Sunday, October 3, 2010
Tuesday, December 15, 2009
DD-WRT hacks
Hacks that you might find useful if you run a router with DD-WRT firmware installed:
a) Do not run v24sp1 (build 10002 (?) ) if you can avoid it. The MAC Filtering feature is borked.
b) ssh in, and run top to see the process list. Chances are, if you have https enabled, httpd is consuming an unfair amount of CPU cycles/memory allocations. If you want to lower the CPU utilization and prevent others from messing with it, try:
ps | grep httpd
and then kill -9 (pid of httpd).
To bring it back up, simply run:
httpd -S
b) You an dump a plaintext version of the current config using
nvram show > config.txt.
Then you can simply use scp to copy it out.
c) By the same vein, you can directly tamper with the router configuration by doing:
nvram set (parameter name)=(argument)
For example, if you mount an SMB partition and it requires dengue_fever as password, you can specify the partition password by doing:
nvram set samba_password=dengue_fever
and then verify it by doing:
nvram get samba_password
Note: Most passwords are stored in plaintext (especially stuff like DynDNS.org auth settings), so use a disposable password and don't get lazy!
d) A careless mistake made by newbies is forgetting to clear the router settings when upgrading from a v22 build. The issue is that versions above v22 uses a different http/https password hashing scheme, so after the upgrade the user cannot log into the router. If that happens, ssh in, and then clear both the http_passwd and the newhttp_passwd using nvram set (just leave the parameter blank). This would allow you to log in using a blank password. Change this password immediately!
e) 2 important setting to eyeball is the MAC filtering list (wl0_maclist) and the port range forwarding list (forward_port). I would say that you would want to write scripts to dump and restore them. Note that the MAC filtering list needs a hardware reboot after changes are made.
f) iptables -nVL shows you the current firewall rules. Fun little thing, iptables.
a) Do not run v24sp1 (build 10002 (?) ) if you can avoid it. The MAC Filtering feature is borked.
b) ssh in, and run top to see the process list. Chances are, if you have https enabled, httpd is consuming an unfair amount of CPU cycles/memory allocations. If you want to lower the CPU utilization and prevent others from messing with it, try:
ps | grep httpd
and then kill -9 (pid of httpd).
To bring it back up, simply run:
httpd -S
b) You an dump a plaintext version of the current config using
nvram show > config.txt.
Then you can simply use scp to copy it out.
c) By the same vein, you can directly tamper with the router configuration by doing:
nvram set (parameter name)=(argument)
For example, if you mount an SMB partition and it requires dengue_fever as password, you can specify the partition password by doing:
nvram set samba_password=dengue_fever
and then verify it by doing:
nvram get samba_password
Note: Most passwords are stored in plaintext (especially stuff like DynDNS.org auth settings), so use a disposable password and don't get lazy!
d) A careless mistake made by newbies is forgetting to clear the router settings when upgrading from a v22 build. The issue is that versions above v22 uses a different http/https password hashing scheme, so after the upgrade the user cannot log into the router. If that happens, ssh in, and then clear both the http_passwd and the newhttp_passwd using nvram set (just leave the parameter blank). This would allow you to log in using a blank password. Change this password immediately!
e) 2 important setting to eyeball is the MAC filtering list (wl0_maclist) and the port range forwarding list (forward_port). I would say that you would want to write scripts to dump and restore them. Note that the MAC filtering list needs a hardware reboot after changes are made.
f) iptables -nVL shows you the current firewall rules. Fun little thing, iptables.
Subscribe to:
Comments (Atom)