Exploit research

Initial findings

checksec

$ pwn checksec gn-httpd
[*] '/home/user/linksys-e1200-v2/gn-httpd'
    Arch:     mips-32-little
    RELRO:    No RELRO
    Stack:    No canary found
    NX:       NX disabled
    PIE:      No PIE (0x400000)
    RWX:      Has RWX segments

We can see that the gn-httpd binary does not have any form of protection

objdump

Note that the objdump binary used is from the binutils-mipsel-linux-gnu library

$ sudo apt install binutils-mipsel-linux-gnu
$ ls /usr/mipsel-linux-gnu/bin
ar  as  gold  ld  ld.bfd  ld.gold  nm  objcopy  objdump  ranlib  readelf  strip

$ /usr/mipsel-linux-gnu/bin/objdump -d --disassemble=get_merge_ipaddr gn-httpd