Jump to content

Router Log Deletion


hypnotoad

Recommended Posts

Hey all

I have been messing around on my friends network and I noticed that he has a very generic set up.

Router: Netgear DG834N

Wireless -

ESSID: NETGEAR

Enc: No

IP Range 192.168.0.1/255

Router Login: DEFAULT.

I let him know that it was perhaps not the best set up an offered to sort it out for him if he let me have a play around first. He agreed so now I have a question.

I browsed to the router at 192.168.0.1 and tried to log in with all the usual admin/password combos and got in on my third try.

After a little snooping I figured that I should check the logs:

Sat, 2000-01-01 00:00:20 - Initialize LCP.

Sat, 2000-01-01 00:00:21 - LCP is allowed to come up.

Sat, 2000-01-01 00:00:22 - CHAP authentication success

Sat, 2000-01-01 00:00:32 - Send out NTP request to time-g.netgear.com

Sat, 2000-01-01 00:01:54 - Send out NTP request to time-h.netgear.com

Fri, 2010-03-19 11:13:21 - Receive NTP Reply from time-h.netgear.com

Fri, 2010-03-19 11:11:25 - Router start up

Mon, 2010-03-22 09:13:21 - Send out NTP request to time-g.netgear.com

Mon, 2010-03-22 09:14:23 - Send out NTP request to time-h.netgear.com

Mon, 2010-03-22 09:14:24 - Receive NTP Reply from time-h.netgear.com

Mon, 2010-03-22 10:20:53 - Administrator login successful - IP:192.168.0.53

This got me thinking about log deletion and covering tracks and how it is done.

The only options that the router has are "Refresh","Clear Log" and "Send Log"

I figured I could telnet into the router, but by default telnet is disabled. A google seach later and http://192.168.0.1/setup.cgi?todo=debug had enabled telnet.

So I telnet(ted?) in to the router:

BusyBox v1.00 (2006.10.04-06:55+0000) Built-in shell (ash)

Enter 'help' for a list of built-in commands.

#

I type help to see what tools i already have to work with

Built-in commands:

-------------------

. : alias bg break cd chdir continue eval exec exit export false

fg hash help jobs kill let local pwd read readonly return set

shift times trap true type ulimit umask unalias unset wait

#

Now I went hunting for the log files and found them in /var/log

there are two files "messages" and "syslog"

I figured I would try and cat the "messages" log although cat was not in the list of tools and it worked, I can see the contents of the file which now shows an additional admin login entry from the running telnet session.

At this point I am now stumped. Without nano or vi, how do I edit out those login entries?

How could I go about adding tools and also enable telnet by default (telnet will turn off upon router reset)?

I am using win7 on my netbook for this. I would use backtrack but it doesn't pick up my screen config and i can't be bothered messing with xorg.conf

Any advice would be great guys

Link to comment
Share on other sites

you telneted into the router but what about tftp? You could download it, edit it, then reupload it with changes. Would need rwx capabilties on the log though, and even if you can telnet in, you probably only have read capabilities, but I wouldn't know without seeing the output. Have you listed all the files on the router? What kinds of commands are available to you and what kind of shell is it?

Edited by digip
Link to comment
Share on other sites

I no longer have access to my friends router for testing purposes. He PAID me £50 to secure it for him on the spot yesterday. I offered to do it for free, but he was really insistent on paying me.. who am I to turn down £50 for 5 mins work ;)

I will see about getting one of these routers myself to carry on experimenting with this (plus I think there is a way to install a NG version of OpenWRT on it), but for now I would call this a closed topic... Thanks for advice digip

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...