≡ Menu

busybox v0.61.pre

Hacking the Dlink 502T router

I have upgraded my 256kbps ADSL to 512kbps and it is bundled with Dlink 502T router. Soon after installation I found that it runs Linux :). Hacker inside me decided to play around this router.

How do I Log in to router interface via telnet

You can login over telnet. This is common feature of all router these days and this the only way to hack into box:

=> Default IP:
=> Default Username: admin (or use root both are having UID 0)
=> Default Password: admin

WARNING! These examples are not about stealing other users bandwidth or passwords. Most A/DSL provider control many properties on their end. Hacker is a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. This article is not about stealing or cracking other users network equipment.

I have changed IP of router to so here is my first session:
$ telnet
Sample output:

Connected to
Escape character is '^]'.
BusyBox on (none) login: root
BusyBox v0.61.pre (2005.05.30-08:31+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

Let us see password file, enter:
# cat /etc/passwd


Hack #3: Get more information about router hardware and Linux

Since this is tiny device most of the userland command such as free, uname etc are removed. However /proc file system provides all information.

Display CPU Information
# cat /proc/cpuinfo
Display RAM Information
# cat /proc/meminfo
# free

Display Linux versions
# cat /proc/version

Linux version 2.4.17_mvl21-malta-mips_fp_le (jenny@fd6e) (gcc version 2.95.3 20010315 (release/MontaVista)) #70 Mon May 30 16:34:48 CST 2005

Display list of running Processes:
# ps

Display list of all kernel module:
# lsmod

Hack # 3: Get more information about network

Display list of all network interfaces:
# ifconfig
Get your Internet public IP info:
# ifconfig ppp0

ppp0      Link encap:Point-Point Protocol
          inet addr:61.xxx.xxx.xxx  P-t-P:61.xxx.xxx.xxx  Mask:
          RX packets:69586 errors:0 dropped:0 overruns:0 frame:0
          TX packets:62540 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:80566538 (76.8 Mb)  TX bytes:5349581 (5.1 Mb)

Get default routing information i.e. find out your ISP's router:
# route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
61.xxx.xxx.xxx  *      UH    0      0        0 ppp0     *        U     0      0        0 br0       *            U     1      0        0 br0
default         dsl-xx-00x.xx.x         UG    0      0        0 ppp0

Display ethernet statics such as speed and other details:
# cat /proc/avalanche/eth0_rfc2665_stats

Display DSL modem stats:
# cat /proc/avalanche/avsar_modem_stats

Display Iptables firewall rules:
# iptables -L -n

Flush/Stop firewall rules (don't flush untile and unless you have solid reason to do it )
# /etc/flush_firewall

Hack 4 : Secure your router

(A) Open a web browser such as firefox and login to web based interface. Type url

(B) Enable Firewall
By default firewall is disabled :/? turn it on to protect your router as it runs linux. Click on Home > Wan > Scroll down and select Firewall as Enabled. Click on Apply.

(C) Change default admin password
Click on Tools > Select Administrator and type the password. > Click apply

(D) Save changes and reboot router
Click on Tools > System > Click on Save and Reboot button

Please note that most ISP including Airtel, BSNL and others these days use this router. And by default admin password is not changed by user, in addition to that some software bug exists that allows remote administration via telnet/http. So turning on firewall saves your day.

Hack # 5: Miscellaneous information

Display developer information i.e. the people behind this router development:
# cat /proc/avalanche/developers

Quickly reboot the router:
# reboot

All your binary stored in /bin/ /usr/bin /sbin directory.

More Resources: