Hacking the Dlink 502T router
I have upgraded my 256kbps ADSL to 512kbps and it is bundled with Dlink 502T router. Soon after installation I found that it runs Linux :). Hacker inside me decided to play around this router.
How do I Log in to router interface via telnet
You can login over telnet. This is common feature of all router these days and this the only way to hack into box:
=> Default IP: 192.168.1.1
=> Default Username: admin (or use root both are having UID 0)
=> Default Password: admin
WARNING! These examples are not about stealing other users bandwidth or passwords. Most A/DSL provider control many properties on their end. Hacker is a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. This article is not about stealing or cracking other users network equipment.I have changed IP of router to 192.168.1.254 so here is my first session:
$ telnet 192.168.1.254
Sample output:
Trying 192.168.1.254... Connected to 192.168.1.254. Escape character is '^]'. BusyBox on (none) login: root Password: BusyBox v0.61.pre (2005.05.30-08:31+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands.
Let us see password file, enter:
# cat /etc/passwd
Output:
root:x:0:0:Root,,,:/:/bin/sh admin:x:0:0:Admin,,,:/:/bin/sh
Hack #3: Get more information about router hardware and Linux
Since this is tiny device most of the userland command such as free, uname etc are removed. However /proc file system provides all information.
Display CPU Information
# cat /proc/cpuinfo
Display RAM Information
# cat /proc/meminfo
OR
# free
Display Linux versions
# cat /proc/version
Output:
Linux version 2.4.17_mvl21-malta-mips_fp_le (jenny@fd6e) (gcc version 2.95.3 20010315 (release/MontaVista)) #70 Mon May 30 16:34:48 CST 2005
Display list of running Processes:
# ps
Display list of all kernel module:
# lsmod
Hack # 3: Get more information about network
Display list of all network interfaces:
# ifconfig
Get your Internet public IP info:
# ifconfig ppp0
Output:
ppp0 Link encap:Point-Point Protocol
inet addr:61.xxx.xxx.xxx P-t-P:61.xxx.xxx.xxx Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 ASYMMTU:1500
RX packets:69586 errors:0 dropped:0 overruns:0 frame:0
TX packets:62540 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:80566538 (76.8 Mb) TX bytes:5349581 (5.1 Mb)
Get default routing information i.e. find out your ISP's router:
# route
Output:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 61.xxx.xxx.xxx * 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 * 255.255.255.0 U 0 0 0 br0 239.0.0.0 * 255.0.0.0 U 1 0 0 br0 default dsl-xx-00x.xx.x 0.0.0.0 UG 0 0 0 ppp0
Display ethernet statics such as speed and other details:
# cat /proc/avalanche/eth0_rfc2665_stats
Display DSL modem stats:
# cat /proc/avalanche/avsar_modem_stats
Display Iptables firewall rules:
# iptables -L -n
Flush/Stop firewall rules (don't flush untile and unless you have solid reason to do it )
# /etc/flush_firewall
Hack 4 : Secure your router
(A) Open a web browser such as firefox and login to web based interface. Type url http://192.168.1.1/
(B) Enable Firewall
By default firewall is disabled :/? turn it on to protect your router as it runs linux. Click on Home > Wan > Scroll down and select Firewall as Enabled. Click on Apply.
(C) Change default admin password
Click on Tools > Select Administrator and type the password. > Click apply
(D) Save changes and reboot router
Click on Tools > System > Click on Save and Reboot button
Please note that most ISP including Airtel, BSNL and others these days use this router. And by default admin password is not changed by user, in addition to that some software bug exists that allows remote administration via telnet/http. So turning on firewall saves your day.
Hack # 5: Miscellaneous information
Display developer information i.e. the people behind this router development:
# cat /proc/avalanche/developers
Quickly reboot the router:
# reboot
All your binary stored in /bin/ /usr/bin /sbin directory.
More Resources:
- Monavista Linux
- Linux Mips is port of Linux to the MIPS architecture
- New versions of firmware for D-Link T-series ADSL router can be found here along with compilers
- Detailed hacking of D-Link DSL-G604T device
You may also be interested in other helpful articles:
- Hacking Beetel 220x ADSL router (Broadcom BCM6338)
- Hacking Linksys router: WRT54GL DIY Internal POE
- Linux Shell Script to reboot DSL or ADSL router
- Linux Configure WPA2 for RT61 based Wireless Card
- Linux install and configure DLink DWL g 520 - RT61 Wireless LAN PCI Card
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: adsl, airtel, bsnl, busybox default password, busybox dlink, busybox v0.61.pre, d-link router password, d-link wireless router hack, dlink, dlink router telnet commands, dlink_router, hack adsl router, hack d-link router, hack dlink router, how to hack into a router, mips_architecture, monavista, mtnl, telnet_command
I work for an Internet Service provider and am trying to learn more about the Actiontek DSL Gateways we use… i found this pretty helpful. The Actiontek actually runs the same OS as the Dlink 502T, so yeah, this really helped. Thanks..
you are right this linux kernel and os is common on most DSL routers these days.
Appreciate your post and feedback
is this a way u can change ur speed from 256kbps to 512 kbps…
please tell me guys
You cannot change speed from 256 to 512. It is controlled by your ISP. You don’t have any control over this process.
i have fogoten the password for my DLink 502T DSL router. Is there any way for me to retrieve the same. I dont want to reset the router settings using the hardware switch.
Hmm
Try default admin/admin
But there is no other way… reset the modem and call your DSL service provider they will tell you new settings.
Hello,
I have DLink DSL G604T, unfortunately i’m not familiar with Linux command. What are the command syntax to change/view the “txatten” via telnet (CLI) to the device ?.
Another request if possible could you listed, some of the common command use with this router..
ps: Great work here!
TIA
I’ve just been messing about with my DSL-G604T, uses the same commands, but you can only login using root (no matter what you’ve changed your regular username to in the web menu), using hatever password you have specified in the web menu settings.
Anyhu, very very useful post. Never even knew I could control my router through Telnet. This will definately be useful when it becomes obsolete (read, if)
hello nixcraft ,
i want to know how to increase speed of broadband?
i am using xp ..and 256kbps speed from mtnl !!!tell me how can i increase the speed????
every time i try to log into my DLink 502T DSL router it asks if i wanna connect to the net. If i click yes it bombs out, if i click no it stils bombs out. Any suggestions as to what it could b?
i have a problem with the DSL 502T router.The ethernet led blinks and it will not allow me to download files above 2Mb.My internet connection is BSNL broadband.Helpme out so that i can continue with regular download.
Here in Russia there was a great hacking of D-Link routers, 300T as well as 50xT (x == 0, 2 and 4 AFAIK).As long as vendor supplies source and MIPS toolchain is available, you can treat D-Link as some small network computer running usual Linux and some Linux programs.This means you can compile your own programs and run them here, as long as you fit into flash file system and RAM is not exhausted.
Some of most hardcore people will find http://mcmcc.bat.ru/dlinkt/ link useful.Unfortunately some parts are in Russian.Sorry.
Can i open the *.bin file of my Dlink-502T router ???
i want 2 c the contents of that file…..is that possible ???
how can i use others bsnl user-id and password to connect the internet how ? ??
hi
my 502T tends to hang when ‘reboot’ed from telnet. this looks to be random as it works sometimes.as my ISP -MTNL- requires me to reset it everyday at 0000hrs and 0800 hrs, i have no other option than to do it via a telnet using a script. I am new to linux.Can u suggest some ways to correct this? thank you
i am having a problem with the same modal, 502t the adsl link not get stable. what i did actually it was working with one computer fine but when i connect it with the switch and then it work fine for appx one hour after that the link of adsl not getting stable and i am not able to access the internet plz suggest.
HI i want to configure DSL-502T in FEDORA 4 to connect to my ISP (BSNL) via the USB.. Are the USB drivers for the same available.
Can anyone advise me how to do it ??
It is working fine with winXp as of now
i have two D-link modem…one is DSL 504(old one) and DSL 520(new)…this 520 using linux also.my problem is,when i use tracert command on this 520,there is no reply (request timed out).with 504,the reply is normal…i suspect there is some setting in 520 dont allow tracert.can anyone help me?Thanks in advanced.
I have MTNL triband connection. I have got my friends triband username and password. Initially is working but now I don’t get connection when I enter his username and password. When I test connection fowlling messages come.Testing Ethernet connection=PASS,Testing ADSL line for syncPASS,Testing Ethernet connection to ATMPASS,Testing ATM OAM segment pingPASS
Testing ATM OAM end to end pingPASS
Testing PPPoE server connectivityPASS
Testing PPPoE server sessionFAIL
Testing authentication with serverFAIL
Validating assigned IP address 0.0.0.0FAIL
Testing Internet Connectivity
Ping default gateway 0.0.0.0FAIL
Please give me the solution
thks in advance
regards
Dinesh
What is command to save changes made by ifconfig via telnet ?
Great work Vivek.I like the artical from ou.
Hope to see more from you.
Hanmant
hi, i have a prob can i know how to enable port forwarding in the dlink 502t routers…pls reply…
hey buddy
can we hack our mtnl line n by using my frineds tel no n password ,is it possible 4 me 2 use da net where i will not get ne bill at all
and thus i can download loaads free of cost
plss buddy tel me how 2 do it
Hi friend,
I have 502T modem,I tried to login using telnet
it asked user name I gave Root ,but what’s the password????,I need this,please can u please tell me,every week my modem’s MAC id gets change automatically due to power fluctuation most probably,can u plz tell me how to change the MAC id also????,so that every time it gets reset to some value I can bring it back to the original one.
Thanks in advance.
oh!I got the password,I missed the line,but how to change the MAC id can u plz tell me,once I been to Dlink service center I saw a people running a batch file,in that batch file ,it was same sort of telnet login,but didn’t see what command was there inside batch file or script for changing MAC,I tried with
# ifconfig eth0 hw ether 00:80:48:BA:d1:20
but didn’t work
I got Mtnl triband. my router is Dlink-GLB502T. Is there anyway to hack it in the sense…I get only 400Mb of download per month…I want to increase it if possible to unlimited. Is it possible??
hii…i am a user of bsnl bb….250 skim….bt my free limit is jst i gb…i read dis article bt …i cant understand full….can u suggest anything plz…i really need dis …for good perpose…is it possible download unlimitadly….not affecting my i gb limit…plz gimme suggetion…i need dis to upload..n help others
lol tirtha.
i has 512kbps line with 1gig limit but 2dAY i r haxx my modem with telnet now i kan download at 11mbps and i has unlimited bandwidth!! liek z0mg uber hax
hi there… I am currently sharing my internet service with a motorola sbg1000 wireless modem cum router system… i recently forgotten my user id and password to change the setting in the router… and i need to deactivate the firewall so that some of my program can run…. how can u retrive back the user id and password so that i can change the setting… or is there anyway to bypass the firewall without chaging the setting in the router
yes there is a way to get ur same password
type 192.168.1.1
admin
admin
click on wan the id is there
right click and click on view source
in this source search for a file named password
and if u get in the value field u will have ur password
i reset my d-link router ip after i am typing default ip but not cming home page
Hey..i hve LINKSYS WAG200G ROuter…and i hve forgotten the pass..and dnt want to reset it….all i want is..i want 2 forward some ports…or switch off the firewal..is there any way 2 achieve this..or any way 2 hack the pass???
plz mail me on.. ” thalib_frk@yahoo.co.in ”
thx in advance
hello
i am using mtnl 199plan for broadband. the problem is that there is only 400mb download is free in it. can u tell me a way or tell me setting so that i hack mtnl and download free by hacking.plz tell me as soon as possible
plzzzzzzzzzzzzzzzzzzzzz
Hi! I need to hack mtnl triband so as to get an unlimited connection.Can someone guide me to do the same?
It is urgent.Please help?
Thanks
To Ashley / Ashish
You cannot hack to do this as it is controlled from the ISP ’s end - stop being a moron