I was given a mini router and asked if I could get into it without overwriting the current OS. Firing it up, it picks up an DHCP IP and the only open port is telnet/23.
No other controls, nothing I can enter, just sits there.
Never seen this before. Has someone else?
Since it shows something about ssh, does it mean it's using ssh but on port 23?
It's a device that was put inside of my friends solar installation. The installer abandoned him, leaving him to figure out his own system.
I'm trying to help figure out the whole system. This device probably sends some updates from the solar manager to something but I need to understand what it's doing so I can see what my next steps are.
On port 80, I can see MiniBox v1.0 which I found on the openwrt site it doesn't look the same as this device. This device looks like this;
That is probably not running a genuine OpenWrt version if it doesn't actually reflect that on the web interface. You should contact the manufacturer of that device for help.
I can log in using ssh on port 23 but as soon as I enter a user name like root, it just throws an ssh error.
ssh fatal error
Disconnected. No supported authentication methods available (server sent publickey)
Likely have to try different ssh keys maybe.
It does reset like openwrt (192.168.1.1) with port 80 open for a FW update or maybe others do the same.
I don't know, thought I'd give it a try as it might help with the overall system.
Unfortunately, If it is using public key authentication you have basically zero chance of logging in without knowing the key.
You would need an alternate access exploit to open up ssh first and for an unknown device like this that would seem unlikely, unless you crack it open and what’s inside is actually a more common device.
To move forward you are going to need to open it and connect via serial.
I took it apart. There are three holes/pads but no pins. Not worth the time, too much to figure out.
Only two pads have connections and I can't recall if two is enough for a serial connection.
Since the device is almost certainly not running an official OpenWrt build, it is technically out of scope for this forum. You may want to find other identifiers for the device and search the web more broadly to get help with that unit.
EDIT: Actually, if this is the correct device, it may be supported by OpenWrt. There isn't much info about it, but maybe you can flash OpenWrt official onto it. To do so, though, you'd have to erase everything on the unit.
uboot> help
help
? - alias for 'help'
bootm - boot application image from memory
cp - memory copy
dhcpd - invoke DHCP server to obtain IP/boot params
erase - erase FLASH memory
erase_gs - erase FLASH support 4_byte mode.
help - print embedded help
httpd - start www server for firmware recovery
md - memory display
mm - memory modify (auto-incrementing)
mtest - simple RAM test
mw - memory write (fill)
nm - memory modify (constant address)
ping - send ICMP ECHO_REQUEST to network host
printenv - print environment variables
printmac - print MAC address(es) stored in flash
printmodel - print router model stored in flash
reset - perform RESET of the CPU
setenv - set environment variables
setmac - save new MAC address in flash
startnc - start net console
startsc - start serial console
tftpboot - boot image via network using TFTP protocol
version - print U-Boot version
write_gs - write FLASH support 4_byte mode.
uboot>
Guess I need to go find some documentation on what to do now. I'd like to get it back to port ssh 22 but need to get into the OS. I think I'm in some boot environment.
I hit enter as it started booting and got into the boot tool
I don't want to overwrite the image. I want to re-gain access to the existing openwrt os now.
uboot> version
version
U-Boot 1.1.4 (Jul 27 2017)
Guess I just need to dig up some info on this then. Not sure how I'll get to edit the openwrt stuff but I'll need to change the ssh to something normal and set a root password.
Just as an FYI, the firmware on there is ancient (OpenWrt ChaosCalmer 15.05) and has a significant number of security vulnerabilities that are obviously not patched. That device should not be used on the internet at all, and it should probably not be used at all unless it is absolutely guaranteed that only trusted people/systems could gain access.
Why do you want/need to keep the existing firmware and settings on there?
It's only going into the garbage once I am done with it, not on the Internet.
The company that was supporting our systems is leaving us hanging and to fend for ourselves. The components they sold us are no longer available since the company went into bankruptcy.
Since they left us with all the equipment, I figure I'm justified to do what ever we want since we paid for everything. Therefore, I'm trying to figure out how this thing polled the solar system to see if I can continue supporting our systems.
I don't have to share all kinds of personal info about the companies involved, I'm just trying to use open source tools to learn for myself.
I was sure I've read that once you're able to get to the boot level, you can do other things to get back into the existing openwrt OS. I'm looking on the net for old posts, etc.
Oh, I'm not questioning your justification. I'm just asking why you don't want to update it to a newer version that would be more secure.
This is kind of what I was asking... this answers why you might need to keep the existing system intact. That said, it may or may not be clear how it works with your solar system.
I wasn't asking about personal info or companies involved. No, you don't have to tell us about that.
Cool. Honestly the best way to do this would be to use a normal router with OpenWrt (a current version without customization), or really any linux based system. This way you can learn about these systems without the extra hurdles that may have been put in place by the company who provided the device you're working with. OTOH, this does present a fun little challenge to get through those obstacles.
I actually want to get into it so I can look at what ever scripts were used etc to poll the systems for details. That's what will give me the leads I need to find a way to monitor our own systems.
The systems are PLC based and this device was inserted inside of another larger device to capture that data. That's what I'm digging for.