Products > Test Equipment
Trying to hack the DSOX1204(A/G) firmware
stafil:
--- Quote from: thomasb9511 on April 17, 2020, 08:42:35 pm ---Wonder if the version of nginx and/or php the web server is running has any exploits.
--- End quote ---
I highly doubt it for ndginx, but php is possible.
I also see the cups port and the rpc ports open, so that would be another attach surface if you are interested investigating.
stafil:
--- Quote from: tv84 on April 17, 2020, 07:20:31 pm ---
--- Quote from: stafil on April 15, 2020, 07:58:23 pm ---Another possible way is to go in through SCPI.
Either using the "syst:prod:sscr", which I believe sets bootup parameters, and change it to boot into "single user" mode
--- End quote ---
Nice! Worth investigating.
And "syst:sscr?" should get the bootup parameters... (? ? ?)
--- End quote ---
Correct. But didn't have any luck with syst:prod:sscr, or syst:prod:rpr.
One returns `-440 Query UNTERMINATED after indefinite response` and the other `System error`
stafil:
--- Quote from: tv84 on April 17, 2020, 07:20:31 pm ---
--- Quote from: stafil on April 15, 2020, 07:58:23 pm ---Another possible way is to go in through SCPI.
Either using the "syst:prod:sscr", which I believe sets bootup parameters, and change it to boot into "single user" mode
--- End quote ---
Nice! Worth investigating.
And "syst:sscr?" should get the bootup parameters... (? ? ?)
--- End quote ---
BTW, which decompiler is this one that you are using? looks cool
stafil:
--- Quote from: tv84 on April 17, 2020, 10:13:57 pm ---
--- Quote from: stafil on April 17, 2020, 09:58:48 pm ---One returns `-440 Query UNTERMINATED after indefinite response` and the other `System error`
--- End quote ---
What about?
syst:sscr?
or
SYST:SSCR?
--- End quote ---
`syst:prod:sscr?` would just return empty string
stafil:
--- Quote from: tv84 on April 17, 2020, 10:12:02 pm ---
--- Quote from: stafil on April 17, 2020, 10:04:34 pm ---BTW, which decompiler is this one that you are using? looks cool
--- End quote ---
IDA
--- End quote ---
Really nice, but also really expensive :D
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version