xorl %eax, %eax

Broadcom BCM96338 ADSL2+ USB Bridge/Router

with 5 comments

I found this device today from a host in Croatia. Here its nice little telnet service banner:


It was set on its default username/password which are admin/admin. And after logging in you are prompt with this nice little menu:


However, it isn’t that hard to imagine that this device probably runs some custom BusyBox and as you can see here:


Now… let’s get some general information of that device…


You can run some nice shell scripts on this device, or install some sniffer etc. but all these have no meaning since we’re dealing with a (probably) home ADSL router. Although, this nice BusyBox installation had netfilter/iptables installed which makes it a nice playground for a couple of minutes :-)


Anyway, it also has a pretty funny goodbye message which you can see here:


What a nice application :-P


Written by xorl

April 17, 2009 at 04:19

Posted in network devices

5 Responses

Subscribe to comments with RSS.

  1. Thats an ADSL modem you have connected to…

    Theres a more simple way to get this info. Just log on port 80… ;)

    Harshad Joshi

    April 17, 2009 at 04:22

  2. Yeah nice,
    I found douzens similar devices in the ip range of “Paltel” , an Israelien ISP


    August 26, 2009 at 15:13

  3. hi, what about if password of this device is not the default, is there a way to sniff password?



    October 21, 2010 at 07:34

  4. @Carl: I don’t know about any BCM96338 specific bug to sniff passwords but there might be.
    Here I was just talking about insecurely configured devices that were left with their default admin password. :)


    October 21, 2010 at 11:34

  5. Actually it is ISP’s fault. AFAIK this a Sagem F@st router (I have one with a shell like that), and by default they allow external HTTP, FTP and TELNET connections from WAN, which is really unsafe for customers that don’t understand too much about computers

    Actually it’s an interesting device, with 16 megabytes of RAM and 4 megabytes of Flash, enough to store a small website, a VPN, or something like that

    Marcos Vives

    December 9, 2011 at 11:02

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s