Results 1 to 6 of 6

Thread: Uses for WRT54G router

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    30

    Post Uses for WRT54G router

    Uses for WRT54G

    Hello. This is an article to introduce the Linksys WRT54G and its capabilities.
    Some of us may know about this, some may not. Hopefully this post will open some new insights and ideas on using the WRT54G to its full capacity.

    As of now, this router is flashed with: v4.71.1, Hyperwrt 2.1b1 + Thibor15c. My router is originally WRT54G, after the flash it shows up as WRT54GS. The difference is the size of ram the router has.

    Warning: When flashing your router, make sure the firmware supports it. Specifically your version.
    Flashing this firmware on a version earlier than version 6 will cause it to be bricked. I've bricked a version 4 myself; I've bought another one since then.

    Anyhow, once you've flashed the firmware, it is time to have some fun.
    Lets get started.
    Navigate to Administration
    Under Management tab, you should see options for SSH.
    Check the check-boxes, fill the necessary boxes and save.
    Now you should be able to SSH in.

    Open up Konsole:
    Code:
    bt ~ # ssh 192.168.1.1
    The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
    RSA key fingerprint is f3:f3:8b:2d:39:1c:20:c4:0b:ee:c7:f0:b8:31:e5:14.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
    root@192.168.1.1's password:
    
    
    BusyBox v1.1.2 (2006.04.29-14:07+0000) Built-in shell (ash)
    Enter 'help' for a list of built-in commands.
    
    #
    Now you are in. Everything should look similar to bash.

    A ls command should reveal:
    Code:
    # ls
    bin   dev   etc   lib   mnt   proc  sbin  tmp   usr   var   www
    #
    Due to the physical size of its RAM, the commands are limited.
    Code:
    # cd bin
    # ls
    ash        df         gunzip     mknod      pwd        sync       watch
    busybox    dmesg      gzip       more       rm         tar        zcat
    cat        echo       hostname   mount      rmdir      touch
    chmod      egrep      kill       mv         run-parts  true
    chown      false      ln         netstat    sed        umount
    cp         fgrep      login      pidof      sh         uname
    date       getopt     ls         ping       sleep      usleep
    dd         grep       mkdir      ps         stty       vi
    Other commands include
    Code:
    # cd /sbin/
    # ls
    check_ps            ifconfig            process_monitor
    check_ses_led       ifdown              qos
    ddns_checkip        ifstat              rc
    ddns_success        ifup                reboot
    detectwan           init                redial
    disconnected_pppoe  insmod              resetbutton
    eou_status          ipupdated           restore
    erase               klogd               rmmod
    fdisk               led                 route
    filter              listen              sendudp
    filtersync          lsmod               ses_led
    gpio                misc                stats
    gtime               mkswap              swapoff
    halt                modprobe            swapon
    hb_connect          ntpd                sysctl
    hb_disconnect       poptop              syslogd
    hotplug             poweroff            udhcpc
    hwclock             ppp_event           write
    #
    It may be possible to edit the firmware to include your favorite applications. However, I cannot provide expertise on that topic.

    Keep in mind, this firmware uses SquashFS, so it is read-only.
    Code:
    # mount
    /dev/root on / type squashfs (ro)
    none on /dev type devfs (rw)
    proc on /proc type proc (rw)
    ramfs on /tmp type ramfs (rw)
    #
    You may be able to edit the firmware to change the file system? I'm not too sure.
    Note: WRT54G has its source code released under GNU license.

    You may use a networked drive, using mount, to use other programs, such as ettercap.

    And, yes, network interfaces show up:
    Code:
    # ifconfig
    br0        Link encap:Ethernet  HWaddr 00:14:BF:1F:47:5E
              inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:6234 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4606 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:738247 (720.9 KiB)  TX bytes:3662624 (3.4 MiB)
    
    eth0       Link encap:Ethernet  HWaddr 00:14:BF:1F:47:5E
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:49894534 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2577586 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:3104262220 (2.8 GiB)  TX bytes:300208107 (286.2 MiB)
              Interrupt:4 Base address:0x1000
    
    eth1       Link encap:Ethernet  HWaddr 00:14:BF:1F:47:60
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:2566507 errors:0 dropped:0 overruns:0 frame:7411492
              TX packets:3149620 errors:239 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:282062671 (268.9 MiB)  TX bytes:4007789503 (3.7 GiB)
              Interrupt:2 Base address:0x5000
    
    lo         Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
              RX packets:11 errors:0 dropped:0 overruns:0 frame:0
              TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:884 (884.0 B)  TX bytes:884 (884.0 B)
    
    vlan0      Link encap:Ethernet  HWaddr 00:14:BF:1F:47:5E
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:720 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B)  TX bytes:292732 (285.8 KiB)
    
    vlan1      Link encap:Ethernet  HWaddr 00:14:BF:1F:47:5F
              inet addr:207.210.26.88  Bcast:207.210.27.255  Mask:255.255.252.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:163286 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4811 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:11483493 (10.9 MiB)  TX bytes:726737 (709.7 KiB)
    
    #

    We may find it interesting to run commands from ssh. There are a lot of uses for this.
    As a side note, when you create a tunnel directly to your router, which is connected to the cable modem, the information transmitted from your computer to the WAN is encrypted.
    Thanks for reading the post, and hopefully it opens some doors for interesting pentesting.

  2. #2
    Junior Member
    Join Date
    Jun 2008
    Posts
    30

    Post

    Quote Originally Posted by sunapi386 View Post
    And, yes, network interfaces show up
    On a side note,
    eth0 is to cable modem
    eth1 to a lan computer server
    vlan0, vlan1 are wireless clients.

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I appreciate the post however it has nothing to do with backtrack and we already have quite a few threads for wrt routers already going so feel free to read through those for some more tips for yourself.

    I prefer the openwrt firmware which is what i run on all my routers at home. I also have sd card mods on all my routers and the all run tcpdump,dsniff, ettercap and varios other sniffer tools.

    You may also look into dd-wrt which has a very cool project called autoap. I have a mobile wrt54L which runs that and all the sniffer tools and the sends the info home via ssh. I love working with the routers. My next project actually is to upgrade my "evilAP's" flash memory from 16mb to 64mb.

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Posts
    30

    Default

    Quote Originally Posted by pureh@te View Post
    My next project actually is to upgrade my "evilAP's" flash memory from 16mb to 64mb.
    Now that HAS to be a good tutorial! I'll be waiting.

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    If you really want to do odd and fantastic things with a WRT54g, buy "Linksys WRT54G Ultimate Hacking" by Paul Asadoorian and Larry Pesce. Yes, that's Paul and Uncle Larry of pauldotcom.com, the guys who heralded the release of BT3 Final just this week.

    I've been fiddling around with the WRT54g since v1 was released, and the book taught me more than a few tricks. Buy this book! (Besides, Larry is a friend, and he could use the cash! )
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I bought it It is very helpful in the beginning stages of wrt building.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •