So, the key to everything is a configuration file that can be downloaded from the router itself by the ordinary user. Basically, you should click on Administration menu option, then select User Configuration Management and in the main screen you'll have Backup Configuration button. Click on it and you'll get a file config.bin. This is a binary file with a full configuration of the router, and luckily, it is not encrypted. Now, download Python script from the Pastebin page. This script will convert binary file into a text form and you'll have access to a lot of goodies inside. :) In the following subsection I wrote some interesting stuff I managed to obtain from the given file.
The holly grail of any advanced user is, of course, command line interface. So, the question is how to do it. It used to be simple in previous models of the HT's, just do telnet, use administrator user name and that's it. In this model, you'll have to do it slightly differently:
- Telnet to the device, but use username tech. The password you'll find in the configuration file. Just search for tech username.
- Now, you'll get prompt "CLI>" in which you should type command enable. Note that you can use question mark (?) to get a list of available commands.
- After typing enable, you'll be requested to provide password. Password is zte which can also be found in configuration file. You'll spot easily, it doesn't have associated username.
- Now, type command shell . You'll be asked to provide username and password. Type root for username, and again root for password.
Now, you a presented with a greeting message from busybox as well as a prompt:
BusyBox v1.01 (2013.09.12-09:36+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
Usernames and password
You'll also find in the configuration file all the usernames and the related passwords, for DSL, VoIP, etc.