PDA

Bekijk de volledige versie : HOW-TO: How to telnet into WL700gE without credentials



MoD
08-07-2006, 13:26
A dirty hack way:

1) create a new message in message board
2) open \\192.168.1.1\myshare1\web\Layout\showMessage.cgi
3) add new row after mv $tempfile1 $file :


/bin/utelnetd &
4) save the file
5) open the message. this will start telentd
6) telnet into the router with


telnet 192.168.1.1

Be aware that telnet is not password protected!

After reboot the changes ar gone.

DaNawq
08-07-2006, 16:49
Okay, after telneting you see the target dir from your source.

I have tried to deselect the micro telnetd from make menuconfig in apps dir and to select the one from busybox.

But after recompiling the configs get overwritten somehow with the old settings.
The same by just adding dmesg to test it over telnet and so on...

Just few hours left to test until the game of Germany ;)

UPDATE:

I have successfully replaced the micro telnet with the better one from busybox, but now it seems that I have to setup a specific login environement.

Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
Connection closed by foreign host.

MoD
08-07-2006, 23:53
Okay, after telneting you see the target dir from your source.

I have tried to deselect the micro telnetd from make menuconfig in apps dir and to select the one from busybox.

But after recompiling the configs get overwritten somehow with the old settings.
The same by just adding dmesg to test it over telnet and so on...

Just few hours left to test until the game of Germany ;)

UPDATE:

I have successfully replaced the micro telnet with the better one from busybox, but now it seems that I have to setup a specific login environement.

Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
Connection closed by foreign host.

Could you tell me how you did that? busybox settings are replaced. They are stored in .config file whitch is owerwrited while copiling from NASoC_config file.

How did you manage to start telnetd?

DaNawq
09-07-2006, 13:23
You do have to edit the Config_ASUS and the symlink .config (to NASoC-config) directly with an editor. (While compiling you will be asked about additional options resulting from your editing)

Telnet login now does also work by activating the normal micro telnetd and login from busybox. (Don't know weather you really need login)

Root password is changed when you follow the /etc/passwd symlinks to /shares/MYVOLUME1/__pdc/passwd (Must be done directly on the router with telnet and vi for example).

Using passwd from busybox to change root password would be smarter but doesn't work for me ;( - passwd: An error occurred updating the password file.

Hmm, what to do next ;) ssh would be nice^^

MoD
09-07-2006, 17:02
You do have to edit the Config_ASUS and the symlink .config (to NASoC-config) directly with an editor. (While compiling you will be asked about additional options resulting from your editing)

Hmm, what to do next ;) ssh would be nice^^

If I understand you correctly, then you removed the utelnetd by editing Config_ASUS and added busybox telnetd by editing NASoC-config?

Did you succeed with launching the telnet daemon on router startup?

I noticed that in directory rc.asus in file services_ex.c there is function start_misc() whitch should launch also utelnetd if nvram variable utelnet_enable is set to 1. To enable telnet do the following:

nvram set utelnet_enable=1
nvram commit

MoD
09-07-2006, 18:07
Hmm, what to do next ;) ssh would be nice^^

What next? I would prefer to see posibility to store ipkg applicatons on USB drive like for wl500g router. It is not good idea to store it IDE drive - it will spin all the time:(

# df
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/ide/host2/bus0/target0/lun0/part1 43644 43644 0 100% /
/dev/se/2 160200416 856908 159343508 1% /shares/MYVOLUME1

# mount
/dev/ide/host2/bus0/target0/lun0/part1 on / type cramfs (rw)
/dev on /dev type devfs (rw)
proc on /proc type proc (rw)
usbdevfs on /proc/bus/usb type usbdevfs (rw)
ramfs on /tmp type ramfs (rw)
ramfs on /shares type ramfs (rw)
ramfs on /foreign_shares type ramfs (rw)
/dev/se/2 on /shares/MYVOLUME1 type reiserfs (rw)


# fdisk -l

Disk /dev/ide/host2/bus0/target0/lun0/disc: 164.6 GB, 164696555520 bytes
255 heads, 63 sectors/track, 20023 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/ide/host2/bus0/target0/lun0/disc doesn't contain a valid partition table