Update README.md

2025-01-10 03:27:25 -03:00 · 2023-06-01 19:50:40 -03:00 · 2023-06-01 19:50:40 -03:00 · 377200ff89
commit 377200ff89
parent 28cac06d89
1 changed files with 4 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -7,12 +7,13 @@

 Upon logging in via SSH, I immediately noticed the limited set of available commands and options. It became evident that I was indeed confined to a restricted shell environment.

-![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/b5840811-334d-45d5-b3e3-7863969165a3)
+![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/0f01e2ee-59ed-49f2-b195-be4dcd52f90e)

 After exploring several known vulnerabilities, I decided to delve into the search for new ones. To begin, I logged into the administrative portal and began testing various functionalities that could potentially result in OS command injection. Within the Diagnostic menu, I came across a particular feature that allowed me to test connectivity using the ping and traceroute commands.
-![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/8ab3f70a-2291-4491-a989-9c49b5c69592)

-![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/ab39a419-e528-4fa4-ae4f-0c4379c5c316)
+![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/c1b96b7b-a7bb-45cd-b09e-eceab420a56e)
+
+![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/825c7f40-e1a4-4ae8-adac-23c3cf8a0090)

 So, I decided to try something sneaky by adding a ";" character to my command. I executed "cat /etc/passwd" and guess what? The command ran successfully.