GS1900-10HP hacked :\
GabrieleMax
Posts: 1 
Freshman Member
Freshman Member
When I try to connect to my GS1900-10HP it sends me a file named
if [ -f /mnt/web/modules.tar.lzma ];then
mount -t ramfs /dev/mem3 /lib/modules/
cp /mnt/web/modules.tar.lzma /lib/modules/
cd /lib/modules/
unlzma modules.tar.lzma
tar -xvf modules.tar
rm modules.tar
cd -
fi
After a port scan I have:
[email protected]:/home/gabriele# nmap -sS -P0 -sV -O 192.168.1.230
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-04 16:12 CEST
Nmap scan report for 192.168.1.230
Host is up (0.020s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
80/tcp open http uc-httpd 1.0.0
554/tcp open rtsp H264DVR rtspd 1.0
MAC Address: XX:XX:XX:XX:XX:XX (ICP Internet Communication Payment AG)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.10
Network Distance: 1 hop
Service Info: Device: storage-misc
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 35.79 seconds
Now how can I fix it?|![:\](https://community.zyxel.com/plugins/emojiextender/emoji/twitter/confused.png ":\")
GabrieleMax
#Biz_Switch_Aug
Yq2b40+w, when I open it I have:
Index of /mnt/web/
modules.tar.lzma
pkg_clean.sh
unpkg.sh
The first file is a compressed file and inside of it I have a lot of files with *.ko extension something like codec.ko and decoder.ko, really strange
In the second file I have:
if [ -f /mnt/web/modules.tar.lzma ];then
rm -rf /lib/modules/*
umount /lib/modules/
fi
if [ -f /mnt/web/modules.tar.lzma ];then
mount -t ramfs /dev/mem3 /lib/modules/
cp /mnt/web/modules.tar.lzma /lib/modules/
cd /lib/modules/
unlzma modules.tar.lzma
tar -xvf modules.tar
rm modules.tar
cd -
fi
After a port scan I have:
[email protected]:/home/gabriele# nmap -sS -P0 -sV -O 192.168.1.230
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-04 16:12 CEST
Nmap scan report for 192.168.1.230
Host is up (0.020s latency).
Not shown: 998 closed ports
PORT STATE SERVICE VERSION
80/tcp open http uc-httpd 1.0.0
554/tcp open rtsp H264DVR rtspd 1.0
MAC Address: XX:XX:XX:XX:XX:XX (ICP Internet Communication Payment AG)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.10
Network Distance: 1 hop
Service Info: Device: storage-misc
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 35.79 seconds
Now how can I fix it?|
GabrieleMax
#Biz_Switch_Aug
0
Comments
-
Hello @GabrieleMax
I'm curious how you found the problem.
Did you try to remove all other devices connected firstly and then connected PC with GS1900?
I suspect if it is possible that the files were actually coming from other devices, for example, one of other servers, instead of GS1900.
Could you have a try to remove all other devices connected with GS1900 and then connect PC again (only one PC) to see if there is still the same problem?
Ryan
0
Zyxel Employee
Categories
- 8.4K All Categories
- 1.6K Nebula
- 70 Nebula Ideas
- 56 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 980 Switch
- 46 Switch Ideas
- 870 WirelessLAN
- 22 WLAN Ideas
- 5.1K Consumer Product
- 155 Service & License
- 280 News and Release
- 58 Security Advisories
- 13 Education Center
- 578 FAQ
- 261 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight
