BSNL now a days is providing a adsl router made by SemIndia Systems and the model names are similar to DNA-A201 or DNA-A211-1. In this article we are going to hack into this router to learn more about it.

Bsnl Wimax Hacking Tricks Tutorial For Beginning. 3/4/2018 0 Comments Ethical Team is presenting before the latest Free internet of major networks operating in India so. Try and Enjoy!!! Look at most relevant How to hack bsnl wimax speed websites out of 41.3 Thousand at KeyOptimize.com. How to hack bsnl wimax speed found at quora.com. Yesterday, we learned about hacking websites using SQLMAP and advanced persistent threats. Today, we are going to learn how to break into BSNL ADSL routers. Hacking BSNL broadband routers is quite interesting, so Hackingloops has developed a tutorial on Hacking BSNL broadband routers.

You might not know that this small and innocent looking modem is actually a 'Linux CPU'. Lets get into it. First do a nmap scan of this modem. Here is a quick example

The http port is open and that is why we are able to access the administration page from http://192.168.1.1/
But apart from http the telnet port is also open. So why not try connecting to it.

Wow! we are able to login into the telnet daemon of our router using the default username/password of admin/admin.
What next.. type in the help command and hit enter. It will list the supported commands somewhat like this

Some of these are the common terminal commands on linux. ps, pwd, ping, cat etc. So lets see the current working directory using pwd.

Listing directories

So we are in the root directory of the filesystem. The ls command is not available. So we have to use another trick to list the directories. And the trick is echo *

Cool! Now those directories are found on any linux system like Ubuntu, Fedora etc.

/etc/passwd file

You might next want to see the password file /etc/passwd. The cat command is available and can be used for this.

Thats a linux password file.

Linux version

The uname command is not available so to get the linux kernel version and other details use the following command

So that shows the linux kernel version and some extra details.

Better shell

The above shell can be improved by running the sh command.

So now we get a BusyBox shell. Once again we can type the help command to see what all is available.

This time we have a few additional commands available, like cd, mkdir, date, eval, exec etc and even mount.
A list of all possible commands that Busybox can have is available here.

CPU/RAM Information

The details about CPU and architecture can be found out using the following command

Its an MIPS based 32bit processor. You can compile C programs for this platform using an mips compiler. Check http://developer.mips.com/tools/compilers/ for more information. Also check http://people.debian.org/~debacle/cross/.

RAM information

So the device seems to have around 6MB of inbuilt memory.

Vst torrent. There are many other files in the /proc directory that can be viewed to gather more information about the system.

Try viewing other files and see what comes up.

Get Current username

The whoami command is not available to the echo command has to be used to find the current username, home directory etc.

Writing files

The var directory is writable. And files have to be created using the echo command.

Remote files can be downloaded onto the router as well. The ftpget command is available for this. The exact syntax can be found at http://www.busybox.net/downloads/BusyBox.html.

May be you would like to write and compile a C program and then upload it to this router.

Hacking remote routers

You can discover remote routers with a simple nmap command like this

This command just scans all the Bsnl broadband ips to see which are alive and have a port 80 open. If its micro_httpd then its most likely a SemIndia router with BusyBox shell. The 'Embedded Allegro RomPager' are Airtel Binatone and Beetel modems being used by Bsnl broadband users.

One way to irritate other users is to restart the remote router by issuing the reboot command in the telnet terminal. But that would not be much fun.

Hack into the LAN

The arp command can be used on the remote router to list its LAN nodes or all the computers in its internal network. Its quite simple

The HW/mac address has been hidden for privacy purpose. Now the router tells us who is inside the network.
Note that that arp command shall not be available in the sh shell. It will only be available in the telnet session.

Any of the internal nodes can be pinged

From here on it might be possible to do some advanced hacking. The insmod command is available that can be used to load kernel modules.

Hackers would like to make a remote router forward a copy of all network traffic to their own machine so that information can be stolen. The iptables command is available and can be used to do this. Manual router huawei hg530 español.

Conclusion

It would be a good idea to protect your own router from such hack attempts from the internet. This can be done by disabling remote logins to telnet, http etc. Login into your configuration page and http://192.168.1.1 and find out how to do that.

This hacking technique is not only applicable to just Bsnl routers. Other isps like airtel are also using similar routers. So it might be possible to try the same thing on them as well. Just need to scan the ip range.

Rest is your creativity. Research and find out what else can be done on such routers.