| Products > Test Equipment |
| Trying to hack the DSOX1204(A/G) firmware |
| << < (4/10) > >> |
| stafil:
Another possible way is to go in through SCPI. Either using the "syst:prod:sscr", which I believe sets bootup parameters, and change it to boot into "single user" mode Or using the command that calls "setSystProdRunProcess". It's not "syst:prod:run:process" however, so probably we have to do a bit of decoding of their SCPI command tree to find which SCPI command it is. Also there is this "deb:command" command, that expects xml. Not sure the exact format though. Edit: I believe that the scpi command that will invoke the "setSystProdRunProcess" is ":syst:prod:rpr" Edit2: Found something interesting in the symbols: 0x00807b58 .dword 0x00808020 ; str.500MHz_Bandwidth 0x00807b5c .dword 0x00808034 ; str.BW50 Capable of 500Mhz maybe?!? |
| thomasb9511:
1. If you can change the root password, can you login as root? 2. What are the file permissions on `usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem` and the folder it is in? |
| stafil:
--- Quote from: thomasb9511 on April 17, 2020, 01:42:47 am ---1. If you can change the root password, can you login as root? 2. What are the file permissions on `usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem` and the folder it is in? --- End quote --- 1. I cannot find a way to even get to a login prompt (telnet, ssh, etc..) 2. # ls -ld usr/share/ca-certificates/keysight/ drwxr-xr-x 2 root root 4096 Nov 12 19:31 usr/share/ca-certificates/keysight/ # ls -l usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem -rw-r--r-- 1 root root 272 Nov 12 19:31 usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem |
| thomasb9511:
--- Quote from: stafil on April 17, 2020, 02:12:31 am ---1. I cannot find a way to even get to a login prompt (telnet, ssh, etc..) 2. # ls -ld usr/share/ca-certificates/keysight/ drwxr-xr-x 2 root root 4096 Nov 12 19:31 usr/share/ca-certificates/keysight/ # ls -l usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem -rw-r--r-- 1 root root 272 Nov 12 19:31 usr/share/ca-certificates/keysight/Rocky-SWU-Signing-only.pem --- End quote --- 1. Wonder if the binaries even exist. How are you running these commands? 2. can you do whoami? I wonder what perms the running user have in terms of launching processes in bin/. |
| thomasb9511:
Maybe you could run sshd(if it exists) as the running user - https://serverfault.com/questions/344295/is-it-possible-to-run-sshd-as-a-normal-user |
| Navigation |
| Message Index |
| Next page |
| Previous page |