IPD R7 5.4.0 SSH-enabled firmware, PSH disabled

uint32_t

n3wb
Joined
May 30, 2016
Messages
10
Reaction score
5
Just an idea regarding psh, has anyone tried command injection using semicolons after the psh command to send raw commands to bash?
eg. using the ping command within psh you could do: ping 192.168.1.1;bash_command_here;another_command -x some_parms

or even this: ping 192.168.1.1;killall psh

This may work because some psh commands invoke the equivalent busybox commands in the background and print out the result. However I cant test this until I get my next lot of cameras, the last lot I had access to have been sold to one of our customers.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
14,620
Reaction score
5,623
Location
Scotland
Just an idea regarding psh, has anyone tried command injection using semicolons after the psh command to send raw commands to bash?
There was a time when using a backquote would work - but the last time I looked, for a while (and I don't know the dates or version numbers) psh has filtered all the special characters that I tried at least with a 'not allowed n' error.
 

Gul-Dukat

Young grasshopper
Joined
Sep 25, 2017
Messages
41
Reaction score
11
Location
Australia
Does anyone still happen to have this R7 IPD firmware?
I didnt grab it in time and now the original download link reports the file an unavailable.
Cheers
 
Top