The Decompressoin tool for Vxworks MINIFS

Overview

MINIFS-Decompression

The Decompression tool for Vxworks MINIFS filesystem.

USAGE

python minifs_decompression.py [target_firmware]

The example of Mercury router firmware:

$ python minifs_decompress.py ./MW305R.BIN
1173+0 records in
1173+0 records out
1173 bytes transferred in 0.006129 secs (191392 bytes/sec)
58+0 records in
58+0 records out
58 bytes transferred in 0.000298 secs (194616 bytes/sec)
2464+0 records in
2464+0 records out
2464 bytes transferred in 0.012085 secs (203890 bytes/sec)
127+0 records in
127+0 records out
127 bytes transferred in 0.000661 secs (192163 bytes/sec)
419+0 records in
419+0 records out
419 bytes transferred in 0.002342 secs (178908 bytes/sec)
1483+0 records in
1483+0 records out
1483 bytes transferred in 0.007509 secs (197497 bytes/sec)
10316+0 records in
10316+0 records out

The result of decompress:

$ tree
.
├── conf
│   ├── mcbDesc.bin
│   ├── modelDesc.bin
│   ├── oem.txt
│   ├── priv-key.pem
│   └── server-cert.pem
├── minifs_decompress.py
└── web
    ├── common
    │   ├── AccessCtrl.htm
    │   ├── Advance.htm
    │   ├── Basic.htm
    │   ├── BasicDynamicIp.htm
    │   ├── BasicEptManagement.htm
    │   ├── BasicHead.htm
    │   ├── BasicMenu.htm
    │   ├── BasicNetWork.htm
    │   ├── BasicPPPoE.htm
    │   ├── BasicStaticIp.htm
    │   ├── BasicWireless.htm
    │   ├── Content.htm
    │   ├── DHCPServer.htm
    │   ├── DMZCfg.htm
    │   ├── DateTimeCfg.htm
    │   ├── DdnsCfg.htm
    │   ├── Diagnostic.htm
    │   ├── DynamicIp.htm
    │   ├── Foot.htm
    │   ├── Help.htm
    │   ├── IPMACBind.htm
    │   ├── Index.htm
    │   ├── LanCfg.htm
    │   ├── Login.htm
    │   ├── LoginChgPwd.htm
    │   ├── MacClone.htm
    │   ├── ManageSettingUp.htm
    │   ├── PPPoE.htm
    │   ├── ParentControl.htm
    │   ├── PhoneBasicNetWork.htm
    │   ├── PhoneBasicWireless.htm
    │   ├── PhoneDynamicIp.htm
    │   ├── PhoneEquipManage.htm
    │   ├── PhoneEquipManageDetail.htm
    │   ├── PhoneIndex.htm
    │   ├── PhoneLogin.htm
    │   ├── PhoneLoginChgPwd.htm
    │   ├── PhoneMenu.htm
    │   ├── PhoneOtherSet.htm
    │   ├── PhoneOtherSetChgPwd.htm
    │   ├── PhonePPPoE.htm
    │   ├── PhoneStaticIp.htm
    │   ├── PhoneWizard.htm
    │   ├── PhoneWizardDynamicIp.htm
    │   ├── PhoneWizardEnd.htm
    │   ├── PhoneWizardPPPoE.htm
    │   ├── PhoneWizardStaticIp.htm
    │   ├── PhoneWizardWireless.htm
    │   ├── RouteTable.htm
    │   ├── StaticIp.htm
    │   ├── SysBakNRestore.htm
    │   ├── SysChangeLgPwd.htm
    │   ├── SysReboot.htm
    │   ├── SysReset.htm
    │   ├── SysUpgrade.htm
    │   ├── SystemLog.htm
    │   ├── UpnpCfg.htm
    │   ├── VirtualServerCfg.htm
    │   ├── WanCfg.htm
    │   ├── Wizard.htm
    │   ├── WizardDynamicIp.htm
    │   ├── WizardEnd.htm
    │   ├── WizardPPPoE.htm
    │   ├── WizardStaticIp.htm
    │   ├── WizardWireless.htm
    │   ├── WlanGuestNetWorkCfg.htm
    │   ├── WlanNetwork.htm
    │   ├── WlanWDSCfg.htm
    │   ├── WlanWDSCfgEnd.htm
    │   ├── WlanWDSCfgFirst.htm
    │   ├── WlanWDSCfgFive.htm
    │   ├── WlanWDSCfgFour.htm
    │   ├── WlanWDSCfgSecond.htm
    │   └── WlanWDSCfgThird.htm
    ├── dynaform
    │   ├── DataGrid.css
    │   ├── DataGrid.js
    │   ├── class.css
    │   ├── class.js
    │   ├── macFactory.js
    │   ├── menu.css
    │   ├── menu.js
    │   ├── phoneClass.css
    │   └── phoneClass.js
    ├── images
    │   ├── QRcode_me.png
    │   ├── advance_me.png
    │   ├── backwardBtn_me.png
    │   ├── basic_me.png
    │   ├── circleLeft_me.png
    │   ├── circleRight_me.png
    │   ├── detailArrow_me.png
    │   ├── equipMng_me.png
    │   ├── errorPic_me.png
    │   ├── icon_me.ico
    │   ├── icon_wifi_me.png
    │   ├── logo_me.png
    │   ├── mngPwd_me.png
    │   ├── netSet_me.png
    │   ├── otherSet_me.png
    │   ├── rightIcon_me.png
    │   ├── wanDetecting_me.gif
    │   ├── wdsDetect_me.gif
    │   ├── wifiSet_me.png
    │   ├── wzdWarningWhite_me.png
    │   └── wzd_me.png
    ├── language
    │   └── cn
    │       ├── error.js
    │       └── str.js
    ├── lib
    │   ├── DM.js
    │   ├── Quary.js
    │   ├── ajax.js
    │   ├── jquery-1.10.1.min.js
    │   ├── model.js
    │   └── verify.js
    └── upnp
        ├── ifc.xml
        ├── igd.xml
        ├── ipc.xml
        ├── l3f.xml
        ├── wfa.xml
        └── wps.xml

9 directories, 124 files
  • The file items displayed in 010Editor:

Reference

  1. http://patentlib.net/mnt/sipo/A/20200818/5/CN102020000408790CN00001115525110AFULZH20200818CN00V/
Owner
IoT Security Researcher, IoT firmware hacker.
Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

Jordan Jay 43 Nov 09, 2022
Remote Desktop Protocol in Twisted Python

RDPY Remote Desktop Protocol in twisted python. RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client a

Sylvain Peyrefitte 1.6k Dec 30, 2022
Add a Web Server based on Rogue Mysql Server to allow remote user get

介绍 对于需要使用 Rogue Mysql Server 的漏洞来说,若想批量检测这种漏洞的话需要自备一个服务器。并且我常用的Rogue Mysql Server 脚本 不支持动态更改读取文件名、不支持远程用户访问读取结果、不支持批量化检测网站。于是乎萌生了这个小脚本的想法 Rogue-MySql-

6 May 17, 2022
GDID (Google Dorks for Information Disclosure)

GDID (Google Dorks for Information Disclosure) Script made for your recon automation in Bug Bounty or Pentest. It will help you to find Information Di

Nischacid 5 Mar 10, 2022
This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

Pedro Havay 12 Nov 18, 2022
Anti Supercookie - Confusing the ISP & Escaping the Supercookie

Confusing the ISP & Escaping the Supercookie

Baris Dincer 2 Nov 22, 2022
C++ fully undetected shellcode launcher

charlotte c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborn description 13/05/2021: c++ shellcode launche

894 Dec 25, 2022
威胁情报播报

Threat-Broadcast 威胁情报播报 运行环境 项目介绍 从以下公开的威胁情报来源爬取并整合最新信息: 360:https://cert.360.cn/warning 奇安信:https://ti.qianxin.com/advisory/ 红后:https://redqueen.tj-u

东方有鱼名为咸 148 Nov 09, 2022
CC CAMERA HACKING TOOL

CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update

Aryan 10 Sep 25, 2022
Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

log4j-honeypot-flask Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 This can be

Binary Defense 144 Nov 19, 2022
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

0p 25 Oct 14, 2022
zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

AnonyminHack5 13 Nov 03, 2022
Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Nirmal Dahal 10 Oct 15, 2022
CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Exch-CVE-2021-26855 ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker b

ZephrFish 24 Nov 14, 2022
一款针对向日葵的识别码和验证码提取工具

Sunflower_get_Password 一款针对向日葵的识别码和验证码提取工具 👮🏻‍♀️ 免责声明 由于传播、利用Sunflower_get_Password工具提供的功能而造成的任何直接或者间接的后果及损失,均由使用者本人负责,本人不为此承担任何责任。 安装环境 本工具使用Python

635 Dec 20, 2022
Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

OMIGOD Proof on Concept Exploit for CVE-2021-38647 (OMIGOD) For background information and context, read the our blog post detailing this vulnerabilit

Horizon 3 AI Inc 231 Nov 12, 2022
A set of blender assets created for the $yb NFT project.

fyb-blender A set of blender assets created for the $yb NFT project. Install just as you would any other Blender Add-on (via Edit-Preferences-Add-on

Pedro Arroyo 1 May 06, 2022
xkeysnail is yet another keyboard remapping tool for X environment written in Python

xkeysnail is yet another keyboard remapping tool for X environment written in Python. It's like xmodmap but allows more flexible remappings.

Masafumi Oyamada 809 Dec 26, 2022
Script Crack Facebook Elite 🚶‍♂

elite Script Crack Facebook Elite 🚶‍♂ Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install git $ pkg install python $ pip

Yumasaa 1 Jan 02, 2022
Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Yuyu Scanner Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets. installation ! run as root

Justakazh 20 Nov 24, 2022