≡ Menu

Hacking the Dlink 502T router

I have upgraded my 256kbps ADSL to 512kbps and it is bundled with Dlink 502T router. Soon after installation I found that it runs Linux :). Hacker inside me decided to play around this router.

How do I Log in to router interface via telnet

You can login over telnet. This is common feature of all router these days and this the only way to hack into box:

=> Default IP: 192.168.1.1
=> Default Username: admin (or use root both are having UID 0)
=> Default Password: admin

WARNING! These examples are not about stealing other users bandwidth or passwords. Most A/DSL provider control many properties on their end. Hacker is a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. This article is not about stealing or cracking other users network equipment.

I have changed IP of router to 192.168.1.254 so here is my first session:
$ telnet 192.168.1.254
Sample output:

Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.
BusyBox on (none) login: root
Password:
BusyBox v0.61.pre (2005.05.30-08:31+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

Let us see password file, enter:
# cat /etc/passwd
Output:

root:x:0:0:Root,,,:/:/bin/sh
admin:x:0:0:Admin,,,:/:/bin/sh

Hack #3: Get more information about router hardware and Linux

Since this is tiny device most of the userland command such as free, uname etc are removed. However /proc file system provides all information.

Display CPU Information
# cat /proc/cpuinfo
Display RAM Information
# cat /proc/meminfo
OR
# free

Display Linux versions
# cat /proc/version
Output:

Linux version 2.4.17_mvl21-malta-mips_fp_le (jenny@fd6e) (gcc version 2.95.3 20010315 (release/MontaVista)) #70 Mon May 30 16:34:48 CST 2005

Display list of running Processes:
# ps

Display list of all kernel module:
# lsmod

Hack # 3: Get more information about network

Display list of all network interfaces:
# ifconfig
Get your Internet public IP info:
# ifconfig ppp0
Output:

ppp0      Link encap:Point-Point Protocol
          inet addr:61.xxx.xxx.xxx  P-t-P:61.xxx.xxx.xxx  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1  ASYMMTU:1500
          RX packets:69586 errors:0 dropped:0 overruns:0 frame:0
          TX packets:62540 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:80566538 (76.8 Mb)  TX bytes:5349581 (5.1 Mb)

Get default routing information i.e. find out your ISP's router:
# route
Output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
61.xxx.xxx.xxx  *               255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
239.0.0.0       *               255.0.0.0       U     1      0        0 br0
default         dsl-xx-00x.xx.x 0.0.0.0         UG    0      0        0 ppp0

Display ethernet statics such as speed and other details:
# cat /proc/avalanche/eth0_rfc2665_stats

Display DSL modem stats:
# cat /proc/avalanche/avsar_modem_stats

Display Iptables firewall rules:
# iptables -L -n

Flush/Stop firewall rules (don't flush untile and unless you have solid reason to do it )
# /etc/flush_firewall

Hack 4 : Secure your router

(A) Open a web browser such as firefox and login to web based interface. Type url http://192.168.1.1/

(B) Enable Firewall
By default firewall is disabled :/? turn it on to protect your router as it runs linux. Click on Home > Wan > Scroll down and select Firewall as Enabled. Click on Apply.

(C) Change default admin password
Click on Tools > Select Administrator and type the password. > Click apply

(D) Save changes and reboot router
Click on Tools > System > Click on Save and Reboot button

Please note that most ISP including Airtel, BSNL and others these days use this router. And by default admin password is not changed by user, in addition to that some software bug exists that allows remote administration via telnet/http. So turning on firewall saves your day.

Hack # 5: Miscellaneous information

Display developer information i.e. the people behind this router development:
# cat /proc/avalanche/developers

Quickly reboot the router:
# reboot

All your binary stored in /bin/ /usr/bin /sbin directory.

More Resources:

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

Comments on this entry are closed.

  • Will October 26, 2005, 1:15 am

    I work for an Internet Service provider and am trying to learn more about the Actiontek DSL Gateways we use… i found this pretty helpful. The Actiontek actually runs the same OS as the Dlink 502T, so yeah, this really helped. Thanks.. :)

  • LinuxTitli October 26, 2005, 3:33 am

    you are right this linux kernel and os is common on most DSL routers these days.

    Appreciate your post and feedback

  • Anonymous July 3, 2006, 12:09 am

    is this a way u can change ur speed from 256kbps to 512 kbps…
    please tell me guys

    • Jonah December 28, 2014, 2:36 pm

      You cannot change the speed package you’re on, that’s on the ISPs end. However, you can change the SNR margin settings. Possibly setting a lower margin will allow the modem to sync faster, but that’s at the expense of stability.

  • nixcraft July 3, 2006, 2:45 am

    You cannot change speed from 256 to 512. It is controlled by your ISP. You don’t have any control over this process.

  • Anonymous July 6, 2006, 1:20 pm

    i have fogoten the password for my DLink 502T DSL router. Is there any way for me to retrieve the same. I dont want to reset the router settings using the hardware switch.

  • nixcraft July 6, 2006, 6:55 pm

    Hmm

    Try default admin/admin

    But there is no other way… reset the modem and call your DSL service provider they will tell you new settings.

  • Anonymous July 24, 2006, 5:26 pm

    Hello,
    I have DLink DSL G604T, unfortunately i’m not familiar with Linux command. What are the command syntax to change/view the “txatten” via telnet (CLI) to the device ?.

    Another request if possible could you listed, some of the common command use with this router.. :)

    ps: Great work here! ;)

    TIA

    • mithious January 23, 2012, 6:44 pm

      Hi Anonomous,

      I have heard lots about you. I am older and havent grown up in the techno age but really really want, and NEED to learn the “craft” ;) are you at all interested in teaching me? I also have memory issues from a bad car accident 9 years ago…just so you know..I have very basic techno skills and would need lots of instruction…r u up for a challenge? I believe in the cause and am worried that without knowledge, i will end up on the losing side of free expression…ya dig? :) Thanks for atleast considering my proposal…I have lots of time, am in a wheelchair, but little funds …another fyi :)
      Mith

      • mithious January 30, 2012, 11:38 pm

        Just checking to see if you answered me…thanks anyway….keep up the good work and stay true to the cause :) Mith

  • Filipe September 13, 2006, 3:07 am

    I’ve just been messing about with my DSL-G604T, uses the same commands, but you can only login using root (no matter what you’ve changed your regular username to in the web menu), using hatever password you have specified in the web menu settings.

    Anyhu, very very useful post. Never even knew I could control my router through Telnet. This will definately be useful when it becomes obsolete (read, if)

  • rohit February 12, 2007, 6:41 am

    hello nixcraft ,
    i want to know how to increase speed of broadband?
    i am using xp ..and 256kbps speed from mtnl !!!tell me how can i increase the speed????

  • Richard February 15, 2007, 9:18 am

    every time i try to log into my DLink 502T DSL router it asks if i wanna connect to the net. If i click yes it bombs out, if i click no it stils bombs out. Any suggestions as to what it could b?

  • karthik March 19, 2007, 2:51 am

    i have a problem with the DSL 502T router.The ethernet led blinks and it will not allow me to download files above 2Mb.My internet connection is BSNL broadband.Helpme out so that i can continue with regular download.

  • lame_ass March 19, 2007, 7:44 pm

    Here in Russia there was a great hacking of D-Link routers, 300T as well as 50xT (x == 0, 2 and 4 AFAIK).As long as vendor supplies source and MIPS toolchain is available, you can treat D-Link as some small network computer running usual Linux and some Linux programs.This means you can compile your own programs and run them here, as long as you fit into flash file system and RAM is not exhausted.

    Some of most hardcore people will find http://mcmcc.bat.ru/dlinkt/ link useful.Unfortunately some parts are in Russian.Sorry.

  • INDIA DLINK March 31, 2007, 7:49 am

    Can i open the *.bin file of my Dlink-502T router ???

    i want 2 c the contents of that file…..is that possible ???

  • AJ April 18, 2007, 6:01 pm

    how can i use others bsnl user-id and password to connect the internet how ? ??

  • viju May 5, 2007, 10:09 am

    hi
    my 502T tends to hang when ‘reboot’ed from telnet. this looks to be random as it works sometimes.as my ISP -MTNL- requires me to reset it everyday at 0000hrs and 0800 hrs, i have no other option than to do it via a telnet using a script. I am new to linux.Can u suggest some ways to correct this? thank you

  • harish May 8, 2007, 8:17 am

    i am having a problem with the same modal, 502t the adsl link not get stable. what i did actually it was working with one computer fine but when i connect it with the switch and then it work fine for appx one hour after that the link of adsl not getting stable and i am not able to access the internet plz suggest.

  • Rush May 20, 2007, 8:07 am

    HI i want to configure DSL-502T in FEDORA 4 to connect to my ISP (BSNL) via the USB.. Are the USB drivers for the same available.
    Can anyone advise me how to do it ??
    It is working fine with winXp as of now

  • Emperor July 6, 2007, 10:04 am

    i have two D-link modem…one is DSL 504(old one) and DSL 520(new)…this 520 using linux also.my problem is,when i use tracert command on this 520,there is no reply (request timed out).with 504,the reply is normal…i suspect there is some setting in 520 dont allow tracert.can anyone help me?Thanks in advanced.

  • Dinesh Shah July 10, 2007, 8:57 am

    I have MTNL triband connection. I have got my friends triband username and password. Initially is working but now I don’t get connection when I enter his username and password. When I test connection fowlling messages come.Testing Ethernet connection=PASS,Testing ADSL line for syncPASS,Testing Ethernet connection to ATMPASS,Testing ATM OAM segment pingPASS
    Testing ATM OAM end to end pingPASS
    Testing PPPoE server connectivityPASS
    Testing PPPoE server sessionFAIL
    Testing authentication with serverFAIL
    Validating assigned IP address 0.0.0.0FAIL
    Testing Internet Connectivity
    Ping default gateway 0.0.0.0FAIL
    Please give me the solution
    thks in advance
    regards
    Dinesh

  • himanshu July 31, 2007, 5:36 pm

    What is command to save changes made by ifconfig via telnet ?

  • Hanmant August 1, 2007, 6:51 am

    Great work Vivek.I like the artical from ou.
    Hope to see more from you. :)

    Hanmant

  • kiran August 7, 2007, 7:38 pm

    hi, i have a prob can i know how to enable port forwarding in the dlink 502t routers…pls reply…

  • amy August 15, 2007, 6:36 pm

    hey buddy
    can we hack our mtnl line n by using my frineds tel no n password ,is it possible 4 me 2 use da net where i will not get ne bill at all
    and thus i can download loaads free of cost
    plss buddy tel me how 2 do it

  • Amar August 21, 2007, 8:10 am

    Hi friend,

    I have 502T modem,I tried to login using telnet
    it asked user name I gave Root ,but what’s the password????,I need this,please can u please tell me,every week my modem’s MAC id gets change automatically due to power fluctuation most probably,can u plz tell me how to change the MAC id also????,so that every time it gets reset to some value I can bring it back to the original one.

    Thanks in advance.

  • Amar August 21, 2007, 1:10 pm

    oh!I got the password,I missed the line,but how to change the MAC id can u plz tell me,once I been to Dlink service center I saw a people running a batch file,in that batch file ,it was same sort of telnet login,but didn’t see what command was there inside batch file or script for changing MAC,I tried with
    # ifconfig eth0 hw ether 00:80:48:BA:d1:20
    but didn’t work

  • catious September 21, 2007, 4:47 pm

    I got Mtnl triband. my router is Dlink-GLB502T. Is there anyway to hack it in the sense…I get only 400Mb of download per month…I want to increase it if possible to unlimited. Is it possible??

  • tirtha October 2, 2007, 8:33 pm

    hii…i am a user of bsnl bb….250 skim….bt my free limit is jst i gb…i read dis article bt …i cant understand full….can u suggest anything plz…i really need dis …for good perpose…is it possible download unlimitadly….not affecting my i gb limit…plz gimme suggetion…i need dis to upload..n help others

  • xmelzax November 19, 2007, 4:47 am

    lol tirtha.
    i has 512kbps line with 1gig limit but 2dAY i r haxx my modem with telnet now i kan download at 11mbps and i has unlimited bandwidth!! liek z0mg uber hax

  • Terence cheong December 14, 2007, 7:51 pm

    hi there… I am currently sharing my internet service with a motorola sbg1000 wireless modem cum router system… i recently forgotten my user id and password to change the setting in the router… and i need to deactivate the firewall so that some of my program can run…. how can u retrive back the user id and password so that i can change the setting… or is there anyway to bypass the firewall without chaging the setting in the router

  • Tanmay December 20, 2007, 10:29 am

    yes there is a way to get ur same password

    type 192.168.1.1
    admin
    admin
    click on wan the id is there
    right click and click on view source
    in this source search for a file named password
    and if u get in the value field u will have ur password

  • arshad January 6, 2008, 5:40 pm

    i reset my d-link router ip after i am typing default ip but not cming home page

  • Thalib April 8, 2008, 12:50 pm

    Hey..i hve LINKSYS WAG200G ROuter…and i hve forgotten the pass..and dnt want to reset it….all i want is..i want 2 forward some ports…or switch off the firewal..is there any way 2 achieve this..or any way 2 hack the pass???
    plz mail me on.. ” thalib_frk@yahoo.co.in

    thx in advance :D

  • ashish April 17, 2008, 4:50 pm

    hello
    i am using mtnl 199plan for broadband. the problem is that there is only 400mb download is free in it. can u tell me a way or tell me setting so that i hack mtnl and download free by hacking.plz tell me as soon as possible
    plzzzzzzzzzzzzzzzzzzzzz

  • ashley lobo May 10, 2008, 7:33 am

    Hi! I need to hack mtnl triband so as to get an unlimited connection.Can someone guide me to do the same?
    It is urgent.Please help?
    Thanks

  • LennyD July 7, 2008, 4:14 pm

    To Ashley / Ashish

    You cannot hack to do this as it is controlled from the ISP ‘s end – stop being a moron

  • ananth October 17, 2008, 9:29 am

    hi am using hathway.. i need to increase my speed from 128 to 512 ..plss mail and help me regarding this issue..

  • Mikuro October 27, 2008, 7:59 pm

    to people asking for speed/bandwidth hacks-

    please read the article again, it’s about getting in and messing around in the routers firmware (linux) and has nothing to do with your ADSL link to your ISP. If you want to ‘hack’ yourself more speed/bandwidth, find an article about hacking your ISP (I don’t reccomend this, however).

    topic:
    great article, found out about its CLI in telnet a couple days ago but didnt know many commands, thx

  • Gayan November 27, 2008, 2:49 pm

    Hi.
    I’m from sri lanka. my service provider give me only very small bandwith.
    But if i get a username and pass from another one i can login from his account and can browse 4 unlimited bandwith.
    but the thing is i have to reveal his username and password from his router.
    type of router is unknown. is this possible?

    plz help

  • ananth December 17, 2008, 6:27 pm

    am using hathway 128 kbps connection. scientific atlanta 2100 modem
    how to increase my speed upto 2mbps and download speed

  • mahesh December 24, 2008, 12:18 pm

    i want to know how i icrease my internet speed i m using mtnl connection 256kps
    ,d link glb502t modem i want to increase my download as well as browsing speed

  • Apna January 21, 2009, 10:51 am

    Can you give details on how to hack for Windows XPP?

  • Shani January 26, 2009, 7:24 am

    How do i renew the ip without reboot??

  • Niels Dettenbach February 14, 2009, 2:34 pm

    @Shani,
    in principe you have to reconnect to your ISP to let him give you randomly another IP address from his dynamic IP pool. I dont know the G654 Linux in all details or if thre is a regarding button in the web-interface but usually it should work with something like:


    ifconfig ppp0 down
    ifconfig ppp0 up

    if that didnt work (means the DLink would not break / reconnect the ADSL-IP link) i will take a look for the correct command sequence on that d-link box.

    @all
    I dont understand why there are any peoples out wich are believing they can “boost up” their ADSL contract / line by “hacking” their DSL-Routers just by telnetting their own wan routers. This page is just a small but good) howto about the (most times not very useful) telnet interface of that device.

    Yes, you are able to “read” all Linux passwords in the /etc/passwd or /etc/shadow files – but encrypted (you have to crack them outside). To get this file you have to be root (and know the root pw).

    Someone who is not at minimum clear about the work of an ISP would not be able to cheat or trick him in such a wise as discussed here.

    In case you have enough time and brain may be you should be able to learn how an ISP is working and – at the next step – how you can “trick” or “cheat” him. Otherwise pls dont waste your time and use it to really get into Linux, Unix and Open Source software. After that may be you will get a first view how your ISP is working and where you have to look for decurity holes. There are some good “hacking” or “hacker howto” around public in the net wich will teach you how you could be a “hacker”. Rtfm…

    Cheers,

    Niels.

  • bimal marwah February 16, 2009, 5:26 pm

    d-link dsl502t adsl router working the best , used on mtnl delhi tel. line.

  • Soni March 16, 2009, 8:20 am

    Hi,
    i m using airtel mobile office.its downloading speed is very slow.can anybody tel me how can i increase its speed.i m using opera browser.plz plz plz…… My email add is
    mansoorali565@yahoo.co.in

  • Rustam March 24, 2009, 4:14 pm

    Use echo to list folders.
    Ex:
    echo /*
    echo /etc/*

  • haildail April 23, 2009, 1:26 am

    Thanks great post , amazing how powerfull little box can be.
    I see it has gcc does that mean i can complie new progs ?
    Also any idea how to edit files ?

    Thanks Rustam , very nice.

  • im back May 5, 2009, 5:11 am

    hello,
    Also to get out of routers default stupid terminal run “sh” .
    I want to ask as no one seems to be able to help me , I want to
    get read and write access to the router , but because the partions have been
    squashfs (ro) rendering them read only , I can’t chmod them.

    Thanks for your post

    skynet

  • Piotr June 29, 2009, 3:55 pm

    How do i renew the ip without reboot??
    This commands not work:

    ifconfig ppp0 down
    ifconfig ppp0 up

  • Rampreet August 18, 2009, 9:09 am

    i have a dsl modem (dlink) model no.dsl-A604T/Eg
    it is working fine but some times my https web mail site not open.
    Sometimes outlook disconnect to server and webmail page not open.
    Internet works fine. but when I restart the modem every thing goes fine.
    For Almost 1-2 hours please suggest me to fix this problem.

    Thanks,
    Rampreet

  • Nikhil August 26, 2009, 10:43 am

    Hey guys,
    Just let me know the userid and password to telnet into busybox Dlink ADSL router.
    Thanks.

  • Newton September 18, 2009, 10:45 pm

    First, thanks for all tips!!
    I have a DSL-2640B. To renew IP I use the following command:
    > ppp config 0.0.33 down
    > ppp config 0.0.33 up

    0.0.33 is my Port.VPI.VCI

  • Dikel October 3, 2009, 5:46 am

    i hava a beetel 450BXI ADSL + ROUTER But unidentified network how to reset the router to default setting??

  • ucupsz December 18, 2009, 4:52 pm

    i guys..
    i have D-Link DSL-522T. It has one UTP, one USB port, and 1 RJ-11 for ADSL line.
    is there any workaround that could use the USB port for printer(w/ USB connection)
    so i can use it as adsl modem and printer server?

    thanks in advance.

  • rohit December 21, 2009, 5:38 pm

    it is possible to connect internet from a person whose iknow all password of modem . could i connect from mid of wire coming from poll by using another modem and configuring on another ac which i know .please gives me tips and steps to do it

  • rohit December 21, 2009, 6:25 pm

    is it possible to connect by using password and usename mtnl connection

  • FunDreamz January 5, 2010, 2:53 pm

    Using DSL-502T. I am unable to keep the firewall enabled. As soon as the router is restarted the firewall gets disabled. please help guys.

  • nikhil February 21, 2010, 8:51 pm

    very informative post
    thumbs up

  • Mikuro February 23, 2010, 11:13 am

    FunDreamz,

    Ensure you have saved your settings after reconfiguring from “Tools > System > Save and Reboot”.

  • FunDreamz February 24, 2010, 4:41 am

    Thanks Mikuro,
    Firewall is now enabled. However, when I tested it for any leaks through grc.com/leaktest it failed. Is there any other setting required to make it un-penetratable ?

  • ryad April 15, 2010, 1:14 pm

    Hi sir and thanx for this but i just want to know how to extract ppp username and pass from the router

    • Anonymous May 18, 2010, 7:04 pm

      just tftp -i 192.168.0.1 get TEimage.bin te.bin

  • Deepak August 5, 2010, 2:47 pm

    Hi there, I am using D-link 502T but don’t have WAN option and thus not able to find the root password. I am seeing the ‘Home, Setup, Advanced, Tools , Status and Help options’ only and there is no WAN sub-option in any of these pages as well. Please help.

  • Ashish October 18, 2010, 7:01 am

    Thanks buddy! Your article helped me to write reconnect script for my HUAWEI WA1003a router which also runs on busybox.

  • Andrew November 27, 2010, 5:47 am

    Hi is there anyway I can quickly list the DHCP clients connected to my modem using busybox?

  • SAID Mohamed February 17, 2011, 12:56 pm

    Hi every body, I want to logging in my router via telnet automatically using bat file (under windows), or typing the username and pass inside the bat file?

  • rom April 21, 2011, 7:32 am

    how to hack a password for router D-LINK DIS-1020D??

  • Paul July 11, 2011, 5:00 am

    I have a 3G CDMA HUAWEI QUALCOMM on starcomms Nigeria a desktop table phone. How can i make use of the modem.

  • Bilal March 24, 2012, 11:21 am

    Blink1E7E35 can u give the password plz

  • asskicker November 17, 2012, 1:04 pm

    you call this even hacking so lam :D get sm life

  • Deryl December 9, 2014, 5:35 pm

    How can change with busybox Snr settings??