Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
livebox:commandlineaccess [2013/02/22 14:56] – [Livebox Command line Access] minerva9 | livebox:commandlineaccess [2013/09/11 18:29] (current) – [via the Serial Port] minerva9 | ||
---|---|---|---|
Line 3: | Line 3: | ||
<box ground green>At this point you have downgraded your Livebox to firmware 5.04 and it's on your network with an IP of 192.168.1.1 what we need to do next is exploit a bug in its webserver so we can get to the command line.</ | <box ground green>At this point you have downgraded your Livebox to firmware 5.04 and it's on your network with an IP of 192.168.1.1 what we need to do next is exploit a bug in its webserver so we can get to the command line.</ | ||
- | <note warning> | + | <note warning> |
</ | </ | ||
The Inventel Livebox box has a root password that isn't known, so how can you get to a shell prompt? | The Inventel Livebox box has a root password that isn't known, so how can you get to a shell prompt? | ||
There are two methods to breaking into your livebox | There are two methods to breaking into your livebox | ||
- | * [[# | + | * [[# |
* [[# | * [[# | ||
Line 35: | Line 35: | ||
- an MMJ to RJ11 cable | - an MMJ to RJ11 cable | ||
- | - a PCB that holds the Max3232 | + | - a PCB that holds the Max3232cpe |
- an original Cisco console cable (worth £5 alone) RJ45 to DB9 | - an original Cisco console cable (worth £5 alone) RJ45 to DB9 | ||
Line 41: | Line 41: | ||
Be sure not to allow the PCB to touch metal objects - 5VDC is present on the PCB. | Be sure not to allow the PCB to touch metal objects - 5VDC is present on the PCB. | ||
- | {{:livebox:livebox_console_pcb.jpg|Livebox Console Board }} {{: | + | |
+ | {{:livebox:p1000649.jpg?200}} {{: | ||
===== via the Serial Port ===== | ===== via the Serial Port ===== | ||
Line 48: | Line 50: | ||
</ | </ | ||
- | {{: | + | {{: |
{{http:// | {{http:// | ||
On the PCB, there are solder pads for an RJ11 style socket - but no socket is populated on the board. It was hoped that this might expose a second serial port, but this is not the case. | On the PCB, there are solder pads for an RJ11 style socket - but no socket is populated on the board. It was hoped that this might expose a second serial port, but this is not the case. | ||
- | * http://www.agp.dsl.pipex.com/schematic.html | + | * http://andyp.dyndns.info/ |
When connected at 115200 Baud, No Parity , 8 Data Bits , 1 Stop Bit we are presented with a Login prompt. | When connected at 115200 Baud, No Parity , 8 Data Bits , 1 Stop Bit we are presented with a Login prompt. | ||
So now getting in is going to be so much easier. | So now getting in is going to be so much easier. | ||
+ | |||
+ | First change the livebox hostname to what is below and Save. | ||
< | < | ||
;echo root:: | ;echo root:: | ||
+ | </ | ||
+ | Then change the livebox hostname to what is below and Save. | ||
+ | < | ||
;cp /tmp/x /etc/passwd | ;cp /tmp/x /etc/passwd | ||
</ | </ | ||
Line 95: | Line 102: | ||
# fcp -v redboot_blueg5.6-patched /dev/mtd0 | # fcp -v redboot_blueg5.6-patched /dev/mtd0 | ||
</ | </ | ||
- | |||
===== With telnet ===== | ===== With telnet ===== |