Hacking WRT54G with Linux

1
Hacking WRT54G with Linux
Presentation Prepared By Dan Scarberry TJ
Dziedzinski Jeremy Leung
2114
2
Overview

• First, it relies on the linksys bug in the ping
  utility
• The ping hack is done as follows
• 1. Go to the System tab of the router config.
• 2. Hit the "ping test" button.
• 3. Anything that is included in the "IP Address
  or Domain Name" box will be executed once you hit
  ping, providing the command is enclosed with
  marks, ie /usr/sbin/wl -i eth2 txpwr 84

3
Overview Cont.

• Two types of installs
• RAM Disk
• Creating Your Own Firmware
• A Pre-built Firmware Upgrade
• Router Hardware
• 125mhz MIPS Processor
• 16 megs ram
• Kernel 2.4.5

4
WTF?
5
RAM Disk Install

• Use www.batbox.org/wrt54g-linux.html to download
  software
• Can install with Linux or OSX(they are almost the
  same)
• 1. Modify the script called wrt54g.sh to change
  the ip address and password of the router
• It uses Java. If you prefer to use WGet, just
  un-comment the line in the script
• The script is unknown of working with the new
  version of linksys, but you can download and
  update from their site. This one is being tested
  on 2.02.2

6
Editing the Script

• Open the file with the command Nano Wrt54g.sh
• To use WGet uncomment these lines
• PROGRAM"wget --quiet --http-userUSER
  --http-passwdPASSWORD"
• EXTRA""
• if you want to use curl, uncomment this
• PROGRAM"curl --silent --output /dev/null
  --user adminPASSWORD"
• EXTRA"

7
Router Identification

• Insert your routers IP address here
• the IP address of your wrt54g
• HOST192.168.1.1
• And its login password here
• the login password on your wrt54g
• PASSWORDYourPassword
• Close script and save changes

8
Piecing Together Your Package

• 2. Before executing the script youll decide
  what packages to include
• The file that you download is called distro.tar
• UnTar it and then you can add or subtract files
  from it.
• By default it has an SSH, Snort, and iptraf
• Re-Tar the file when done.
• You want to power cycle the router to clear the
  ram disk after each execution of the script

9
Running the Script

• Still at the console type in ./wrt54g.sh
• Run that and you should see a screen that says
• - Installing to 192.168.1.2
• - Making copy of receive tool
• - Starting receive tool
• - Sending bootstrap
• After that, you should be able to Remotely
  Connect to the box.

Menu
10
WTF?
11
Creating Your Own Firmware

• -Check out this site for a complete guide on
  using CramFS to create your own
• http//www.seattlewireless.net/index.cgi/LinksysWr
  t54ghead-a1fd58ae09a5a3081e9851a6c18cccd65529da88
  
• -Or you can use wrtgen at this site
• http//nocat.net/downloads/wrtgen/
• And those will create your binaries for ya

Menu
12
WTF?
13
Pre-built Firmware Upgrade

• We can go with a prebuilt binaries from companies
  such as sveasoft
• www.sveasoft.com
• Quick, Easy, and it has a huge amount of great
  utilities
• SSH, Telnet, Cron,WDS
• You can clear everything on the network by
  DNS(names)
• Or you can create your own by using programs such
  as CramFS and WrtGen
• Advantages of creating your own is that you can
  do bad things like
• Trojans, backdoors, etc.
• Or good things like customizing to your liking

14
Pre-built Firmware Install

• -This site has links to where to download the
  firmware for free
• http//slashdot.org/Theindividual/journal/
• Were going to be using Sveasoft.Firmware.Alchemy_
  6rc5
• Unzip the zip file
• Log Into Your Router
• Find the Firmware Upgrade Tab
• Click on browse and navigate to the bin file that
  you extracted from the zip file
• Then power off the router
• Turn it on and check out the services
• Try putting programs on it
• Kismet - Rasmuss Toy Page
• WinSCP

15
(No Transcript)