Hacking BSNL router DNA-A211

Everyone who has Internet connection need a kind of router and each machine needs some operating system code to run that.

DNA-A211 is a router provided by BSNL in India, and It does have a OS Running inside and to the grace of GNU its running GNU/Linux inside, having Minimal BusyBox Pre-loaded..

So, How do I access this machine??

We all usually access this using the Web interface provided by BSNL, generally running on port number 80.
To access that, access this IP through any web browser..

http://192.168.1.1/ 

Screenshot from 2013-05-12 18:21:06
So, If its not this IP, How can I find the IP of my router?

Yeah, sure, there are many chances this IP can be different and in that case, you can find it using this command in linux shell

 raj@raj:~$ arp
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.1              ether   00:1b:57:a2:a6:a0   C                     wlan0
raj@raj:~$ 

Okay. I got it and able to access this through the web interface.. But how can I access the shell??

Even though it has linux under the hood and has a minimal busybox, it doesnt provide all services like SSH. But it does have telnet running inside.
So just try this with user name as admin and password as admin in-case if its not changed.

raj@raj:~$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
BCM96338 ADSL Router
Login: admin
Password: 
> 

Voila.. I got in… Now what next??

Get available commands using

? 

You will have an output like


> ?

?
help
logout
reboot
adsl
atm
brctl
cat
df
dumpcfg
echo
ifconfig
kill
arp
defaultgateway
dhcpserver
dns
lan
passwd
ppp
remoteaccess
restoredefault
route
save
swversion
wan
serialnum
ping
ps
pwd
sntp
sysinfo
tftp
wlctl

>

Okay.. How can I launch the Busybox shell??

Run this command in the prompt..

> sh


BusyBox v1.00 (2009.02.27-11:34+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.

# help

Built-in commands:
-------------------
        . : break cd continue eval exec exit export help login newgrp
        read readonly set shift times trap umask wait [ busybox cat chmod
        date df dmesg echo expr false ftpget ifconfig init insmod ip
        iproute kill klogd linuxrc ln logger logread mkdir mount msh
        ping ping6 ps pwd reboot rm rmmod route sendarp sh sysinfo syslogd
        test tftpd top true tty vconfig

# 

Now you can play with the available commands in this..

Advertisements

Author: Shingu

Search in pursuit. Help me if you can.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s