What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Recent content by bmaia

  1. B

    ac66u infected with LuaBot - help please

    If the router is still running the malware you can try to recover deleted binaries by copying /proc/PID/exe to another folder. You would need to know the process PID (probably the one that's written .nttpd.pid and .sox.pid), but you can also copy everything listed on /proc/ and find it...
  2. B

    ac66u infected with LuaBot - help please

    Hey there I wrote the blog post reversing the Luabot =) I had a quick look at your binary and it seems to be some auxiliary tool for the dropper that downloads the phase2 binaries. It simply "converts" a standard domain/IPv4 address to the hex notation, for example...
  3. B

    Asuswrt-Merlin 3.0.0.4.374.38 is out

    Problem seems to be on the firewall.c https://github.com/RMerl/asuswrt-merlin/blob/875df6f5e2e2677d791e954ad7a8b098e5fd01c4/release/src/router/rc/firewall.c
  4. B

    Asuswrt-Merlin 3.0.0.4.374.38 is out

    I also had this same issue on 374.38-2, here's what i found: splinter squashfs-root # grep -r -i 18017 Binary file sbin/rc matches splinter squashfs-root # strings sbin/rc | grep 18017 -A PREROUTING ! -d %s/%s -p tcp --dport 80 -j DNAT --to-destination %s:18017 Any idea what's that...
See more
Back
Top