Skip to content

Instantly share code, notes, and snippets.

View nutc4k3's full-sized avatar
⚠️
I may be slow to respond.

nutcake nutc4k3

⚠️
I may be slow to respond.
View GitHub Profile

Keybase proof

I hereby claim:

  • I am nutc4k3 on github.
  • I am nutcak3 (https://keybase.io/nutcak3) on keybase.
  • I have a public key ASD4oGEiz66w_yCZ-uxwgD1XDVfb9BN9jVyMml6VKaYhdQo

To claim this, I am signing this object:

Unauthenticated RCE as root on ASKEY router RTF3505VW through GET parameter
------------------------------------------------------------------------------
The router RTF3505VW, which is distributed by Vivo, is vulnerable to a unauthenticated RCE via a GET parameter. The vulnerability resides on the /bin/httpd, as it passes a GET parameter to a system call, see the vulnerable portion of the binary below.
if (iVar1 != 0) {
system("killall ping traceroute > /dev/null 2>&1");
__format = "ping %s -c %s -I %s> %s&";
puVar4 = auStack10144;

Oh my zsh.

Install with curl

sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

Enabling Plugins (zsh-autosuggestions & zsh-syntax-highlighting)

  • Download zsh-autosuggestions by