General NAS-Central Forums

Welcome to the NAS community
It is currently Thu Sep 21, 2017 5:28 pm

All times are UTC




Post new topic Reply to topic  [ 34 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
PostPosted: Thu Jul 15, 2010 8:46 am 
Offline

Joined: Sun May 02, 2010 5:16 am
Posts: 26
olivm wrote:
Add "noatime" to your mounted points, so that disks won't store the access times.
Code:
mount | grep -E '(/dev/sda|unionfs)' | awk '{print $3;}' > /var/run/mounts
tac /var/run/mounts | while read d ;do mount $d -o remount,noatime ; done

Also, you can change the /etc/cron.d/logrotate file to make it run when you want
Code:
0 0 */2 * * root /usr/sbin/logrotate /etc/logrotate.tab


BTW, see the media server topic to see how to change its configuration, to avoid making it scan files.


This seems to work on my NS2 1.2.5, thanks!


Top
 Profile  
 
PostPosted: Thu Jul 15, 2010 9:00 am 
Offline

Joined: Sat Jul 10, 2010 1:18 pm
Posts: 4
assetman wrote:
olivm wrote:
Add "noatime" to your mounted points, so that disks won't store the access times.
Code:
mount | grep -E '(/dev/sda|unionfs)' | awk '{print $3;}' > /var/run/mounts
tac /var/run/mounts | while read d ;do mount $d -o remount,noatime ; done

Also, you can change the /etc/cron.d/logrotate file to make it run when you want
Code:
0 0 */2 * * root /usr/sbin/logrotate /etc/logrotate.tab


BTW, see the media server topic to see how to change its configuration, to avoid making it scan files.


This seems to work on my NS2 1.2.5, thanks!


how do you get the ssh.php work? it gives by me an 404 error


Top
 Profile  
 
PostPosted: Thu Jul 15, 2010 1:46 pm 
Offline

Joined: Sun May 02, 2010 5:16 am
Posts: 26
ricardo777 wrote:
assetman wrote:
olivm wrote:
Add "noatime" to your mounted points, so that disks won't store the access times.
Code:
mount | grep -E '(/dev/sda|unionfs)' | awk '{print $3;}' > /var/run/mounts
tac /var/run/mounts | while read d ;do mount $d -o remount,noatime ; done

Also, you can change the /etc/cron.d/logrotate file to make it run when you want
Code:
0 0 */2 * * root /usr/sbin/logrotate /etc/logrotate.tab


BTW, see the media server topic to see how to change its configuration, to avoid making it scan files.


This seems to work on my NS2 1.2.5, thanks!


how do you get the ssh.php work? it gives by me an 404 error


Double check the address you are using in www-browser. Then make sure your text editor didn't force .txt-prefix to the filename (i.e "ssh.php.txt").


Top
 Profile  
 
PostPosted: Thu Jul 15, 2010 2:09 pm 
Offline

Joined: Sat Jul 10, 2010 1:18 pm
Posts: 4
assetman wrote:
ricardo777 wrote:
assetman wrote:
olivm wrote:
Add "noatime" to your mounted points, so that disks won't store the access times.
Code:
mount | grep -E '(/dev/sda|unionfs)' | awk '{print $3;}' > /var/run/mounts
tac /var/run/mounts | while read d ;do mount $d -o remount,noatime ; done

Also, you can change the /etc/cron.d/logrotate file to make it run when you want
Code:
0 0 */2 * * root /usr/sbin/logrotate /etc/logrotate.tab


BTW, see the media server topic to see how to change its configuration, to avoid making it scan files.


This seems to work on my NS2 1.2.5, thanks!


how do you get the ssh.php work? it gives by me an 404 error


Double check the address you are using in www-browser. Then make sure your text editor didn't force .txt-prefix to the filename (i.e "ssh.php.txt").


I have checked it but the adress and filename is ssh.php

the adress is http://networkspace2/webdav/OpenShare/ssh.php is that correct?

and you used it on 1.0.2 or the 1.2.5 version?


Top
 Profile  
 
PostPosted: Thu Jul 15, 2010 2:58 pm 
Offline

Joined: Sun May 02, 2010 5:16 am
Posts: 26
Try using the actual IP-address for example http://100.0.0.10/webdav/OpenShare/anyexistingfilename.


Top
 Profile  
 
PostPosted: Thu Jul 15, 2010 3:17 pm 
Offline

Joined: Sat Jul 10, 2010 1:18 pm
Posts: 4
That doesn't work also, even if i try only the webdav/OpenShare folder is don´t work.

Do I need to activate a service for it or...


Top
 Profile  
 
PostPosted: Thu Jul 15, 2010 5:18 pm 
Offline

Joined: Sun May 02, 2010 5:16 am
Posts: 26
You don't need a service for that. Does the www-dashboard work? Try resetting the device to factory defaults (it won't remove any data).


Top
 Profile  
 
PostPosted: Sat Sep 04, 2010 10:19 am 
Offline

Joined: Sat Sep 04, 2010 9:59 am
Posts: 2
Hi, same problem here: "404 - Not Found" after http://192.168.1.203/webdav/OpenShare/ssh.php

Firmware is 1.2.5, but once I upgraded to the recent 1.2.6, before I reset back to Factory, so the actual firmware is original 1.2.5

Do you still think is there a way to get ssh shell without dissasembling? How can affect a firmaware update on hacked systems?

Other thing I noticed was that when system was running on 1.2.6, I couldn't get any nmap output, with 1.2.5. back again nmap gives all open ports.

Any help would be very much appreciated,
Jaume.


Top
 Profile  
 
PostPosted: Mon Sep 06, 2010 3:23 pm 
Offline

Joined: Sat Sep 04, 2010 9:59 am
Posts: 2
:roll: no way without disassembling?


Top
 Profile  
 
PostPosted: Mon Sep 06, 2010 5:15 pm 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
Possibly not. There was one known way, but it's patched in later firmware, as Lacie announced.


Top
 Profile  
 
PostPosted: Sat Oct 16, 2010 9:48 am 
Offline

Joined: Mon Oct 11, 2010 1:09 pm
Posts: 2
I have disassembled the nas, and attached it to my pc.
Now can someone tell me how to root with disassembling?

I have firmware version 1.2.6

thanks
tom


Top
 Profile  
 
PostPosted: Sat Oct 16, 2010 10:13 am 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
With usage of ssh keypairs
With changing /etc/passwd


Top
 Profile  
 
PostPosted: Sat Oct 16, 2010 10:17 am 
Offline

Joined: Mon Oct 11, 2010 1:09 pm
Posts: 2
I followed http://lacie.nas-central.org/wiki/Categ ... assembling

but when doing an nmap on the nas, no port 22 is available.
I have the feeling that the guide needs to be updated for firmware 1.2.6

mijzelf: did you manage to root a 1.2.6?


Top
 Profile  
 
PostPosted: Sat Oct 16, 2010 10:41 am 
Offline

Joined: Mon Jun 16, 2008 10:45 am
Posts: 6039
Quote:
did you manage to root a 1.2.6?
No, I don't have a NS2.

Can you upload a partition dump of sda8 somewhere?
Code:
dd if=/mountpoint/of/sda8 | gzip -9 >sda8.gz
This will be about 100MB.


Top
 Profile  
 
PostPosted: Sat Oct 16, 2010 12:40 pm 
Offline

Joined: Tue Oct 05, 2010 8:01 pm
Posts: 23
When you buy a NS2 and it has firmware version 1.0.2 then you can use this backdoor.
(there where some 1.2.5 which also had this backdoor but newer ones don't)

The firmwares 1.2.5 and 1.2.6 on the Lacie site don't have this backdoor anymore, read this topic http://forum.nas-central.org/viewtopic.php?p=5880#p5880
When you have updated your NS2 with one of these firmwares you have to open up your NS2 and connect your HDD to
another Linux system to edit some files to get root access.

When connected to another system mount sda9 from your Lacie HDD and go to /etc/initng/runlevel and edit the file default.runlevel
simply remove the # before sshd
Go to /etc and add the following line to your passwd file
new_root:$1$FfIsQ/hk$2ZB88Rs/Ebiz9OwXxLi7j1:0:0:root:/home:/bin/sh

Build your HDD back on your NAS and make a connection, user new_root with password new_root should have
root access now.
But keep in mind that every change you make on a user in the Lacie dashboard (add user/change password) will
remove your added line from passwd and you loose root access

Removing your HDD isn't very difficult and if you do it with care nobody will notice :mrgreen:

Image

Grtzz Mark


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 34 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group