Tearing apart ADSL Router - Beetel 110BX1 ADSL Router

Looks like the bcm96338 based modems are widely used by Indian ISPs not just Airtel.Little bit more google helped me break into the box. Thanks to http://www.cyberciti.biz/tips/hacking-beetel-220x-adsl-router-broadcom-bcm6338.html for the tips.

I found 2 major flaws in the ADSL-router software.

Hack#1: In web browser, key in http://192.168.1.1/main.html Bingo! It opens the web interface No Login/Password asked!! Must be a developer's page, overlooked during release!!

Hack#2: After logging in to telnet, type 'sh' it opens helplessly a Busybox shell coming out of the fixed menu, revealing entire system. so much for 'hardening'!!

Tip: there is no ls.use echo * instead.

In the last post I had mentioned that I am going to find our CPU and Linux Info. Once you got the entire shell these are the least of the info you can find.

Just for the record, The system has IPTables and ebtables, runs linux 2.6.8, gcc version 3.4.2. Looks like the vendor has not been spending $$ on software lately.


Syaonara.