TP own

Simple script for hacking your TP-Link M7350 LTE modem/router

Usage:

$ ruby tp.rb -t [ip] -p [password] 
    Options:
    -s, --ssh                  Install dropbear SSH server
    -a, --adb                  Enable ADBD service
    -k, --keep                 Keep the telnetd payload
    -p, --pass=<s>             Web interface password
    -t, --target=<s>           Target IP
    -r, --rce=<i>              RCE version, 1, 5 or autodetect if left empty
    -d, --dropbear-bin=<s>     Dropbear binary location (default:
                                https://raw.githubusercontent.com/ecdsa521/tpown/main/dropbearmulti)
    -o, --dropbear-init=<s>    Dropbear init script location (default:
                                https://raw.githubusercontent.com/ecdsa521/tpown/main/dropbearserver.sh)
    -h, --help                 Show this message

How does it work

First user is logged in, token is saved, then used to launch RCE in one of two versions. RCE spawns telnet server and payload is deleted

Telnet server is used to enable adb and/or ssh server

Thanks to 4pda.to and m0veax for RCE and research

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
Dockerfile		Dockerfile
Gemfile		Gemfile
README.md		README.md
build-dropbear.sh		build-dropbear.sh
dropbearmulti		dropbearmulti
dropbearmulti.SHA256SUM		dropbearmulti.SHA256SUM
dropbearserver.sh		dropbearserver.sh
tp.rb		tp.rb

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

TP own

Usage:

How does it work

About

Releases

Packages

Languages

ecdsa521/tpown

Folders and files

Latest commit

History

Repository files navigation

TP own

Usage:

How does it work

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages