DIR-300 telnetd on original firmware

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Author Message
Gaahl
DD-WRT Novice


Joined: 01 Jan 2009
Posts: 10

PostPosted: Fri Dec 04, 2009 21:14    Post subject: DIR-300 telnetd on original firmware Reply with quote
Hi there.
Playing with nmap I found that DIR-300's firmware has a telnet daemon:

Code:
23/tcp    open     telnet       D-Link WBR-1310 WAP telnetd


However, I couldn't log in, but with one search on teh web I found the following credentials:

login: Alphanetworks
password: wrgg19_c_dlwbr_dir300

which led me to:

Code:
BusyBox v1.00 (2009.03.27-03:15+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.

# help

Built-in commands:
-------------------
        . : break cd continue eval exec exit export help login newgrp
        read readonly set shift times trap umask wait

# pwd
/
# ls
dev     usr     home    sys     bin     var     www
htdocs  etc     lib     sbin    mnt     proc    tmp


I connected from within the LAN, telneting to both the LAN an WAN port, but can anyone test this from outside the LAN, telneting to the WAN port? Providing the one of you still has a DIR-300 with original firmware on it, of course. Smile If this works, it looks pretty bad to me.

I'm using 1.05 from here.


Last edited by Gaahl on Sat Jan 09, 2010 16:56; edited 1 time in total
Sponsor
Dmitry
DD-WRT User


Joined: 10 Apr 2008
Posts: 120

PostPosted: Fri Dec 04, 2009 23:05    Post subject: Re: DIR-300 telnetd on original firmware. Security issue? Reply with quote
Gaahl wrote:
Hi there.
Playing with nmap I found that DIR-300's firmware has a telnet daemon:

Code:
23/tcp    open     telnet       D-Link WBR-1310 WAP telnetd


However, I couldn't log in, but with one search on teh web I found the following credentials:

login: Alphanetworks
password: wrgg19_c_dlwbr_dir300

which led me to:

Code:
BusyBox v1.00 (2009.03.27-03:15+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.

# help

Built-in commands:
-------------------
        . : break cd continue eval exec exit export help login newgrp
        read readonly set shift times trap umask wait

# pwd
/
# ls
dev     usr     home    sys     bin     var     www
htdocs  etc     lib     sbin    mnt     proc    tmp


I connected from within the LAN, telneting to both the LAN an WAN port, but can anyone test this from outside the LAN, telneting to the WAN port? Providing the one of you still has a DIR-300 with original firmware on it, of course. Smile If this works, it looks pretty bad to me.

I'm using 1.05 from here.

You can test from this website. http://www.t1shopper.com/tools/port-scanner/
Are you able to change the password ? passwd ?

_________________
Gaahl
DD-WRT Novice


Joined: 01 Jan 2009
Posts: 10

PostPosted: Sat Dec 05, 2009 15:32    Post subject: Reply with quote
passwd is not available, but password is stored in cleartext, so I think it can be modified. Don't know with which commands though, no text editor is installed.

Anywayz, it seems that the port is not open from the outside. Very well, then Smile
Dmitry
DD-WRT User


Joined: 10 Apr 2008
Posts: 120

PostPosted: Sat Dec 05, 2009 18:20    Post subject: Reply with quote
Gaahl wrote:
passwd is not available, but password is stored in cleartext, so I think it can be modified. Don't know with which commands though, no text editor is installed.

Anywayz, it seems that the port is not open from the outside. Very well, then Smile


Even if it was open then you could portforward this port to some non-existing ip address inside lan.

It should be possible to overwrite file via echo if the file system is writable echo "PASSWORD" > passwords_file

_________________
Gaahl
DD-WRT Novice


Joined: 01 Jan 2009
Posts: 10

PostPosted: Sat Jan 09, 2010 16:55    Post subject: Reply with quote
The filesystem is not writeable, it seems. However, does anyone have any idea if cpu can be overclocked with this thing?
Dmitry
DD-WRT User


Joined: 10 Apr 2008
Posts: 120

PostPosted: Sat Jan 09, 2010 18:02    Post subject: Reply with quote
Gaahl wrote:
The filesystem is not writeable, it seems. However, does anyone have any idea if cpu can be overclocked with this thing?



Yes, however, it was only done on dd-wrt redboot. So, you won't be able to boot stock firmware with it, only dd-wrt, openwrt and openwrt based.

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=30305

_________________
Gaahl
DD-WRT Novice


Joined: 01 Jan 2009
Posts: 10

PostPosted: Sat Jan 09, 2010 18:09    Post subject: Reply with quote
Thanks for the reply; however, I was interested in knowing if this can be done while keeping the original firmware.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum