Hardware Upgrade Forum - View Single Post - Studio sul NAS NS-348s (modifica Firmware, installazione applicazioni Linux, etc..)

V3rcingetorige · 07-06-2008, 13:06

Provate a dare un'occhiatina qui:
http://tinyhack.com/2008/05/18/hacking-ncb3ast-day-1/
http://tech.groups.yahoo.com/group/FT3563-BT/

MA SOPRATUTTO QUI!:
http://www.lliures.org/2008/05/02/ft3563-bt-hacking/

"I will explain how to I have execution as root at FT3563-BT NAS. This also
work s on NS-348S NAS, and will work on the other NAS family.

Devices what seems identical or similars:

Coolmax CN-570 http://www.smallnetbuilder.com/conte.../29899/75/1/3/
NS-348S http://www.multicase.de/en/products/76/ns348s.html http://www.enclosureservice.com/
Emprex NSD-100 http://www.emprex.com/02_products_02.php?id=205
Agestar NCB3AHT http://www.agestar.com/english/products/ncb3aht.asp
http://shenztech.com/code/ui/product...AS2&subcatid=9
revoltec rs049
This family of NAS, will create three partitions:

/dev/sda1 are swap
/dev/sda2 mount at /conf and are some conf files
/dev/sda3 mount at /mnt/data are data.
To have root execution we will:

1.- Put Hard disk and format (from web interface) as XFS (fat not tested, will work also)

2.- Create a user (and share) from web interface

3.- Turn-off NAS, and connect to PC with a USB cable. You may use
Linux to have acces at conf partition.

4.- Copy netcat for arm, to this partition. You can get it at my web:
http://www.uv.es/cuan/arxius/FT3563-BT/
and mark it as executable (chmod +x netcat)

5.- Edit smb.conf, and add this line to share what you created:

root preexec = /conf/netcat -e /bin/ash -l -p 10001 2>> /mnt/data/public/err.log

6.- Connect to this share, ie (my share are sh_toni, and my user are toni):

smbclient //NAS_IP/sh_toni -U toni

When you connect, netcat at NAS wil lbe executed

7.- Connect to NAS using netcat (we use 1001 port):

nc IP_NAS 10001

Now, we are capable to execute programs, like ls, dmesg, ….
If we want access using telnet, we will add “pts/0″ to
/etc/securetty, ie, form netcat:

echo “pts/0″ >> /etc/securetty
/usr/sbin/telnetd

Now, we can login to nas using telnet, user root without password.

NOTE: As you can see if execute mount, root filesystem are in
/dev/ram0 , and any modification (execept modifications to /conf) will
be lost."

07-06-2008, 13:06	#2
V3rcingetorige Senior Member Iscritto dal: Jan 2007 Messaggi: 307	Riassunto... Provate a dare un'occhiatina qui: http://tinyhack.com/2008/05/18/hacking-ncb3ast-day-1/ http://tech.groups.yahoo.com/group/FT3563-BT/ MA SOPRATUTTO QUI!: http://www.lliures.org/2008/05/02/ft3563-bt-hacking/ "I will explain how to I have execution as root at FT3563-BT NAS. This also work s on NS-348S NAS, and will work on the other NAS family. Devices what seems identical or similars: Coolmax CN-570 http://www.smallnetbuilder.com/conte.../29899/75/1/3/ NS-348S http://www.multicase.de/en/products/76/ns348s.html http://www.enclosureservice.com/ Emprex NSD-100 http://www.emprex.com/02_products_02.php?id=205 Agestar NCB3AHT http://www.agestar.com/english/products/ncb3aht.asp http://shenztech.com/code/ui/product...AS2&subcatid=9 revoltec rs049 This family of NAS, will create three partitions: /dev/sda1 are swap /dev/sda2 mount at /conf and are some conf files /dev/sda3 mount at /mnt/data are data. To have root execution we will: 1.- Put Hard disk and format (from web interface) as XFS (fat not tested, will work also) 2.- Create a user (and share) from web interface 3.- Turn-off NAS, and connect to PC with a USB cable. You may use Linux to have acces at conf partition. 4.- Copy netcat for arm, to this partition. You can get it at my web: http://www.uv.es/cuan/arxius/FT3563-BT/ and mark it as executable (chmod +x netcat) 5.- Edit smb.conf, and add this line to share what you created: root preexec = /conf/netcat -e /bin/ash -l -p 10001 2>> /mnt/data/public/err.log 6.- Connect to this share, ie (my share are sh_toni, and my user are toni): smbclient //NAS_IP/sh_toni -U toni When you connect, netcat at NAS wil lbe executed 7.- Connect to NAS using netcat (we use 1001 port): nc IP_NAS 10001 Now, we are capable to execute programs, like ls, dmesg, …. If we want access using telnet, we will add “pts/0″ to /etc/securetty, ie, form netcat: echo “pts/0″ >> /etc/securetty /usr/sbin/telnetd Now, we can login to nas using telnet, user root without password. NOTE: As you can see if execute mount, root filesystem are in /dev/ram0 , and any modification (execept modifications to /conf) will be lost."