求个新版本玩客云固件（2.1.0）的root方法啊

世界的远野

固件版本2.1.0

nmap显示结果：

1. Scanned at 2019-01-24 21:12:06 쨱±±ê×?ê±?? for 194s
   
2. Not shown: 65526 closed ports
   
3. Reason: 65526 resets
   
4. PORT      STATE SERVICE           REASON         VERSION
   
5. 139/tcp   open  netbios-ssn       syn-ack ttl 64 Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
   
6. 443/tcp   open  ssl/http          syn-ack ttl 64 nginx 1.14.0
   
7. |_http-server-header: nginx/1.14.0
   
8. |_http-title: Site doesn't have a title (application/json).
   
9. | ssl-cert: Subject: commonName=red.xunlei.com/organizationName=Shenzhen Onething Technologies Co., Ltd/stateOrProvinceName=ShenZhen/countryName=CN/localityName=ShenZhen/organizationalUnitName=Web Security
   
10. | Issuer: commonName=red.xunlei.com/organizationName=Shenzhen Onething Technologies Co., Ltd/stateOrProvinceName=ShenZhen/countryName=CN/localityName=ShenZhen/organizationalUnitName=Web Security
    
11. | Public Key type: rsa
    
12. | Public Key bits: 2048
    
13. | Signature Algorithm: sha256WithRSAEncryption
    
14. | Not valid before: 2017-03-20T03:50:51
    
15. | Not valid after:  2018-03-20T03:50:51
    
16. | MD5:   6ce3 d145 6332 d469 0345 e91c 9893 e85f
    
17. | SHA-1: 6c9d f5ec a102 aef6 3e68 e889 bef5 0fc3 3306 80cb
    
18. | -----BEGIN CERTIFICATE-----
    
19. | MIID/zCCAuegAwIBAgIJAP9/pPPib0v3MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYD
    
20. | VQQGEwJDTjERMA8GA1UECAwIU2hlblpoZW4xETAPBgNVBAcMCFNoZW5aaGVuMTAw
    
21. | LgYDVQQKDCdTaGVuemhlbiBPbmV0aGluZyBUZWNobm9sb2dpZXMgQ28uLCBMdGQx
    
22. | FTATBgNVBAsMDFdlYiBTZWN1cml0eTEXMBUGA1UEAwwOcmVkLnh1bmxlaS5jb20w
    
23. | HhcNMTcwMzIwMDM1MDUxWhcNMTgwMzIwMDM1MDUxWjCBlTELMAkGA1UEBhMCQ04x
    
24. | ETAPBgNVBAgMCFNoZW5aaGVuMREwDwYDVQQHDAhTaGVuWmhlbjEwMC4GA1UECgwn
    
25. | U2hlbnpoZW4gT25ldGhpbmcgVGVjaG5vbG9naWVzIENvLiwgTHRkMRUwEwYDVQQL
    
26. | DAxXZWIgU2VjdXJpdHkxFzAVBgNVBAMMDnJlZC54dW5sZWkuY29tMIIBIjANBgkq
    
27. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEj6fe2hXJCoDkicGHeVvBeraEmTU4yi
    
28. | DDV5aBLubu553jmWG7Cug+Xoz9bFxZuBlS/hFMPqxm+vc4kmsqyneL1vO7t62Cgn
    
29. | ygygzo9Xp6l/iDK8Ma+0SknX3O0ZuFuCSf6gxqtozzRCrsAe6AWzo0h70OKy2uf9
    
30. | vq6ugkjcG8/rpoQm0sz0xuD4U0TC38el9QtwHS5vJQ6FVJzSC/yvGiRlwhL1JjFZ
    
31. | d/d2GIAGOCIty74Zlk7UjKh7/9lsV7Le1KtwaxgNQeW730OfR7dzhK5oSHOAvScD
    
32. | IFOjnDXPUTBXUcpUTNhEajcMPJ86V0Ix5di+n/AVmmamwOqBA3pq2wIDAQABo1Aw
    
33. | TjAdBgNVHQ4EFgQUyx5mPNHtwN7Dp/oVacP4ffm3UOEwHwYDVR0jBBgwFoAUyx5m
    
34. | PNHtwN7Dp/oVacP4ffm3UOEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
    
35. | AQEAQ3FC9fOZWF4vqvFYg9ffqYpIevthQFaASJBG2vSIjSWLAA8GOu9BH2LMSvGE
    
36. | h8VugPTX2m8qfGdOCmc0LtR5Gpdgm6ogNNYJJMKtNnVmI1rtqeGfhbPKzF1KHmjN
    
37. | +bnbMPVmjLBmigkmy45IDXTbuzAfbGh/oPN7QGcnPScAZbWgge4NOLNkME3JfgYZ
    
38. | /E1DY7ha9GjcSQSWSTJYdodbyCY/sua7XVkDFziswxVGmAApwsj0RdV+Zgt577Z3
    
39. | bmtVTkKtEuL1QY+Gw3FY2LaMcGsUcw9Q90hQcPOme6C0S2yCyYbqq+bkaxe+k3RQ
    
40. | +xnY9bSeoF4Qy5FRhYHPUhKqlQ==
    
41. |_-----END CERTIFICATE-----
    
42. |_ssl-date: TLS randomness does not represent time
    
43. | tls-alpn:
    
44. |_  http/1.1
    
45. | tls-nextprotoneg:
    
46. |_  http/1.1
    
47. 445/tcp   open  netbios-ssn       syn-ack ttl 64 Samba smbd 4.10.0pre1-DEVELOPERBUILD (workgroup: WORKGROUP)
    
48. 1988/tcp  open  http              syn-ack ttl 64 Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
    
49. |_http-title: Site doesn't have a title (text/plain; charset=utf-8).
    
50. 4321/tcp  open  tcpwrapped        syn-ack ttl 64
    
51. 8800/tcp  open  http              syn-ack ttl 64 nginx 1.14.0
    
52. |_http-server-header: nginx/1.14.0
    
53. |_http-title: Site doesn't have a title (application/json).
    
54. 8900/tcp  open  jmb-cds1?         syn-ack ttl 64
    
55. 10000/tcp open  snet-sensor-mgmt? syn-ack ttl 64
    
56. 10800/tcp open  tcpwrapped        syn-ack ttl 64
    
57. Running: Linux 3.X
    
58. OS CPE: cpe:/o:linux:linux_kernel:3
    
59. OS details: Linux 3.2 - 3.16
    
60. TCP/IP fingerprint:
    
61. OS:SCAN(V=7.70%E=4%D=1/24%OT=139%CT=1%CU=35709%PV=Y%DS=1%DC=D%G=Y%M=B0D59D%
    
62. OS:TM=5C49BA68%P=i686-pc-windows-windows)SEQ(SP=106%GCD=1%ISR=108%TI=Z%CI=I
    
63. OS:%TS=7)OPS(O1=M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW6%O
    
64. OS:5=M5B4ST11NW6%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6
    
65. OS:=3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O
    
66. OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=
    
67. OS:0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%
    
68. OS:S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(
    
69. OS:R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=
    
70. OS:N%T=40%CD=S)
    
71. 
    
72. Uptime guess: 0.025 days (since Thu Jan 24 20:39:23 2019)
    
73. Network Distance: 1 hop
    
74. TCP Sequence Prediction: Difficulty=262 (Good luck!)
    
75. IP ID Sequence Generation: All zeros
    
76. Service Info: Host: OTCLOUD_****
    
77. 
    
78. Host script results:
    
79. |_clock-skew: mean: -2h39m58s, deviation: 4h37m06s, median: 0s
    
80. | nbstat: NetBIOS name: OTCLOUD_9994, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
    
81. | Names:
    
82. |   OTCLOUD_****<00>     Flags: <unique><active>
    
83. |   OTCLOUD_****<03>     Flags: <unique><active>
    
84. |   OTCLOUD_****<20>     Flags: <unique><active>
    
85. |   \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
    
86. |   WORKGROUP<00>        Flags: <group><active>
    
87. |   WORKGROUP<1d>        Flags: <unique><active>
    
88. |   WORKGROUP<1e>        Flags: <group><active>
    
89. | Statistics:
    
90. |   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    
91. |   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    
92. |_  00 00 00 00 00 00 00 00 00 00 00 00 00 00
    
93. | smb-os-discovery:
    
94. |   OS: Windows 6.1 (Samba 4.10.0pre1-DEVELOPERBUILD)
    
95. |   Computer name: otcloud_****
    
96. |   NetBIOS computer name: OTCLOUD_****\x00
    
97. |   Domain name: \x00
    
98. |   FQDN: otcloud_****
    
99. |_  System time: 2019-01-24T21:14:51+08:00
    
100. | smb-security-mode:
     
101. |   account_used: guest
     
102. |   authentication_level: user
     
103. |   challenge_response: supported
     
104. |_  message_signing: disabled (dangerous, but default)
     
105. | smb2-security-mode:
     
106. |   2.02:
     
107. |_    Message signing enabled but not required
     
108. | smb2-time:
     
109. |   date: 2019-01-24 21:14:50
     
110. |_  start_date: N/A
     

复制代码

CVE上搜索了一下，smbd 4.10.0和nginx 1.14.0都没有什么可以利用的提权漏洞啊。。。

jct1982

同是
固件版本2.1.0

等待新的root方法,哪怕拆机

hzexe

S805,直接用厂家的量产工具干。工具网上搜

sw1999

不要折腾了，我的root之后下载功能废了，不能下载还能干什么？

世界的远野

sw1999 发表于 2019-1-27 17:29
不要折腾了，我的root之后下载功能废了，不能下载还能干什么？

我想刷armbian有问题吗？

newreno

世界的远野 发表于 2019-1-31 12:41
我想刷armbian有问题吗？

那还不如挂闲鱼把玩客云卖了，再买个斐讯N1.

世界的远野

newreno 发表于 2019-2-1 00:27
那还不如挂闲鱼把玩客云卖了，再买个斐讯N1.

卖不掉了，现在闲鱼挂75一个都没多少人会买

jocover

http://update.peiluyou.com/conf/ ... stem_V2.1.0_arm.ipk
自己逆向吧，我之前还找到几个漏洞，不知道封掉没有

世界的远野

jocover 发表于 2019-2-1 14:55
http://update.peiluyou.com/conf/mcloud_advanced/packages/onecloud-system_V2.1.0_arm.ipk
自己逆向吧 ...

好吧，我不报指望地试试看。
话说我连逆向工程都还不会啊

jct1982

jocover 发表于 2019-2-1 14:55
http://update.peiluyou.com/conf/mcloud_advanced/packages/onecloud-system_V2.1.0_arm.ipk
自己逆向吧 ...

请问如何刷会低版本？

世界的远野

jct1982 发表于 2019-2-11 15:49
请问如何刷会低版本？

我哪知道啊，我连个shell都没有

lzh

我看别人说只是封挖矿，不影响下载功能么？远程及局域网不允许连接？

世界的远野

lzh 发表于 2019-3-22 18:28
我看别人说只是封挖矿，不影响下载功能么？远程及局域网不允许连接？

好像是不影响下载，但远程和局域网没法连是什么情况？

lzh

不是，我还没有成功root。
我是想问问，被封号后，远程和局域网云添加功能是否正常。

世界的远野

lzh 发表于 2019-3-24 18:37
不是，我还没有成功root。
我是想问问，被封号后，远程和局域网云添加功能是否正常。

我也正想问这件事情。。。