Getting a full Shell on D-Link DSL-320B
- in a nutshell:
This time not a big thing ... more a nice detail on getting a shell on the DSL-320B device.
If you are doing a portscan on your local network with Nmap you will see the following output:
PORT STATE SERVICE VERSION
21/tcp open ftp D-Link or USRobotics ADSL router firmware update ftpd
22/tcp open tcpwrapped
23/tcp open telnet D-Link DSL-2542B ADSL router telnetd
80/tcp open http?
You could login with the credentials from the webinterface and you get a stripped access:
root@bt:~# telnet 192.168.178.111
Trying 192.168.178.111...
Connected to 192.168.178.111.
Escape character is '^]'.
TESTING MODEL ADSL Router
Login: admin
Password:
> help
?
help
logout
reboot
adsl
atm
brctl
cat
df
dumpcfg
echo
ifconfig
kill
arp
defaultgateway
dhcpserver
dns
lan
passwd
ppp
remoteaccess
restoredefault
route
save
swversion
wan
virtualserver
ping
ps
pwd
sntp
sysinfo
tftp
To get a full shell just type sh ;)
> sh
app: sh
BusyBox v1.00 (2010.12.28-10:26+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
# cat /proc/cpuinfo
system type : 96332CG
processor : 0
cpu model : BCM6338 V1.0
BogoMIPS : 239.20
wait instruction : no
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : no
unaligned access : 190140
VCED exceptions : not available
VCEI exceptions : not available
More stuff is coming soon ;)
have phun
mIke
Recent comments
7 years 5 weeks ago
8 years 16 weeks ago
8 years 28 weeks ago
8 years 29 weeks ago
8 years 29 weeks ago
8 years 41 weeks ago
8 years 50 weeks ago
9 years 1 week ago
9 years 5 weeks ago
9 years 5 weeks ago