user@kali:~/tplink-0day-c2-and-c20i$ telnet 192.168.1.1 2
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
~ # ls
web usr sbin mnt lib dev
var sys proc linuxrc etc bin
~ # cat /proc/version
Linux version 2.6.36 (root@localhost.localdomain) (gcc version 4.6.3 (Buildroot 2012.11.1) ) #1 Wed Jul 6 10:01:06 HKT 2016
~ # ls -la
drwxr-xr-x 9 176 web
drwxr-xr-x 13 0 var
drwxr-xr-x 4 38 usr
drwxr-xr-x 11 0 sys
drwxr-xr-x 2 193 sbin
dr-xr-xr-x 83 0 proc
drwxr-xr-x 2 3 mnt
lrwxrwxrwx 1 11 linuxrc -> bin/busybox
drwxr-xr-x 3 786 lib
drwxr-xr-x 5 776 etc
drwxr-xr-x 5 1274 dev
drwxr-xr-x 2 280 bin
drwxr-xr-x 13 177 ..
drwxr-xr-x 13 177 .
~ # cd etc
/etc # ls
vsftpd_passwd init.d SingleSKU_5G_RU.dat
vsftpd.conf group SingleSKU_5G_NZ.dat
ushare.conf fstab SingleSKU_5G_MY.dat
services default_config.xml SingleSKU_5G_KR.dat
samba TZ SingleSKU_5G_FCC.dat
resolv.conf SingleSKU_RU.dat SingleSKU_5G_CE.dat
reduced_data_model.xml SingleSKU_NZ.dat SingleSKU_5G_CA.dat
ppp SingleSKU_MY.dat RT2860AP5G.dat
passwd.bak SingleSKU_KR.dat RT2860AP.dat
passwd SingleSKU_FCC.dat MT7620_AP_2T2R-4L_V15.BIN
iptables-stop SingleSKU_CE.dat MT7610E-V10-FEM-1ANT.bin
inittab SingleSKU_5G_VN.dat
/etc # cd ..
~ # ls -la
drwxr-xr-x 9 176 web
drwxr-xr-x 13 0 var
drwxr-xr-x 4 38 usr
drwxr-xr-x 11 0 sys
drwxr-xr-x 2 193 sbin
dr-xr-xr-x 83 0 proc
drwxr-xr-x 2 3 mnt
lrwxrwxrwx 1 11 linuxrc -> bin/busybox
drwxr-xr-x 3 786 lib
drwxr-xr-x 5 776 etc
drwxr-xr-x 5 1274 dev
drwxr-xr-x 2 280 bin
drwxr-xr-x 13 177 ..
drwxr-xr-x 13 177 .
~ # ps
PID USER VSZ STAT COMMAND
1 admin 1060 S init
2 admin 0 SW [kthreadd]
3 admin 0 SW [ksoftirqd/0]
4 admin 0 SW [kworker/0:0]
5 admin 0 SW [kworker/u:0]
6 admin 0 SW< [khelper]
7 admin 0 SW [kworker/u:1]
44 admin 0 SW [sync_supers]
46 admin 0 SW [bdi-default]
48 admin 0 SW< [kblockd]
80 admin 0 SW [kswapd0]
82 admin 0 SW< [crypto]
130 admin 0 SW [mtdblock0]
135 admin 0 SW [mtdblock1]
140 admin 0 SW [mtdblock2]
145 admin 0 SW [mtdblock3]
150 admin 0 SW [mtdblock4]
155 admin 0 SW [mtdblock5]
160 admin 0 SW [mtdblock6]
172 admin 0 SW [kworker/0:1]
214 admin 0 SW [khubd]
245 admin 1060 S telnetd
251 admin 2932 S cos
252 admin 1060 S init
255 admin 2120 S igmpd
258 admin 2144 S mldProxy
345 admin 2932 S cos
346 admin 2932 S cos
347 admin 2932 S cos
366 admin 2088 S ntpc
371 admin 2096 S dyndns /var/tmp/dconf/dyndns.conf
374 admin 2096 S noipdns /var/tmp/dconf/noipdns.conf
377 admin 2096 S cmxdns /var/tmp/dconf/cmxdns.conf
433 admin 0 SW [RtmpCmdQTask]
434 admin 0 SW [RtmpWscTask]
445 admin 1244 S wlNetlinkTool
449 admin 1080 S wscd -i ra0 -m 1 -w /var/tmp/wsc_upnp/
465 admin 1244 S wlNetlinkTool
466 admin 1244 S wlNetlinkTool
489 admin 0 SW [RtmpCmdQTask]
490 admin 0 SW [RtmpWscTask]
503 admin 1064 S wscd_5G -i rai0 -m 1 -w /var/tmp/wsc_upnp_5G/
506 admin 2668 S httpd
518 admin 1748 S upnpd -L br0 -W eth0.2 -en 0 -P eth0.2 -nat 0 -port
521 admin 2084 S dnsProxy
526 admin 1068 S dhcpd /var/tmp/dconf/udhcpd.conf
551 admin 1748 S upnpd -L br0 -W eth0.2 -en 0 -P eth0.2 -nat 0 -port
552 admin 1748 S upnpd -L br0 -W eth0.2 -en 0 -P eth0.2 -nat 0 -port
553 admin 1748 S upnpd -L br0 -W eth0.2 -en 0 -P eth0.2 -nat 0 -port
554 admin 1748 S upnpd -L br0 -W eth0.2 -en 0 -P eth0.2 -nat 0 -port
555 admin 1748 S upnpd -L br0 -W eth0.2 -en 0 -P eth0.2 -nat 0 -port
556 admin 1748 S upnpd -L br0 -W eth0.2 -en 0 -P eth0.2 -nat 0 -port
557 admin 1748 S upnpd -L br0 -W eth0.2 -en 0 -P eth0.2 -nat 0 -port
558 admin 2668 S tmpd
561 admin 2556 S tdpd
569 admin 988 S dhcpc
578 admin 1036 S zebra -d -f /var/tmp/dconf/zebra.conf
594 admin 2088 S diagTool
625 admin 1136 S dropbear -p 22 -r /var/tmp/dropbear/dropbear_rsa_hos
642 admin 2468 S ushare
658 admin 2468 S ushare
660 admin 2468 S ushare
661 admin 2468 S ushare
662 admin 2468 S ushare
663 admin 2468 S ushare
664 admin 2468 S ushare
666 admin 2468 S ushare
851 admin 1060 S /usr/sbin/telnetd -l /bin/sh -p 25
853 admin 1072 S /bin/sh
876 admin 1068 S /bin/sh
878 admin 2576 S cli
887 admin 1060 R ps
~ #