xvf /usr/lib/vmware/modules/source/vmnet.tar 
cd vmnet-only
#open linux/userif.c and replace 'get_user_pages' by 'get_user_pages_remote'
sudo tar cvf /usr/lib/vmware/modules/source/vmnet.tar vmnet-only

misterch0c

# Step 1: Extract source 
tar xvf /usr/lib/vmware/modules/source/vmnet.tar

# Step 2: Patch source 
open /usr/lib/vmware/modules/sources/vmnet-only/netif.c
replace "dev->trans_start = jiffies;" with  "netif_trans_update(dev);" and don't forget the ";" (:

# Step 3: Replace source
tar cvf /usr/lib/vmware/modules/source/vmnet.tar vmnet-only

misterch0c

BTC ${texeci 300 curl https://api.bitcoinaverage.com/ticker/global/USD/last} $alignr
#ETH price in btc
ETH ${texeci 300 curl https://api.kraken.com/0/public/Ticker?pair=ETHXBT | jq ".result.XETHXXBT.b[0]" | grep -oE "[0-9]*\....."}
#ETH price in usd
#ETH ${texeci 300 curl https://api.coinmarketcap.com/v1/ticker/ethereum/ | grep "price_usd" | grep -oE "[0-9]*\....."}

misterch0c

<?php
/*
	NB: THIS PoC ONLY WORKS IN QEMU USERMODE EMULATION!
	If anyone wants to fix this, go ahead (no pun intended).
	However, I don't have a vulnerable product and am unwilling to acquire one.
	
	-------------------------

	UCam247/Phylink/Titathink/YCam/Anbash/Trivision/Netvision/others
	remote code exec: reverse shell PoC.

misterch0c

archive file header
magicNumber:            0x12345678

read/write stats:       
pos_write_pointer:      0x0000014c
pos_read_pointer:       0x00000120
wrap_count:             0x00000000
num_health_events:      0x00000000
last_data_block_key:    0x00000840
file_time_stamp:        07/14/2009  01:20:36

misterch0c

alignment top_middle
background no
border_margin 5
border_width 5
default_color d7d7d7  #413536 # grey 5f5f5f 3F3F3F 183149 3B3B3B 26211F
double_buffer yes
draw_borders no
draw_outline no
draw_shades no
draw_graph_borders yes

misterch0c

Enter menu option: [0]
3
Running command 'registryquery -hive l -key "Software\Classes\CLSID\{091FD378-422D-A36E-8487-83B57ADD2109}\TypeLib"'
Failed to open registry key
The system cannot find the file specified.

    *** Command indicated failure ***
- Special registry key NOT present.
Continue?
CONTINUE

misterch0c

ImplantIndependent: 
Special: 
StraitBizarre: 
UnitedRake: 
  UR ToggleFA Return Code: 0x6
FlewAvenue: 
  Legacy: 
  KillSuit: 
CritterFrenzy: 
DiveBar: