General NAS-Central Forums

Welcome to the NAS community
It is currently Wed Jun 28, 2017 3:41 am

All times are UTC




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Enabling ssh
PostPosted: Fri Mar 20, 2009 12:58 pm 
Offline

Joined: Fri Mar 20, 2009 12:20 pm
Posts: 2
Hi

I have a LaCie 2big Network (2x 1To with RAID1) (http://www.lacie.com/fr/products/product.htm?pid=10953) with the up to date firmware (2.0.7), but I am looking for a way to enable SSH on it, and to force SSL connection for web access, in order to secure it.

LaCie assistance has been unhelpful in guiding me, dismissing my questions.

So I took out one drive and mount it on a computer, modified some files and figured out how to start a new service. But I fail to add a new user on the system, or to simply enable remote connection.

Has somebody succeeded in adding ssh to this NAS?


Top
 Profile  
 
 Post subject: Re: Enabling ssh
PostPosted: Wed Jun 03, 2009 7:23 pm 
Offline

Joined: Mon Jun 01, 2009 11:53 am
Posts: 7
If you want to telnet your D2 you can make a look here :

http://forum.nas-central.org/viewtopic.php?f=156&t=1591

Best regards.
SuperPoney


Top
 Profile  
 
 Post subject: Re: Enabling ssh
PostPosted: Sun Jun 07, 2009 9:39 am 
Offline

Joined: Tue Mar 18, 2008 2:35 pm
Posts: 6
That is the same question I have. And I found some help on a similar (German) forum. I might translate what we ended up reasoning there...

Here it is, maybe let it run through a translation engine:
http://forum.nas-portal.org/showthread.php?t=6610

We hypothesize that CPU and OS are pretty much the same on the 2big as on the edmini V2. Thus, we do have utelnetd and also dropbear (I compiled it natively on my hacked edmimi V2). Here is the link for edmini V2 dropbear:
http://mitglied.lycos.de/jhench/dropbear/dropbear-0.52_armv5tejl.tar.gz

The question is just how to get that onto the 2big. I am currently in the process of decision whether to buy the 2big and to replace my edmini setup with this more secure option (RAID 1) versus rsync to an external USB.

My guess is that once we are able to modify the system partition from inside the system (i. e. after having access) these changes will be stored on the "update partition" of the drive. And this partition is highly likely to be RAID1, as well as the r/o base system partition.

Once we are running in RAID1, our own modifications will be stored like updates (as on the edmini V2), however on both drives simultaneously. What will be more troublesome is to get the backdoor (http shell, utelnetd and / or dropbear) on the RAID 1 in first place.

One way would be to mount both drives on another computer as RAID 1 and to then apply the change (to the future r/o partition or the update partition). Another way might be:
1. to run the 2big
2. to take out one drive while running, i.e. to simulate an HD failure
3. to shut it down in 1 drive state
4. to modify the drive that had remained in the 2big longer (make sure for correct time stamps), e.g. by connecting the drive to a linux machine to add our "backdoor"
5. to boot the 2big in 1 drive state with the modified drive
6. to now add the unmodified drive as if it was a replacement
7. to hope that the RAID 1 system will agree with our theory and will copy the changes to the new drive as it would with updates.

In theory it is enough if we can copy just one single file onto the system, i.e. the webserver shell backdoor (as described e.g. here: http://lacie.nas-central.org/wiki/SuccessStories). That is enough to copy all other files directly on the running machine in RAID 1 mode to the respective places.


Top
 Profile  
 
 Post subject: Re: Enabling ssh
PostPosted: Sun Jun 20, 2010 6:30 am 
Offline

Joined: Sun Jun 20, 2010 6:15 am
Posts: 5
It's really easy getting root axs on a 2Big Network without even opening the box. Do this AT YOUR OWN RISK:

1. Simply use the webinterface to add a new share, say 'p0wned', give this share at least http access
2. Use the webinterface to download the config as XML
3. MAKE A BACKUP OF THIS FILE
4. Change the path of the share to ../../../../
5. Upload the config file
6. Use the webinterface and go to the p0wned share and marvel at the full filesystem of the lacie

Now grab a cgi telnet hack and upload it to the public folder in cgi-bin. With root access active, you can now install all you wish by uploading files using the webinterface to your p0wned share...

DO NOT DELETE THIS SHARE USING THE WEBINTERFACE! Deleting a share will delete all its contents as well! Instead reupload the backup you made in step 3 and THEN delete the share...

Credits go to some Italian article. When I find the time, I'll grab everything together to translate and post it to the wiki and remove the stub on the Lacie 2Big Network :mrgreen:
Not too much time at the moment and I'm experimenting with a Kernel upgrade for the Lacie 2Big Network v1.

Edit: it was Steppenwolf who wrote the article on his blog, all credits to him!


Top
 Profile  
 
 Post subject: Re: Enabling ssh
PostPosted: Thu Aug 05, 2010 9:46 pm 
Offline

Joined: Mon May 17, 2010 2:55 pm
Posts: 5
While all methods posted will work, I suggest you use malc0mn's method for 2 reasons.

First it's the simplest, 2nd it won't void your warranty.

I would also add that when you upload the telnet hack and login to device for the first time run passwd to change the root password. The password will get reset after each reboot, it's a pain I know, I have a password cracker trying to bf the default pass now, it's going on it's 3rd day of running lol.

Beware the packages you upload to the system. The 2big uses a custom Busybox build, there is only rpm package maintainer and it's crippled. tar doesn't work properly and neither does bunzip2. On mine I haven't been able to locate gcc as there is no locate, find, updatedb, or whereis commands.

My lacie did however already have an ssh server built in. Though using RSA keys is broken due to the PAM module and GLIBC dependencies.

Good luck.

I think this is the link malc0mn intended to post http://babelfish.yahoo.com/translate_url?doit=done&tt=url&intl=1&fr=bf-home&trurl=http%3A%2F%2Fnerdicism.com%2F2009%2F07%2Fjailbreaking-lacie-big-ethernet-disk-look-mummy-no-skrewdrivers%2F&lp=de_en&btnTrUrl=Translate <--- Babelfish translation to English, loses alot, but you get enough to see what is going on.


Top
 Profile  
 
 Post subject: Re: Enabling ssh
PostPosted: Sun Nov 11, 2012 3:09 pm 
Offline

Joined: Wed Nov 07, 2012 6:02 pm
Posts: 4
I believe that the latest firmware for Lacie-D2, the administration options have been removed. SO this method will no longer work.

I don't understand why Lacie make it so difficult to get command-line access to their boxes. After, they have already made their money by selling it.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group