This is my starting entry beginning with a little tutorial on howto hacking the Netgear WGR614 v7(also works for v3,5,6; possibly v4, too):
WHY: (Skip this part if you´re only interested in the tutorial)
The pre-history of this Tutorial is that I am working on a hack for the MediaReceiver 300(currently distributed with the "T-Home Package" in Germany); in order to do this I was going to analyze the HTTP-Requests beeing sent by the MR300; in addition to forwarding all Requests on port 80 to my IP-Address I thought that it would be an awesome function beeing able to forward any sort of outgoing connection to my IP; so as the web-interface-NAT-config of the Netgear WGR614 really sucks I figured I needed root access to the router;
How did I notice that there is a TELNET-Daemon running on the WGR614? It´s easy, a while ago I portscanned my router and I saw that the TELNET port(23) was open -> My first attempt was rejected, until I noticed(Thanks to seattlewireless.net) that there was a tool at the Korean NG-Support site to unlock said Telnet Daemon. Now the Tutorial:
HOW:
1. Get your routers ip & mac
->cmd-> "ipconfig"(look for standardgateway) and then "arp -a" ( will show you the arp table containing your router´s mac, e.g. 00-1a-2g-52-af-1c
2. Download the Telnet tool
!Warning! I do not take any kind of responsibility for this and/or other tools linked in this blog - use at your own risk!
CLICK ME!
3. Activate the Telnet-Daemon
Open a new commandline with Admin-rights->cd to the correct folder-> then replace the ip I wrote with your IP(from ipconfig/standardgateway) and replace my MAC with yours(from the arp table); substitute every lower case character(e.g. "a") with it´s upper case char("A") and finally delete all the "-" between the blocks.
then type:
"telnetenable.exe 140.140.140.140 001A2G52AF1C Gearguy Geardog"
Gearguy/dog is the Netgear standard root Login to the device(I saw this Username/PW the first time when I read a saved config file from the router - all unencrypted)
4. Go login via Telnet and enjoy your newly unlocked Router! ("help" shows you all commands available)
BTW: the "time" referrs to the time the Firmware was updated
Additional Stuff:
-Use your Router as a WiFi Card for sniffing new networks(router -> good antenna -> more range than your normal card):
It might be possible to get the chipset into monitoring wifi data in order to crack WEP-Keys and stuff, but therefore we would have to speak to the chip directly, which is quite hard because i don´t know about atheros drivers for riscOS(the router´s OS)
1. Open your SSH-session(I recommend PuTTy)
2. Type "wla" ; type "find all"
3. wait for the router to scan all channels and then wait for the log; grab the log and have some fun ; )
what is the purpose of doing all that work? will it make it a wireless bridge or repeater?
AntwortenLöschenHey bro,
AntwortenLöschenI just wanna say Thank You!
Thanks a lot! Great tutorial!
AntwortenLöschen