Gaining root shell access on Nighthawk M1 MR1100

Topics for Netgear Nighthawks MRxxxx Series Hotspots
Post Reply
michaeljcallahan
Posts: 1
Joined: Mon Aug 30, 2021 7:05 pm
Has thanked: 0
Been thanked: 2 times

Gaining root shell access on Nighthawk M1 MR1100

Post by michaeljcallahan »

Hello everyone!

Using a slide deck from a DefCon talk I was able to get root access to the MR1100. I wrote a guide on it and thought I would share with yall. Thanks!

https://medium.com/@michael_58691/gaini ... 69525d67d1
These users thanked the author michaeljcallahan for the post (total 2):
Earl_the_Pearl (Sun Sep 12, 2021 3:09 am) • zigozo (Fri Dec 08, 2023 8:34 pm)
Top
User avatar
Didneywhorl
Posts: 3658
Joined: Fri Mar 23, 2018 5:37 pm
Location: USA
Has thanked: 1376 times
Been thanked: 769 times
Contact:
Contact Didneywhorl

Re: Gaining root shell access on Nighthawk M1 MR1100

Post by Didneywhorl »

Welcome!

Awesome! This is what the hacks forum is about.

Thank you
Top
User avatar
Rich Hathaway
Posts: 661
Joined: Mon Mar 08, 2021 2:41 pm
Has thanked: 13 times
Been thanked: 251 times

Re: Gaining root shell access on Nighthawk M1 MR1100

Post by Rich Hathaway »

@ michaeljcallahan
There is a much easier way to get root on these devices, you do not need to reload the firmware and go thru all of that,
just use the challenge response generator that is on the web and either unlock the MEP or use the openlock command/query and then change the advance command password by AT!SETCND="[pwd]" you can make pwd anything you wish, then enable telnet on port 23
by
AT!TELEN=1
AT!CUSTOM="RDENABLE", 1
AT!CUSTOM="TELNETENABLE", 1

now telnet should be available on MR1100 via 192.168.1.1:23, you can do this in about a min or 2
These users thanked the author Rich Hathaway for the post:
Didneywhorl (Sat Sep 04, 2021 10:03 am)
Top
JonaP
Posts: 1
Joined: Wed Nov 03, 2021 8:57 pm
Has thanked: 0
Been thanked: 0

Re: Gaining root shell access on Nighthawk M1 MR1100

Post by JonaP »

I have tried entering AT!TELEN=1 on my AC797S but it is not recognizing that command, what could be the possible command as alternate for that model? Thanks
Top
Mjustiz
Posts: 1
Joined: Thu Nov 03, 2022 2:18 pm
Has thanked: 0
Been thanked: 0

Re: Gaining root shell access on Nighthawk M1 MR1100

Post by Mjustiz »

Hello would this enable you to make ipv6 work through the lan port?
Top
w1lliam
Posts: 33
Joined: Tue Jul 12, 2022 7:26 pm
Has thanked: 7 times
Been thanked: 11 times

Re: Gaining root shell access on Nighthawk M1 MR1100

Post by w1lliam »

JonaP wrote: Wed Nov 03, 2021 9:00 pm I have tried entering AT!TELEN=1 on my AC797S but it is not recognizing that command, what could be the possible command as alternate for that model? Thanks
you can try with a tool, mrCONFIG, it will do the job if that is supported.

https://tinyurl.com/mrCONFIGTools
Top
Post Reply

Return to “Nighthawks MR1100 - MR5200 (M1...M5...)”