Re: Zyxel NSA325v2 brick January 31, 2022 09:30PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick January 31, 2022 11:57PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 01, 2022 11:14AM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 01, 2022 12:03PM |
Registered: 2 years ago Posts: 82 |
apt install xauth x11-apps
ssh -X user@nsa325and execute for instance xeyes in your shell.
Re: Zyxel NSA325v2 brick February 01, 2022 12:09PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 01, 2022 01:26PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 01, 2022 02:39PM |
Registered: 2 years ago Posts: 82 |
Re: Zyxel NSA325v2 brick February 01, 2022 02:43PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 01, 2022 11:23PM |
Admin Registered: 13 years ago Posts: 19,007 |
Re: Zyxel NSA325v2 brick February 02, 2022 12:46PM |
Registered: 2 years ago Posts: 82 |
This certainly doesn't belong there. And *something* downloads /var/run/tty6 from 202.110.187.205. A google on /tmp/loopd0 gave me this:Quote
0:2345:respawn:/tmp/loopd0
Quote
/tmp/loopd0 was identified as malicious by YARA according to rules: 000 Common Rules
Re: Zyxel NSA325v2 brick February 02, 2022 01:43PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 02, 2022 04:38PM |
Admin Registered: 13 years ago Posts: 19,007 |
Re: Zyxel NSA325v2 brick February 02, 2022 05:14PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 02, 2022 05:17PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 02, 2022 05:44PM |
Admin Registered: 13 years ago Posts: 19,007 |
Re: Zyxel NSA325v2 brick February 02, 2022 05:47PM |
Admin Registered: 13 years ago Posts: 19,007 |
Re: Zyxel NSA325v2 brick February 02, 2022 05:59PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 02, 2022 09:04PM |
Admin Registered: 13 years ago Posts: 19,007 |
Re: Zyxel NSA325v2 brick February 02, 2022 10:29PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 03, 2022 01:17AM |
Admin Registered: 13 years ago Posts: 19,007 |
fw_printenv prebootThe output should be
preboot=run preboot_nc
fw_setenv preboot
Re: Zyxel NSA325v2 brick February 03, 2022 09:07AM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick February 03, 2022 12:10PM |
Registered: 2 years ago Posts: 82 |
Re: Zyxel NSA325v2 brick February 03, 2022 01:48PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick March 03, 2022 06:44PM |
Registered: 2 years ago Posts: 1 |
dmesg | grep -i 'bad' Scanning device for bad blocks Bad eraseblock 34 at 0x000000440000 Bad eraseblock 120 at 0x000000f00000 block 15 is bad
kwboot -t -B 115200 /dev/ttyUSB0 -b uboot.2017.07-tld-1.nsa325.mtd0.kwb -p Sending boot message. Please reboot the target...\ Sending boot image... 0 % [+� _ _ | \/____ _____| | | |/ _` | '__\ \ / / _ \ | | | | | | (_| | | \ V / __/ | | |_| |_|\__,_|_| \_/ \___|_|_| _ _ ____ _ | | | | | __ ) ___ ___ | |_ | | | |___| _ \ / _ \ / _ \| __| | |_| |___| |_) | (_) | (_) | |_ \___/ |____/ \___/ \___/ \__| ** MARVELL BOARD: DB-88F6282A-BP LE U-Boot 1.1.4 (Oct 17 2012 - 15:22:14) Marvell version: 3.5.9 U-Boot code: 00600000 -> 0067FFF0 BSS: -> 006CFB00
Verifying Checksum ... +xmodem: Protocol error
Re: Zyxel NSA325v2 brick March 03, 2022 09:09PM |
Admin Registered: 13 years ago Posts: 19,007 |
> dmesg | grep -i 'bad' > Scanning device for bad blocks > Bad eraseblock 34 at 0x000000440000 > Bad eraseblock 120 at 0x000000f00000 > block 15 is bad >>
Re: Zyxel NSA325v2 brick March 04, 2022 10:31AM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick March 05, 2022 12:08PM |
Registered: 2 years ago Posts: 82 |
$ file tty6 tty6: ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), too many section (65535)It has a very high entropy, it can hardly be compressed. So whatever it is, it's not pure executable code. My first guess was that it is mainly compressed code, and decompresses itself in memory. But it contains 2 recognizable strings:
PROT_EXEC|PROT_WRITE failed. keikaku doori!The first one might have something to do with mmap, the second one is Japanese, and means 'Just as planned'. So maybe the executable mmaps itself to decompress the payload, and spawns an error when that fails, and says 'keikaku doori!' when it succeeds.
Re: Zyxel NSA325v2 brick March 08, 2022 01:08PM |
Registered: 2 years ago Posts: 82 |
Mar 8 18:57:46 ks10 kernel: [ 383.871992] process '/home/test/tty6' started with executable stackI *think* it decompresses/decrypts itself to it's stack and executes from there. Then it forks a lot, and it tries to isolate the box by stopping http servers, telnet and ssh daemons:
# grep exec strace.* trace.1032:execve("./tty6", ["./tty6"], 0xbef8b770 /* 19 vars */) = 0 strace.1032:open("/tmp/toexec", O_RDONLY) = -1 ENOENT (No such file or directory) strace.1038:execve("/bin/sh", ["sh", "-c", "rm -rf /var/run/wgsh > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1039:execve("/usr/bin/rm", ["rm", "-rf", "/var/run/wgsh"], 0x48467c /* 19 vars */) = 0 strace.1040:execve("/bin/sh", ["sh", "-c", "rm -rf /var/run/bbsh > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1041:execve("/usr/bin/rm", ["rm", "-rf", "/var/run/bbsh"], 0x50467c /* 19 vars */) = 0 strace.1042:execve("/bin/sh", ["sh", "-c", "rm -rf /var/run/tty0 > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1043:execve("/usr/bin/rm", ["rm", "-rf", "/var/run/tty0"], 0x4f467c /* 19 vars */) = 0 strace.1044:execve("/bin/sh", ["sh", "-c", "rm -rf /var/run/tty1 > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1045:execve("/usr/bin/rm", ["rm", "-rf", "/var/run/tty1"], 0x4c467c /* 19 vars */) = 0 strace.1046:execve("/bin/sh", ["sh", "-c", "rm -rf /var/run/tty2 > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1047:execve("/usr/bin/rm", ["rm", "-rf", "/var/run/tty2"], 0x4f467c /* 19 vars */) = 0 strace.1048:execve("/bin/sh", ["sh", "-c", "rm -rf /var/run/tty3 > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1049:execve("/usr/bin/rm", ["rm", "-rf", "/var/run/tty3"], 0x47467c /* 19 vars */) = 0 strace.1050:execve("/bin/sh", ["sh", "-c", "rm -rf /var/run/tty4 > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1051:execve("/usr/bin/rm", ["rm", "-rf", "/var/run/tty4"], 0x4a467c /* 19 vars */) = 0 strace.1052:execve("/bin/sh", ["sh", "-c", "rm -rf /var/run/tty5 > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1053:execve("/usr/bin/rm", ["rm", "-rf", "/var/run/tty5"], 0x49467c /* 19 vars */) = 0 strace.1054:execve("/bin/sh", ["sh", "-c", "rm -rf /tmp/tty0 > /dev/null 2>&"...], 0xbee37784 /* 20 vars */) = 0 strace.1055:execve("/usr/bin/rm", ["rm", "-rf", "/tmp/tty0"], 0x44467c /* 19 vars */) = 0 strace.1056:execve("/bin/sh", ["sh", "-c", "rm -rf /tmp/tty1 > /dev/null 2>&"...], 0xbee37784 /* 20 vars */) = 0 strace.1057:execve("/usr/bin/rm", ["rm", "-rf", "/tmp/tty1"], 0x49467c /* 19 vars */) = 0 strace.1058:execve("/bin/sh", ["sh", "-c", "rm -rf /tmp/tty2 > /dev/null 2>&"...], 0xbee37784 /* 20 vars */) = 0 strace.1059:execve("/usr/bin/rm", ["rm", "-rf", "/tmp/tty2"], 0x46467c /* 19 vars */) = 0 strace.1060:execve("/bin/sh", ["sh", "-c", "rm -rf /tmp/tty3 > /dev/null 2>&"...], 0xbee37784 /* 20 vars */) = 0 strace.1061:execve("/usr/bin/rm", ["rm", "-rf", "/tmp/tty3"], 0x4b467c /* 19 vars */) = 0 strace.1062:execve("/bin/sh", ["sh", "-c", "rm -rf /tmp/tty4 > /dev/null 2>&"...], 0xbee37784 /* 20 vars */) = 0 strace.1063:execve("/usr/bin/rm", ["rm", "-rf", "/tmp/tty4"], 0x44467c /* 19 vars */) = 0 strace.1064:execve("/bin/sh", ["sh", "-c", "rm -rf /tmp/tty5 > /dev/null 2>&"...], 0xbee37784 /* 20 vars */) = 0 strace.1065:execve("/usr/bin/rm", ["rm", "-rf", "/tmp/tty5"], 0x46467c /* 19 vars */) = 0 strace.1066:execve("/bin/sh", ["sh", "-c", "rm -rf /var/run/pty > /dev/null "...], 0xbee37784 /* 20 vars */) = 0 strace.1067:execve("/usr/bin/rm", ["rm", "-rf", "/var/run/pty"], 0x49467c /* 19 vars */) = 0 strace.1068:execve("/bin/sh", ["sh", "-c", "killall -9 arm > /dev/null 2>&1 "...], 0xbee37784 /* 20 vars */) = 0 strace.1070:execve("/bin/sh", ["sh", "-c", "killall -9 mips > /dev/null 2>&1"...], 0xbee37784 /* 20 vars */) = 0 strace.1072:execve("/bin/sh", ["sh", "-c", "killall -9 mipsel > /dev/null 2>"...], 0xbee37784 /* 20 vars */) = 0 strace.1074:execve("/bin/sh", ["sh", "-c", "killall -9 powerpc > /dev/null 2"...], 0xbee37784 /* 20 vars */) = 0 strace.1076:execve("/bin/sh", ["sh", "-c", "killall -9 ppc > /dev/null 2>&1 "...], 0xbee37784 /* 20 vars */) = 0 strace.1078:execve("/bin/sh", ["sh", "-c", "killall -9 daemon.armv4l.mod > /"...], 0xbee37784 /* 20 vars */) = 0 strace.1080:execve("/bin/sh", ["sh", "-c", "killall -9 daemon.i686.mod > /de"...], 0xbee37784 /* 20 vars */) = 0 strace.1082:execve("/bin/sh", ["sh", "-c", "killall -9 daemon.mips.mod > /de"...], 0xbee37784 /* 20 vars */) = 0 strace.1084:execve("/bin/sh", ["sh", "-c", "killall -9 daemon.mipsel.mod > /"...], 0xbee37784 /* 20 vars */) = 0 strace.1086:execve("/bin/sh", ["sh", "-c", "kill -9 `cat /tmp/.xs/*.pid` > /"...], 0xbee37784 /* 20 vars */) = 0 strace.1088:execve("/bin/sh", ["sh", "-c", "rm -rf /tmp/.xs/* > /dev/null 2>"...], 0xbee37784 /* 20 vars */) = 0 strace.1089:execve("/usr/bin/cat", ["cat", "/tmp/.xs/*.pid"], 0xc2a4d4 /* 19 vars */) = 0 strace.1090:execve("/usr/bin/rm", ["rm", "-rf", "/tmp/.xs/*"], 0x46467c /* 19 vars */) = 0 strace.1091:execve("/bin/sh", ["sh", "-c", "sleep 432000 && reboot &"], 0xbee37784 /* 20 vars */) = 0 strace.1093:execve("/usr/bin/sleep", ["sleep", "432000"], 0x444604 /* 19 vars */) = 0 strace.1094:execve("/bin/sh", ["sh", "-c", "(crontab -l | grep -v \"/home/tes"...], 0xbee37784 /* 20 vars */) = 0 strace.1096:execve("/usr/bin/crontab", ["crontab", "-l"], 0x166f514 /* 19 vars */) = 0 strace.1097:execve("/usr/bin/grep", ["grep", "-v", "/home/test/tty6"], 0x166f53c /* 19 vars */) = 0 strace.1098:execve("/usr/bin/grep", ["grep", "-v", "no cron"], 0x166f534 /* 19 vars */) = 0 strace.1099:execve("/usr/bin/grep", ["grep", "-v", "lesshts/run.sh"], 0x166f564 /* 19 vars */) = 0 strace.1100:execve("/bin/sh", ["sh", "-c", "echo \"* * * * * /home/test/tty6 "...], 0xbee37784 /* 20 vars */) = 0 strace.1101:execve("/bin/sh", ["sh", "-c", "crontab /var/lock/.x001804289383"], 0xbee37784 /* 20 vars */) = 0 strace.1102:execve("/usr/bin/crontab", ["crontab", "/var/lock/.x001804289383"], 0x5145ec /* 19 vars */) = 0 strace.1103:execve("/bin/sh", ["sh", "-c", "rm -rf /var/lock/.x001804289383"], 0xbee37784 /* 20 vars */) = 0 strace.1104:execve("/usr/bin/rm", ["rm", "-rf", "/var/lock/.x001804289383"], 0x464614 /* 19 vars */) = 0 strace.1105:execve("/bin/sh", ["sh", "-c", "/bin/uname -n"], 0xbee37784 /* 20 vars */) = 0 strace.1106:execve("/bin/uname", ["/bin/uname", "-n"], 0x4545b4 /* 12 vars */) = 0 strace.1107:execve("/bin/sh", ["sh", "-c", "/bin/uname -n"], 0xbee37784 /* 20 vars */) = 0 strace.1108:execve("/bin/uname", ["/bin/uname", "-n"], 0x4b45b4 /* 12 vars */) = 0 strace.1110:execve("/bin/sh", ["sh", "-c", "kill -9 `cat /var/run/httpd.pid`"...], 0xbee37784 /* 20 vars */) = 0 strace.1112:execve("/bin/sh", ["sh", "-c", "service httpd stop > /dev/null 2"...], 0xbee37784 /* 20 vars */) = 0 strace.1113:execve("/usr/bin/cat", ["cat", "/var/run/httpd.pid"], 0x1a3742c /* 12 vars */) = 0 strace.1114:execve("/usr/sbin/service", ["service", "httpd", "stop"], 0x4a466c /* 12 vars */) = 0 strace.1114:execve("/usr/local/sbin/systemctl", ["systemctl", "stop", "httpd.service"], 0x19fa29c /* 12 vars */) = -1 ENOENT (No such file or directory) strace.1114:execve("/usr/local/bin/systemctl", ["systemctl", "stop", "httpd.service"], 0x19fa29c /* 12 vars */) = -1 ENOENT (No such file or directory) strace.1114:execve("/usr/sbin/systemctl", ["systemctl", "stop", "httpd.service"], 0x19fa29c /* 12 vars */) = -1 ENOENT (No such file or directory) strace.1114:execve("/usr/bin/systemctl", ["systemctl", "stop", "httpd.service"], 0x19fa29c /* 12 vars */) = 0 strace.1115:execve("/bin/sh", ["sh", "-c", "killall -9 mini_httpd > /dev/nul"...], 0xbee37784 /* 20 vars */) = 0 strace.1117:execve("/usr/bin/basename", ["basename", "/usr/sbin/service"], 0x4d461c /* 12 vars */) = 0 strace.1118:execve("/bin/sh", ["sh", "-c", "killall -9 minihttpd > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1119:execve("/usr/bin/basename", ["basename", "/usr/sbin/service"], 0x4d4674 /* 12 vars */) = 0 strace.1121:execve("/bin/sh", ["sh", "-c", "kill -9 `cat /var/run/thttpd.pid"...], 0xbee37784 /* 20 vars */) = 0 strace.1124:execve("/bin/sh", ["sh", "-c", "nvram set httpd_enable=0 > /dev/"...], 0xbee37784 /* 20 vars */) = 0 strace.1125:execve("/usr/bin/cat", ["cat", "/var/run/thttpd.pid"], 0x59a42c /* 12 vars */) = 0 strace.1126:execve("/usr/bin/systemctl", ["systemctl", "list-unit-files", "--full", "--type=socket"], 0x19fa2b4 /* 12 vars */) = 0 strace.1127:execve("/usr/bin/sed", ["sed", "-ne", "s/\\.socket\\s*[a-z]*\\s*$/.socket/"...], 0x19fa29c /* 12 vars */) = 0 strace.1128:execve("/bin/sh", ["sh", "-c", "nvram set http_enable=0 > /dev/n"...], 0xbee37784 /* 20 vars */) = 0 strace.1129:execve("/bin/sh", ["sh", "-c", "killall -9 httpd > /dev/null 2>&"...], 0xbee37784 /* 20 vars */) = 0 strace.1131:execve("/bin/sh", ["sh", "-c", "service telnetd stop > /dev/null"...], 0xbee37784 /* 20 vars */) = 0 strace.1132:execve("/usr/sbin/service", ["service", "telnetd", "stop"], 0x47466c /* 12 vars */) = 0 strace.1132:execve("/usr/local/sbin/systemctl", ["systemctl", "stop", "telnetd.service"], 0x92a29c /* 12 vars */) = -1 ENOENT (No such file or directory) strace.1132:execve("/usr/local/bin/systemctl", ["systemctl", "stop", "telnetd.service"], 0x92a29c /* 12 vars */) = -1 ENOENT (No such file or directory) strace.1132:execve("/usr/sbin/systemctl", ["systemctl", "stop", "telnetd.service"], 0x92a29c /* 12 vars */) = -1 ENOENT (No such file or directory) strace.1132:execve("/usr/bin/systemctl", ["systemctl", "stop", "telnetd.service"], 0x92a29c /* 12 vars */) = 0 strace.1133:execve("/bin/sh", ["sh", "-c", "service sshd stop > /dev/null 2>"...], 0xbee37784 /* 20 vars */) = 0 strace.1134:execve("/usr/sbin/service", ["service", "sshd", "stop"], 0x46466c /* 12 vars */) = 0 strace.1134:execve("/usr/local/sbin/systemctl", ["systemctl", "stop", "sshd.service"], 0x52a29c /* 12 vars */) = -1 ENOENT (No such file or directory) strace.1134:execve("/usr/local/bin/systemctl", ["systemctl", "stop", "sshd.service"], 0x52a29c /* 12 vars */) = -1 ENOENT (No such file or directory) strace.1134:execve("/usr/sbin/systemctl", ["systemctl", "stop", "sshd.service"], 0x52a29c /* 12 vars */) = -1 ENOENT (No such file or directory) strace.1134:execve("/usr/bin/systemctl", ["systemctl", "stop", "sshd.service"], 0x52a29c /* 12 vars */) = 0 strace.1135:execve("/usr/bin/basename", ["basename", "/usr/sbin/service"], 0x4d461c /* 12 vars */) = 0 strace.1136:execve("/bin/sh", ["sh", "-c", "killall -9 telnetd > /dev/null 2"...], 0xbee37784 /* 20 vars */) = 0 strace.1137:execve("/usr/bin/basename", ["basename", "/usr/sbin/service"], 0x4d4674 /* 12 vars */) = 0 strace.1139:execve("/usr/bin/basename", ["basename", "/usr/sbin/service"], 0x46461c /* 12 vars */) = 0 strace.1140:execve("/bin/sh", ["sh", "-c", "killall -9 utelnetd > /dev/null "...], 0xbee37784 /* 20 vars */) = 0 strace.1143:execve("/usr/bin/basename", ["basename", "/usr/sbin/service"], 0x464674 /* 12 vars */) = 0 strace.1144:execve("/bin/sh", ["sh", "-c", "killall -9 dropbear > /dev/null "...], 0xbee37784 /* 20 vars */) = 0 strace.1145:execve("/usr/bin/systemctl", ["systemctl", "list-unit-files", "--full", "--type=socket"], 0x92a2b4 /* 12 vars */) = 0 strace.1146:execve("/usr/bin/sed", ["sed", "-ne", "s/\\.socket\\s*[a-z]*\\s*$/.socket/"...], 0x92a29c /* 12 vars */) = 0 strace.1149:execve("/bin/sh", ["sh", "-c", "killall -9 sshd > /dev/null 2>&1"...], 0xbee37784 /* 20 vars */) = 0 strace.1150:execve("/usr/bin/systemctl", ["systemctl", "list-unit-files", "--full", "--type=socket"], 0x52a2b4 /* 12 vars */) = 0 strace.1151:execve("/usr/bin/sed", ["sed", "-ne", "s/\\.socket\\s*[a-z]*\\s*$/.socket/"...], 0x52a29c /* 12 vars */) = 0 strace.1153:execve("/bin/sh", ["sh", "-c", "killall -9 lighttpd > /dev/null "...], 0xbee37784 /* 20 vars */) = 0The daemon which runs in background identifies itself as 'inet0', 'lo', 'eth0' or '-'. It's open files:
ls -l /proc/1029/fd/ lrwx------ 1 test test 64 Mar 8 17:49 0 -> 'socket:[52991]' lrwx------ 1 test test 64 Mar 8 17:49 1 -> /dev/null lrwx------ 1 test test 64 Mar 8 17:49 2 -> /dev/null lr-x------ 1 test test 64 Mar 8 17:49 3 -> /home/test/tty6 lr-x------ 1 test test 64 Mar 8 17:49 4 -> /etc/issue lr-x------ 1 test test 64 Mar 8 17:49 5 -> /etc/issue lr-x------ 1 test test 64 Mar 8 17:49 6 -> /proc/version lr-x------ 1 test test 64 Mar 8 17:49 7 -> /usr/bin/crontab lrwx------ 1 test test 64 Mar 8 17:49 8 -> 'socket:[52844]' lr-x------ 1 test test 64 Mar 8 17:49 9 -> /usr/bin/unameIt adds a line to crontab:
$ crontab -l * * * * * /home/test/tty6 > /dev/null 2>&1 &I suppose it also tried /etc/inittab and other targets, but it had no rights for that.
netstat -tapn Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 529/sshd: /usr/sbin tcp 0 0 127.0.0.1:63008 0.0.0.0:* LISTEN 698/inet0 tcp 0 0 192.168.1.188:50294 66.178.182.1:8080 ESTABLISHED 698/inet0 tcp6 0 0 :::22 :::* LISTEN 529/sshd: /usr/sbinIntercepted some traffic:
9:58:04.972842 IP (tos 0x0, ttl 64, id 188, offset 0, flags [DF], proto TCP (6), length 60) 192.168.1.188.60104 > www.khust.tv.http-alt: Flags [S], cksum 0x02ce (incorrect -> 0x6e2f), seq 1494829240, win 64240, options [mss 1460,sackOK,TS val 1874051172 ecr 0,nop,wscale 5], length 0 E..<..@.@.7a......}&....Y.H.................... o..d........ 19:58:05.019731 IP (tos 0x0, ttl 57, id 23970, offset 0, flags [DF], proto TCP (6), length 60) www.khust.tv.http-alt > 192.168.1.188.60104: Flags [S.], cksum 0x53f8 (correct), seq 2006717535, ack 1494829241, win 8192, options [mss 1452,nop,wscale 3,sackOK,TS val 3632435362 ecr 1874051172], length 0 E..<].@.9..z..}&........w.._Y.H... .S.............. ....o..d 19:58:05.019862 IP (tos 0x0, ttl 64, id 189, offset 0, flags [DF], proto TCP (6), length 52) 192.168.1.188.60104 > www.khust.tv.http-alt: Flags [.], cksum 0x02c6 (incorrect -> 0x9ab1), ack 1, win 2008, options [nop,nop,TS val 1874051219 ecr 3632435362], length 0 E..4..@.@.7h......}&....Y.H.w..`........... o....... 19:58:05.973174 IP (tos 0x0, ttl 64, id 190, offset 0, flags [DF], proto TCP (6), length 112) 192.168.1.188.60104 > www.khust.tv.http-alt: Flags [P.], cksum 0x0302 (incorrect -> 0xddf7), seq 1:61, ack 1, win 2008, options [nop,nop,TS val 1874052172 ecr 3632435362], length 60: HTTP E..p..@.@.7+......}&....Y.H.w..`........... o..L....NICK A6|f|1|623134|ks10 USER x00 localhost localhost :2021r 19:58:06.119665 IP (tos 0x0, ttl 57, id 24082, offset 0, flags [DF], proto TCP (6), length 52) www.khust.tv.http-alt > 192.168.1.188.60104: Flags [.], cksum 0x9650 (correct), ack 61, win 1016, options [nop,nop,TS val 3632436462 ecr 1874052172], length 0 E..4^.@.9.....}&........w..`Y.H......P..... ....o..L 19:58:06.433765 IP (tos 0x0, ttl 57, id 24110, offset 0, flags [DF], proto TCP (6), length 163) www.khust.tv.http-alt > 192.168.1.188.60104: Flags [P.], cksum 0xf870 (correct), seq 1:112, ack 61, win 1024, options [nop,nop,TS val 3632436775 ecr 1874052172], length 111: HTTP E...^.@.9.....}&........w..`Y.H......p..... ...'o..L:IRC!IRC@0x.25 PRIVMSG A6|f|1|623134|ks10 :.VERSION. :. 010 . 127.0.0.1 6667 : :. 005 . : :. 376 . :Not very readable.
Re: Zyxel NSA325v2 brick March 08, 2022 01:17PM |
Registered: 2 years ago Posts: 36 |
Re: Zyxel NSA325v2 brick March 08, 2022 03:41PM |
Registered: 2 years ago Posts: 82 |