Hello there,
I've got an ancient Draytek Vigor 2500 here - well... ancient... its current firmware was built in 2004... - and I'd like to get OpenWRT installed on it, or at least, I'd like to be able to SSH into it and get a decent shell.
I've got some information on it:
- what nmap thinks:
MAC Address: 00:50:7F:19:38:46 (DrayTek)
Device type: broadband router|general purpose
Running (JUST GUESSING) : D-Link embedded (88%), Draytek embedded (88%), Linux 1.X (85%)
Aggressive OS guesses: D-Link DI-804 Cable/DSL Residential Gateway (88%), Draytek Vigor 2200e DSL router v2.1a (88%), Linux 1.3.20 (x86) (85%)
No exact OS matches for host (test conditions non-ideal).
Earlier, in a dump, I saw the following as a part of the TCP fingerprint dump from nmap:
SInfo(V=4.11%P=i686-pc-linux-gnu%D=1/18%Tm=479112BF%O=1723%C=-1%M=00507F)
That's a pretty clear indication of this thing running Linux, isn't it
- I can log in to the web interface, without the source I can only guess my way in;
- I can log in to the telnet interface, it barely works and is very annoying, some kind of proprietary shell (don't they need to release source code because of GPL?);
- I can log in to the FTP interface, there's a .cfg and an .all file, `file` doesn't know what to do with both of them but `strings` prints some interesting information on the '.all' file:
ShowtimeInit() on Entry.c '
DMT PwrDown Switch
SERIOUS ERROR, OS NOT STOPM"
`strings` gives nonsense output for the '.cfg', mostly a lot of y's and ]'s.
I've opened the box up and took some pictures of it. They are available at http://images.dazjorz.com/draytek. They aren't all very clear, but if you need anything else - "what's written on..." - just let me know.
Hopefully we'll be able to hack this thing.
(Last edited by dazjorz on 18 Jan 2008, 23:32)