I have been messing around on my friends network and I noticed that he has a very generic set up.
Router: Netgear DG834N
IP Range 192.168.0.1/255
Router Login: DEFAULT.
I let him know that it was perhaps not the best set up an offered to sort it out for him if he let me have a play around first. He agreed so now I have a question.
I browsed to the router at 192.168.0.1 and tried to log in with all the usual admin/password combos and got in on my third try.
After a little snooping I figured that I should check the logs:
Sat, 2000-01-01 00:00:20 - Initialize LCP.
Sat, 2000-01-01 00:00:21 - LCP is allowed to come up.
Sat, 2000-01-01 00:00:22 - CHAP authentication success
Sat, 2000-01-01 00:00:32 - Send out NTP request to time-g.netgear.com
Sat, 2000-01-01 00:01:54 - Send out NTP request to time-h.netgear.com
Fri, 2010-03-19 11:13:21 - Receive NTP Reply from time-h.netgear.com
Fri, 2010-03-19 11:11:25 - Router start up
Mon, 2010-03-22 09:13:21 - Send out NTP request to time-g.netgear.com
Mon, 2010-03-22 09:14:23 - Send out NTP request to time-h.netgear.com
Mon, 2010-03-22 09:14:24 - Receive NTP Reply from time-h.netgear.com
Mon, 2010-03-22 10:20:53 - Administrator login successful - IP:192.168.0.53
This got me thinking about log deletion and covering tracks and how it is done.
The only options that the router has are "Refresh","Clear Log" and "Send Log"
I figured I could telnet into the router, but by default telnet is disabled. A google seach later and http://192.168.0.1/setup.cgi?todo=debug had enabled telnet.
So I telnet(ted?) in to the router:
BusyBox v1.00 (2006.10.04-06:55+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
I type help to see what tools i already have to work with
. : alias bg break cd chdir continue eval exec exit export false
fg hash help jobs kill let local pwd read readonly return set
shift times trap true type ulimit umask unalias unset wait
Now I went hunting for the log files and found them in /var/log
there are two files "messages" and "syslog"
I figured I would try and cat the "messages" log although cat was not in the list of tools and it worked, I can see the contents of the file which now shows an additional admin login entry from the running telnet session.
At this point I am now stumped. Without nano or vi, how do I edit out those login entries?
How could I go about adding tools and also enable telnet by default (telnet will turn off upon router reset)?
I am using win7 on my netbook for this. I would use backtrack but it doesn't pick up my screen config and i can't be bothered messing with xorg.conf
Any advice would be great guys