Hacking the Netgear WGT624 v4 router
August 31st, 2008 by chris
I own a Netgear WGT624 v4 router. This router runs a MIPS embedded version of Linux and I was curious whether it is possible to get shell access.
So far, I have failed, but in case anyone else is interested, I did find these things:
- There is a useful webpage with details about a similar router at http://www.castalie.org/projects/DM111P.html
- The latest firmware image is available from Netgear at ftp://downloads.netgear.com/files/WGT624v4-V2.0.13_2.0.14.chk.
-
Root filesystem
Using Fedora Core 9, it is possible to mount the root filesystem from this image.
dd if=WGT624v4-V2.0.13_2.0.14.chk of=rootfs.image bs=1 skip=58
mount rootfs.image /mnt/WGT624_rootfs -o loopHere is a tarball containing these files from the root filesystem.
(It will be mounted using the squashfs LZMA filesystem.)
-
Telnet access
The router has a back door from the local LAN. A telnet server can be activated using the telnetenable utility.
Unfortunately, I do not know the username and password to log on to the router with telnet.
-
Root password
There is a file in the above image called “shadow”, this holds an entry for the router root password:
root:$1$$zdlNHiCDxYDfeF4MZL.H3/:10933:0:99999:7:::
This is a FreeBSD MD5 password hash ($1$$zdlNHiCDxYDfeF4MZL.H3/) i.e. the MD5 checksum of the password is 7f1a6793eb3c3df9ac6a6460e5054c45.
I have not yet been able to determine the password from this hash.
Hi Chris!
I have the same router and I’m thinking of hacking the unit.
Have you tried the username/password provided at:
http://wiki.openwrt.org/OpenWrtDocs/Hardware/Netgear/TelnetConsole
Cheers
Alberto
Alberto:
I have the same router and want to load OpenWrt or DD-WRT, I tried the username/password provided and it did not work. I’m currently attempting to BF the MD5.
Thom
any progress on this or did you give up on it?
Hi smileboot
If you contact me via the form on this site, I’ll let you know the latest.
Chris.
I’m also interested in knowing the latest news about your research
I was able to activate telnet on this type of router. I’m very interested in getting the login/password for it. Although it would be better if you could open up port 22 instead. Telnet sends everything in cleartext. I’m wondering what sort of Opersource firmware will fit & work on it. Also I want to find out what the hardware specifications are for the WGT624 v4.
Hello there Chris. My name is Doug Young and I was wondering if you got any further with your quest to hack your netgear wgt624 v4. I have the same router and an trying to figure out what the username and password combination are for the telnetEnable to enable my router to be a repeater, I understand they changed from Gearguy and Geardog in v4. Any luck so far?
Cheers,
Doug
I have been everywhere and can’t find the user/password either for telnet. Has any had success yet for V4?
Hi Chris,
I’m trying to use telnetEnable on a WGT624 v4 (like many of your other readers). Were you ever able to figure out how to get into the router through telnet? I am having the same problem as Doug.
Thanks!
Zeke
I am also looking for telnet user/password for the WGT624v4 router. Any info would be great!
Cheers,
Bob
Hello Chris,
to access the router via telnet, use
User: Gearguy
Password: Geardog
as the credentials.
Regards,
Stefan