Network Space 2 firmware 1.2.5, what's new, SSH access?

[assetman]

Add "noatime" to your mounted points, so that disks won't store the access times.

Code: Select all

mount | grep -E '(/dev/sda|unionfs)' | awk '{print $3;}' > /var/run/mounts
tac /var/run/mounts | while read d ;do mount $d -o remount,noatime ; done

Also, you can change the /etc/cron.d/logrotate file to make it run when you want

Code: Select all

0 0 */2 * * root /usr/sbin/logrotate /etc/logrotate.tab

BTW, see the media server topic to see how to change its configuration, to avoid making it scan files.

This seems to work on my NS2 1.2.5, thanks!

[ricardo777]

Add "noatime" to your mounted points, so that disks won't store the access times.

Code: Select all

mount | grep -E '(/dev/sda|unionfs)' | awk '{print $3;}' > /var/run/mounts
tac /var/run/mounts | while read d ;do mount $d -o remount,noatime ; done

Also, you can change the /etc/cron.d/logrotate file to make it run when you want

Code: Select all

0 0 */2 * * root /usr/sbin/logrotate /etc/logrotate.tab

BTW, see the media server topic to see how to change its configuration, to avoid making it scan files.

This seems to work on my NS2 1.2.5, thanks!

how do you get the ssh.php work? it gives by me an 404 error

[assetman]

Add "noatime" to your mounted points, so that disks won't store the access times.

Code: Select all

mount | grep -E '(/dev/sda|unionfs)' | awk '{print $3;}' > /var/run/mounts
tac /var/run/mounts | while read d ;do mount $d -o remount,noatime ; done

Also, you can change the /etc/cron.d/logrotate file to make it run when you want

Code: Select all

0 0 */2 * * root /usr/sbin/logrotate /etc/logrotate.tab

BTW, see the media server topic to see how to change its configuration, to avoid making it scan files.

This seems to work on my NS2 1.2.5, thanks!

how do you get the ssh.php work? it gives by me an 404 error

Double check the address you are using in www-browser. Then make sure your text editor didn't force .txt-prefix to the filename (i.e "ssh.php.txt").

[ricardo777]

Add "noatime" to your mounted points, so that disks won't store the access times.

Code: Select all

mount | grep -E '(/dev/sda|unionfs)' | awk '{print $3;}' > /var/run/mounts
tac /var/run/mounts | while read d ;do mount $d -o remount,noatime ; done

Also, you can change the /etc/cron.d/logrotate file to make it run when you want

Code: Select all

0 0 */2 * * root /usr/sbin/logrotate /etc/logrotate.tab

BTW, see the media server topic to see how to change its configuration, to avoid making it scan files.

This seems to work on my NS2 1.2.5, thanks!

how do you get the ssh.php work? it gives by me an 404 error

Double check the address you are using in www-browser. Then make sure your text editor didn't force .txt-prefix to the filename (i.e "ssh.php.txt").

I have checked it but the adress and filename is ssh.php

the adress is http://networkspace2/webdav/OpenShare/ssh.php is that correct?

and you used it on 1.0.2 or the 1.2.5 version?

[assetman]

Try using the actual IP-address for example http://100.0.0.10/webdav/OpenShare/anyexistingfilename.

[ricardo777]

That doesn't work also, even if i try only the webdav/OpenShare folder is don´t work.

Do I need to activate a service for it or...

[assetman]

You don't need a service for that. Does the www-dashboard work? Try resetting the device to factory defaults (it won't remove any data).

[obrador]

Hi, same problem here: "404 - Not Found" after http://192.168.1.203/webdav/OpenShare/ssh.php

Firmware is 1.2.5, but once I upgraded to the recent 1.2.6, before I reset back to Factory, so the actual firmware is original 1.2.5

Do you still think is there a way to get ssh shell without dissasembling? How can affect a firmaware update on hacked systems?

Other thing I noticed was that when system was running on 1.2.6, I couldn't get any nmap output, with 1.2.5. back again nmap gives all open ports.

Any help would be very much appreciated,
Jaume.

[obrador]

no way without disassembling?

[Mijzelf]

Possibly not. There was one known way, but it's patched in later firmware, as Lacie announced.

[betz]

I have disassembled the nas, and attached it to my pc.
Now can someone tell me how to root with disassembling?

I have firmware version 1.2.6

thanks
tom

[Mijzelf]

With usage of ssh keypairs
With changing /etc/passwd

[betz]

I followed http://lacie.nas-central.org/wiki/Categ ... assembling

but when doing an nmap on the nas, no port 22 is available.
I have the feeling that the guide needs to be updated for firmware 1.2.6

mijzelf: did you manage to root a 1.2.6?

[Mijzelf]

did you manage to root a 1.2.6?

No, I don't have a NS2.

Can you upload a partition dump of sda8 somewhere?

Code: Select all

dd if=/mountpoint/of/sda8 | gzip -9 >sda8.gz

This will be about 100MB.

[MarkV]

When you buy a NS2 and it has firmware version 1.0.2 then you can use this backdoor.
(there where some 1.2.5 which also had this backdoor but newer ones don't)

The firmwares 1.2.5 and 1.2.6 on the Lacie site don't have this backdoor anymore, read this topic viewtopic.php?p=5880#p5880
When you have updated your NS2 with one of these firmwares you have to open up your NS2 and connect your HDD to
another Linux system to edit some files to get root access.

When connected to another system mount sda9 from your Lacie HDD and go to /etc/initng/runlevel and edit the file default.runlevel
simply remove the # before sshd
Go to /etc and add the following line to your passwd file
new_root:$1$FfIsQ/hk$2ZB88Rs/Ebiz9OwXxLi7j1:0:0:root:/home:/bin/sh

Build your HDD back on your NAS and make a connection, user new_root with password new_root should have
root access now.
But keep in mind that every change you make on a user in the Lacie dashboard (add user/change password) will
remove your added line from passwd and you loose root access

Removing your HDD isn't very difficult and if you do it with care nobody will notice



Grtzz Mark