BusyBox provides a fairly complete environment for any small or embedded system. BusyBox has been written with size-optimization and limited resources in mind. It is also extremely modular so you can easily include or exclude commands (or features) at compile time. This makes it easy to customize your embedded systems. To create a working system, just add some device nodes in /dev, a few configuration files in /etc, and a Linux kernel.

http://www.busybox.net/screenshot.html

Once we have access... we  will then issue some Commands to Grab some Details.

TELNET OR NETCAT SECTION

Ok so now we have Enabled the Debug mode we are able to Telnet or Netcat  to the setup via port 23,. To do this we open a Command Prompt and Type in either .

telnet 192.168.1.1 or if using Netcat  netcat  192.168.1.1 23 you should be greeted with a connection window...sometime you might be prompted for U/P which is user :admin  pass:password but most of the time you will have access like image below using telnet

Now if you have never come across Busybox i suggest you try it , Its a great tool and can be used as a learning curve for a full Blown distro , you can download the source and compile via linux to an exe..with various configurations ...it uses the Ash shell , and once compiled  you can access it via ./busybox ash from linux .

I compiled it to use the Full package applets , reason is i wanted to try the program and understand its full power , it is like having a mini linux with all the power and tools over 1000 at your command...BUT the beauty of it is its most likely already installed via your routers firmware a list can be found here http://en.wikipedia.org/wiki/BusyBox So all you have to do is to have your Router in Debug mode to access it...UNIX without Installing.

It is really a Nice stepping stone if you want to get the feel of an Alternative OS  with that Linux touch i highly recommend Busybox if you are considering  setting up a VPN or Similar.

So we now have access to Busybox what Next ?

Well we can start to gather some information about your target ...this includes private Data and disclosure of secure access points details First we  use ls to see folder paths cat is going to be used to view the files and grep to find details within the file for instance we issue this command: #cat /tmp/nvram ¦ grep pppoa_ will give us details of the user name and login

#cat /tmp/nvram ¦ grep wifi_passphrase will give us the wifi  =passphase output another useful command is #cat /etc/passwd  will give us root details and  #cat /etc/htpasswd will confirm the debug login of router. ps will show you the running processes and disclose paths. See example below of some of the above inputs with the results:

You can issue many commands explore and test your inputs and navigate the folders looking for other information. Just respect what you find and don’t disclose to 3rd parties what you have done.

Disclaimer:  I hope you found this Tutorial Useful, I hold No responsibility for your actions, This Tutorial is for Demonstration purposes only, And is NOT to be used for any malicious purposes.  This Tutorial can be Distributed Freely and must NOT be modified without my Consent any Publication must include Credit to the Author i.e. Me

This Demonstration is Dedicated to All GSO members : http://www.governmentsecurity.org/forum

Please Visit my Blog at http://kaltech.blogspot.com for security news and Links

Kind Regards

Kenny GSO Admin Team