I created a new tool to obsolete the classic B593cmd.pl ping-exploit tool. I wrote that one almost a year ago to run any commands on your B593. That could be used to lift IPtables restrictions or get your sshusers.cfg contents.
Now that Mr. Ronkainen found out that pre-SP100 firmwares have another flaw, which is much more simpler to exploit, I wrote a tool to combine both of them into a single package.
Neither one of these work in SP100+ firmwares, but not to worry! They have SSH-port open for full access anyway. So ... getting a SP100+ firmware into your box should be your target anyway. This tool can help you gain access to your box.
./B593_exploit.pl --help Usage: B593_exploit.pl --help|-h This help --run-cmd Run a command: pre SP-100 ping-exploit to run any command via web-console --telnet-login Login via telnet: lift IPtables firewall from telnet and login
There are couple of bugs fixed, it should be more robust and has --debug -mode in it.
This is the newer one. Run example:
./B593_exploit.pl --telnet-login 192.168.1.1 Attempt 1 telnetting to 192.168.1.1
BusyBox vv1.9.1 (2012-03-01 14:00:34 CST) built-in shell (ash) Enter 'help' for a list of built-in commands.
# iptables -nL INPUT
Ok. It's not a full telnet-client like you'd a regular telnet to be. This emulates one with Perl's Term::Readline, so your vi won't work or tab-based command-line completion. However, it has enough power in it to allow you to run commands and display contents of the files or fiddle with your IPtables.
In my next post I'm about to release a tool for editing and storing values of your curcfg.xml. This is a prerequisite, getting to the prompt and running stuff on the prompt is a must-have.
mine was different but it was a universal firmware that mode to accept on a lock carrier, it's V200R001B236D30SP00C00... like to gain ssh and want to remove the lock when reset going back to lock on carrier.