the stuff above fixes this. Have fun with your ReadyNAS and your dbox2!Hacking the ReadyNAS NV (and perhaps the other ones, too)
PART 1 - getting shell access
a.) switch off the ReadyNAS.
b.) grab any harddisk.
c.) mount the first partition on a linux computer.
d.) replace "/bin/false -> true" link with "false -> bash"
e.) unmount disk, put it back in the NAS, boot NAS.
Now you can login via ssh (user: admin).
PART 2 - local r00t
a.) "vi /frontview/bin/empty_spool"
b.) add "bash" at the end
c.) "sudo /frontview/bin/empty_spool"
d.) "useradd -u 0 -o -d /root r00t;passwd r00t"
e.) "hwencrypt /etc/passwd /etc/passwd.enc"
f.) reboot (this will reset /frontview/* with clean versions)
(background info:
The ReadyNAS will use the harddisk as root partition. It will unpack
the current software to root at the first install. You can modify the root
partition, but several files are left there as encrypted version, and will
be overwritten during boot. The encryption is using a hardware feature,
the tool used to encrypt them is "hwencrypt", which can be only used as root.
There are a couple of backdoor accounts on the ReadyNAS, including "root"
and "diag" which have valid shells. We will re-use the root account for us.
You might want to install "apt", and use this as a full debian system.)
Infrant ReadyNAS NV Hack
-
NASHacker
- Beiträge: 1
- Registriert: Donnerstag 9. November 2006, 01:35
Infrant ReadyNAS NV Hack
usually, the Infrant ReadyNAS NV does not allow login, which i think is pretty lame.