Saturday, January 29, 2011

Hacking Beetel 220x ADSL router (Broadcom BCM6338)


This router is based upon Broadcom BCM6338 chipset. This router is used by Airtel, BSNL and other ISPs in India.

Hack # 1 : How to Login into Router                                                

Login over telnet. This is a common feature of all router these days and this the only way to hack into box:
Default IP: 192.168.1.1
Default Username: admin
Default Password: password
I have changed IP of router to 192.168.1.254 so here is my first session:
$ telnet 192.168.1.254
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.
BCM96338 ADSL Router
Login: admin
password: ********
Once you are logged in you will see menu:
Main Menu
1. ADSL Link State
2. LAN
3. WAN
4. DNS Server
5. Route Setup
6. NAT
7. Firewall
8. Quality Of Service
9. Management
10. Passwords
11. Reset to Default
12. Save and Reboot
13. Exit
->
Hack # 2: Get out of this stupid shell menu script/program
Yup, it is stupid stuff and don't waste your time hitting CTRL+C, CTRL+D keys, to get out of this script/program (break shell script), just type sh and hit enter key at arrow prompt ->
-> sh
And you will be taken to shell
BusyBox v1.00 (2005.09.20-19:57+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
#
Hack # 3: But where is my ls command...
Type ls or dir command,
# ls
ls: not found
# dir
dir: not found
They have removed the ls and dir command. But don't worry you can use old echo command trick:
# echo *
bin dev etc lib linuxrc mnt proc sbin usr var webs
echo * is old trick which displays list of all files in current directory without using ls or dir command.
Hack #4: Looking for advanced web based configuration, use main.html
Yet another stupid thing, they have removed main.html from web based configuration. Basically main.html is use to configure advanced options of router like port forwarding, DNS setting, firewall etc.
Just type http://192.168.1.254/main.html (replace 192.168.1.254 with your actual router IP address) to get all advanced options.
Hack # 5: Get more information about router hardware and Linux
Since this is tiny device most of the userland command such as free, uname etc are removed. However /proc file system provides all information:
Display CPU Information
# cat /proc/cpuinfo
Display RAM Information
# cat /proc/meminfo
Display Linux versions
# cat /proc/version
Linux version 2.6.8.1 (root@localhost.localdomain) (gcc version 3.4.2) #1 Tue Sep 20 15:52:07 EDT 2005
Display list of running Processes:
# ps 
Display list of all kernel module (drivers):
# cat /proc/modules
Hack # 6: Get more information about your network configuration
Display list of network interfaces
# ifconfig
Get default routing information i.e. find out your ISP's router:
# route
Display Iptables rules
# iptables -L -n
Hack 6 : Secure your router
(A) Fire web browser such as firefox and login to web based interface. Type url http://192.168.1.1/ main.html (or 192.168.1.254/main.html)
(B) Enable Firewall
Click on Security > Ip filtering > Outgoing or Incoming > Click add
(C) Change default admin password
Click on Tools > Select Administrator and type the password. > Click apply
(D) Save changes and reboot router
Click on Management > Access Control > Password > Select Admin > Setup new password
Save changes and reboot router.
Quick reboot router with reboot command:
# reboot
See also:

1 comments:

i want to access wan status direct from modem
( WA3002g4 )

Instead

http://192.168.1.1/statswan.cmd

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More