Difference between revisions of "Category:2big Network"
(→Persistence of user privileges) |
(→Persistence of user privileges) |
||
Line 299: | Line 299: | ||
The /bin/false is our problem! To remedy the situation I created a service for initng called personal, which allows you to restore the privileges of an account: | The /bin/false is our problem! To remedy the situation I created a service for initng called personal, which allows you to restore the privileges of an account: | ||
− | #! / | + | #!/sbin/itype |
# | # | ||
# Change the line user = "user" instead of inserting a 'user' user name you created | # Change the line user = "user" instead of inserting a 'user' user name you created | ||
Line 334: | Line 334: | ||
To start automatically at boot script to copy the file nas personal.i in the folder /etc/initng/ and run: | To start automatically at boot script to copy the file nas personal.i in the folder /etc/initng/ and run: | ||
− | # | + | # cd /etc/initng/runlevels/ |
# echo personal >> default.runlevel | # echo personal >> default.runlevel | ||
Revision as of 19:18, 11 January 2012
This article is currently a stub. You can help this Wiki by expanding it . This template will categorize articles that include it into Category:Stubs. |
2big Network | |
CPU | 400 MHz Marvell Orion 88F6182 |
RAM | 64 MB DDR2 |
Flash ROM | 512 KB |
Other | |
NIC | |
USB | 2 Ports |
internal HDD | 2 * Hitachi DeskStar HDP725050GLA360 |
IDE Controller | |
Drive Capacity | 2 * 512/768/1024 MB |
Fan | no fan, thermally-controlled blower |
Contents
- 1 Steppenwolf's Hacking HOWTO
- 1.1 General Information
- 1.2 Hacking
- 1.3 Hacking through the creation of a new share
- 1.4 Binaries compiled for ARM architecture, and configuration files for pam and initng
- 1.5 Add telnet to NAS
- 1.6 Installing OpenSSH
- 1.7 Persistence of user privileges
- 1.8 Problems with passwd and up and customizing of the bash promtp
- 1.9 Installing NTP
- 1.10 Installing CUPS (print server)
- 1.11 Restoration
- 1.12 Links
- 1.13 Speculations
- 1.14 Thanks
- 2 Reviews
- 3 Links
- 4 Internal Images
Steppenwolf's Hacking HOWTO
Steppenwolf has an excellent HOWTO on his blog. It is in Italian unfortunately but Google Translate does a great job.
What will follow now is a copy of his Google Translated blog post to preserve it should it ever be taken offline and to provide the NAS-Central users with as much info as possible.
This definately needs to be reviewed and gramatically corrected!
General Information
The goal of this post is to add a shell ssh daemon ntpd to your nas, but before doing so it is good to understand a little machine with which we deal. The LaCie 2big Network nas taken as reference and on which was performed this procedure has the official firmware, distributed by LaCie , updated to version 2.2.3.
# cat /proc/cpuinfo Processor: ARM926EJ-S rev 0 (v5l) BogoMIPS: 266.24 Features: swp half thumb fastmult EDSP CPU Implementer: 0x41 CPU architecture: 5TEJ CPU variant: 0x0 CPU part: 0x926 CPU revision: 0 Cache type: write-back Cache clean: CP15 c7 ops Cache lockdown: format C Cache format: Harvard The size: 32768 I assoc: 1 The line length: 32 The sets: 1024 D size: 32768 D assoc: 1 D line length: 32 D sets: 1024 Hardware: Feroceon Revision: 0000 Serial: 0000000000000000
# cat /proc/version Linux version 2.6.22.7 (root @ grp-dash) (gcc version 4.2.1) # 1 Fri 9 April 2009 16:07:45 EDT
# free total used free shared buffers Mem: 61952 60184 1768 7384 0 Swap: 128 376 60 184 0 128 376 Total: 190328 130144
# df-h Filesystem Size Used Available Use% Mounted on rootfs 648.4M 20.2M 595.3M 3% / 648.4M 20.2M 595.3M 3% udev / dev / Dev/md0 7.5M 5.9m 1.2M 83% / oldroot udev 10.0M 0 10.0M 0% / oldroot / dev udev 10.0M 0 10.0M 0% / oldroot / dev ninth 30.3M 30.3M 0% 0 / oldroot / dev / shm / Dev/md1 167.0M 111.3M 47.1M 70% / oldroot / var / original / Dev/md2 648.4M 20.2M 595.3M 3% / oldroot / snapshots unionfs 648.4M 20.2M 595.3M 3% / / 1.2M 930.4G 930.4G dev/md4 0% / home
# cat /proc/partitions major minor # blocks name 8 0 976762584 sda 8 1 1 sda1 8 2 975755970 sda2 8 5 128457 sda5 Sda6 8 6 8001 Sda7 8 7 8001 8 8 176683 sda8 8 9 674698 sda9 8 10 8001 sda10 8 16 976762584 sdb 8 17 1 sdb1 8 18 975755970 sdb2 8 21 128457 sdb5 8 22 8001 sdb6 8 23 8001 sdb7 8 24 176683 sdb8 8 25 674698 sdb9 8 26 8001 sdb10 31 0512 mtdblock0 7936 9 0 md0 9 1 176576 md1 9 2 674624 md2 9 3 128384 md3 9 4 975755904 MD4
# cat /proc/mtd dev: size erasesize name mtd0: 00080000 00010000 "cfi_flash_0"
In short, it is a Linux operating system with a very dated (sic) kernel compiled for ARM processor architecture, 400mhz cpu, 64mb of ram (the new models have 128 MB of RAM) and bootloader uboot. From the limited information obtained from the official site seems to have been used to build the system scratcbox and starting services and daemons used initng instead of init.d The problems that arise are many: the retrieval of software already compiled for the system (unless you jump headlong into cross-compiling) compatible with the versions used by the library and the creation of nas startup script to initng. The scripts for initng found on the network must be modified slightly to make them work on the system, given that developers have not complied fully with the specifications initng to include all the *. script in the folder /etc/initng/ without performing the division in subfolders (daemon for demons, net for network services, etc..)
Hacking
Disclaimer: I do not assume any responsibility if, following the changes made, your system stops working properly. I remind you also that any software or hardware changes to the system will void the warranty by the manufacturer.
Access to the system is crucial to add to our nas a bash script that executes commands at will (webshell) or, preferably, an ad hoc script to start the telnet service and have a root console remote. There are several ways to "pierce" your nas, in fact, depending on the services started on the machine the safety of this object is far down the drain. A very simple way to access the system without physically removing disks is to create a new share with a particular path. (See below) You will have access to the entire system with administrator privileges since the webserver has the nas as root.
2Big Network Web Browser Hacked
The counterpart of this hack is that the machine is rebooted, the share created by the system is changed (security mechanism?) And redirected into your root share, forcing them to have to re-apply the 'patch' whenever you feel the need to access the your Linux system. Even the removal of the new share is to be performed with extreme care. My suggestion is to remove this share once it has nas were uploaded on the telnet daemon and its startup files (see below).
Create a new share on your NAS called "Hack". The path of the share is not important what is important is that you enable at least sharing http. Save the xml configuration of your NAS disk (System-> Maintenance-> Save Configuration) Make a backup copy of the file you just saved (Fatelo! you will need it later to put things in order). Edit the file downloaded xml configuration changing the path of sharing "Hack" as shown:
edconf.xml
Keep in mind the lines of the code of your xml files can be different than shown above, in relation to the number of shares of your car, by users and groups.
Save your changes and upload the new configuration on the NAS (System-> Maintenance-> Download the configuration) Use your browser and access the administration page of nas and click Browse to navigate to the new share on the web.
The magic is performed by line ../../../../ which requires the system to create a new share from the root. If you try to unshare "hacks" do harm to your system, it also will remove together with shared files in it (so the operating system of the NAS). A painless way to make the removal of the load sharing is the backup configuration previously done nas (edconf.xml) and only after unshare 'hack' normally through the web interface.
Once you have access to the filesystem, for more with root rights (!), You can upload all the files you want.
Binaries compiled for ARM architecture, and configuration files for pam and initng
From here on, you will need this file:
>> LaCie_2Big_Network_ [TELNET] [NTP] [SSH] [CUPS]. zip (6.79 Mb)
containing all the binaries and libraries, compiled for the ARM architecture, you need to install on your nas demons Telnet, NTP, OpenSSH and Cups. The archive contains the following files:
- cups-1.3.8-r1.tbz2 (1.89 Mb), containing all files of the print service. is included in the archive library also libpaper ( libpaper-1.1.23.tbz2 ) required by the cups and not found in nas.
- cups-1.3.8-r1_(driver).tbz2 (3.74Mb), containing all ppd in the deployment of ubuntu 9.10. This file, of course, is not on the website where I recovered the compiled binaries for the nas.
- cups-1.3.8-r1_(language).tbz2 (419KB), containing the translation in all major languages, including Italian, html pages cups. This file is not on the website where I recovered the compiled binaries for the nas.
- ntp-4.2.4_p4.tbz2 (247KB), containing the binaries and configuration files for the NTP daemon
- openssh-4.7_p1-r6.tbz2 (490Kb), containing the binaries and configuration files for the ssh daemon. The archive also contains the libraries tcp-wrappers ( tcp-wrappers-7.6-r8.tbz2 ) required by the daemon is not present in nas.
- usbutils-0.73.tbz2 (86.2 Mb). This file is not necessary to install nas it is required to run cups, however, can help by installing the executable lsusb .
- utelnetd.tbz2 (5.7Kb), containing the demon utelnetd and a file to run (see next paragraph for more info)
The original files I have recovered from the site:
where there are many pre-compiled packages for the buffalo nas. Except that these packages are designed for a system that uses no inet.de initng, so I had to create my hand the scrip to start sshd, ntpd and cups (respectively /etc/initng/sshd.i , /etc/initng/ntpd.i and /etc/initng/cups.i ). I can assure you that it was not a pretty sight: the documentation is somewhat lacking and on the official forum of the project initng is overwhelmed by spam. (How I love spammers : Evil: )
I wanted to leave separate packages, avoiding to make a single archive, so that you have the greatest choice of what to install. From the files I removed the man page and docs.
Add telnet to NAS
The archive utelnetd.tbz2 contains two files, the telnet daemon and a file to launch it and configure the bash on your system. Copy the two files in the folder /www/cgi-bin/public/ previously created through the sharing. Here is the contents of the file telnet.cgi:
# / Bin / sh echo "Content-type: text / plain" echo ""
# Settings for root bash shell HOME = '/ root' PATH = '/ usr / local / bin: / bin: / sbin: / usr / bin: / usr / sbin:.:' TERM = linux
PS1 = '\ u @ \ h: \ w #' PS2 = '>' PS3 = '>' PS4 = '+' export PS1 PS2 PS3 PS4 PATH HOME TERM
Run # telnet daemon utelnetd echo-l / bin / bash utelnetd eval-l / bin / bash
You can launch your telnet daemon from a web browser at:
http://<your.nas.ip>/cgi-bin/public/telnet.cgi
If the page is white and not worry infinite load, run telnet client can also list your address of nas and enjoy your root console without login. (Hooray safety!) Once you have a console at all the effects you can even think about making a step forward with installing openssh security.
Installing OpenSSH
Copy the file openssh-4.7_p1-r6[modificato].tbz2 in your shared folder on the NAS. From the console, telnet performed:
# Cd / home / share / nome_cartella_della_vostra_condivisione # Tar openssh-4.7_p1-xvjf r6.tbz2-C / # Rm openssh-4.7_p1-r6.tbz2 # Cd / etc / initng / runlevels / # Echo sshd>> default.runlevel # Touch / var / log / lastlog
At first startup after installation of ssh nas will, for once, the slower, the cause is the automatic creation of files:
ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub
required for the operation of the ssh daemon itself (folder /etc/ssh/ ).
Here is the configuration file ( sshd.i ), included in the archive for initng for the sshd daemon:
#! / Sbin / iType # NAME: OpenSSH # DESCRIPTION: The standard Linux SSH servers # WWW: http://www.openssh.com/ service sshd / {generate_keys env KEYGEN = / usr / bin / ssh-keygen; RSA1_KEY env = / etc / ssh / ssh_host_key; RSA_KEY env = / etc / ssh / ssh_host_rsa_key; DSA_KEY env = / etc / ssh / ssh_host_dsa_key; script start = { [! -S $ {RSA1_KEY}] & & \ {} $ KEYGEN-q-t-f $ {rsa1 RSA1_KEY}-C-N2> & 1 if [! -S $ {RSA_KEY}], then {} $ KEYGEN-q-t rsa-f $ {} RSA_KEY-C-N2> & 1 chmod 600 $ {} RSA_KEY chmod 644 $ {} RSA_KEY. pubs fi if [! -S $ {DSA_KEY}], then {} $ KEYGEN-q-t dsa-f $ {} DSA_KEY-C-N2> & 1 chmod 600 $ {} DSA_KEY chmod 644 $ {} DSA_KEY. pubs fi } } {sshd daemon need bootmisc = virtual / net mountfs; pid_file = / var / run / sshd.pid; = need sshd / generate_keys; exec daemon = / usr / sbin / sshd-D; daemon_stops_badly; respawn; }
Another problem is the bang, even here, the file listed in the original does not work and I had to edit it by hand. Here's the new content:
#% PAM-1.0 auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so
Modify it to your discretion (file /etc/pam.d/sshd ).
Persistence of user privileges
The problems do not end there, however. At each restart of the machine the file /etc/passwd and /etc/shadow is overwritten. In particular, each new user created through the web interface of the NAS does not have the right to log into the remote console nas. Ex:
admin: x: 500:100:: / home: / bin / false
The /bin/false is our problem! To remedy the situation I created a service for initng called personal, which allows you to restore the privileges of an account:
#!/sbin/itype # # Change the line user = "user" instead of inserting a 'user' user name you created
{personal service need edconfd = / ready; last; script start = { user = "user" PASSWD = "$ user: x: 0:0:: / root: / bin / bash" if ["x` cat / etc / passwd | grep $ user `" == "x"]; then echo $ PASSWD>> / etc / passwd echo "Insert user $ user done"> & 2 else LINE = "` cat / etc / passwd | grep $ user `" if ["$ LINE"! = "$ PASSWD"]; then sed-i "s # $ {# LINE} $ {PASSWD} # g" / etc / passwd echo "User $ user restored"> & 2 fi fi exit 0 }; }
It is assumed that the user has been previously created using the web interface of nas.
The only change required is to change the string user="utente" , instead of entering the user name of the user you created. The script involves changing the privileges of the user (which will become an alter ego of the root) and the ability to remotely log into the ssh shell. The file is not present in any archive, but you can download it here:
- personal.i (first version)
- personal2.i (version for savvy)
To start automatically at boot script to copy the file nas personal.i in the folder /etc/initng/ and run:
# cd /etc/initng/runlevels/ # echo personal >> default.runlevel
Once the script has been added you can finally get rid of your telnet daemon and its startup files from the folder /www/cgi-bin/public/ . For good luck I suggest you reboot the machine and make sure everything works as you wait for us to remove the first two rows.
Problems with passwd and up and customizing of the bash promtp
When developers have completed the system of LaCie have left out, deliberately I think, something ... Login as root and run the nas (remember telnet access you have is the root):
# Vi / etc / busybox.conf
Put these lines, save the file and exit the editor
[SUID] passwd = ssx 0.0 su = ssx root.0
From the console, always with the root account, run these commands:
# Chown 0.0 / etc / busybox.conf # Chmod 600 / etc / busybox.conf # Chown 0.0 / bin / busybox # Chmod 4755 / bin / busybox
The problems of and passwd are over.
If you want the extended prompt of bash I recommend editing the file /etc/profile.bash change the line:
PS1 = '[\ u @ \ h \ W] \ $'
in
PS1 = '[\ u @ \ h \ w] \ $'
Installing NTP
Copy the file ntp-4.2.4_p4.tbz2 (247KB) in your shared folder on the NAS. From the console, with the active root privileges, run:
# Cd / home / share / nome_cartella_della_vostra_condivisione # Tar-xvjf 4.2.4_p4.tbz2 ntp-C / # Rm-r ntp-4.2.4_p4.tbz2 # Cd / etc / initng / runlevels / Ntpd # echo>> default.runlevel
This here is the configuration file, included in the archive for initng for the ntpd daemon:
#! / Sbin / iType
{ntpd daemon
NTPD_PID env = / var / run / ntpd.pid; need bootmisc = virtual / net; require_network; exec daemon = / usr / sbin / ntpd-c / etc / ntp.conf-p $ {} NTPD_PID; forks; pid_file = $ {} NTPD_PID; respawn;
}
Do not forget to properly configure your time zone. You can do it from the web page configuration "system" of your nas. Finally reboot the NAS.
Installing CUPS (print server)
Copy the file cups-1.3.8-r1.tbz2 (1.89Mb) in your shared folder on the NAS.
From the console, with the active root privileges, run:
# Cd / home / share / nome_cartella_della_vostra_condivisione # Tar-cups-1.3.8-xvjf r1.tbz2-C / # Rm-r cups-1.3.8-r1.tbz2 # Cd / etc / initng / runlevels / Cupsd # echo>> default.runlevel
Open the web interface of the NAS and click Groups and then add, and create a new group named "lpadmin" group and add the user that you created earlier to access the NAS through ssh.
# Vi / etc / sysconfig / modules
Add a line usblp , as shown and saved.
File /etc/sysconfig/modules
The last step requires the system to load automatically when the module that supports printing to USB port. Remember that the commands for editing a file with the vi editor is the "i" to insert new text, and "ESC" + ": wq" to save and exit.
Here is the configuration file, including archive, to automatically start the daemon via cups initng:
#! / Sbin / iType
# NAME: CUPS # DESCRIPTION: The Common Unix Printing System # WWW: http://www.cups.org
{daemon cupsd
= bootmisc need dbus virtual / net avahi; require_network; exec daemon = / usr / sbin / cupsd-F-f / etc / cups / cupsd.conf;
}
You must also edit the file /etc/cups/cupsd.conf to allow remote administration of the cups, or inactive. To help you carry my configuration file . For further help on how to configure the cups I refer you to the official website www.cups.org .
Even the cups I had to edit the file by hand pam. Here's the new content:
#% PAM-1.0
auth required pam_unix.so account required pam_unix.so
Modify it to your discretion (file /etc/pam.d/cups ).
Once rebooted, the cups will be running and accessible at the door of your nas 631:
https://indirizzo_nas:631
The files cups-1.3.8-r1_(driver).tbz2 and cups-1.3.8-r1_(launguage).tbz2 , are optional and contain the drivers and the translation of the web, install them or not is your choice. You can also install only the Italian language from the archive by removing cups-1.3.8-r1_(launguage).tbz2 the language folders you do not want, the same applies to the file with the drivers.
To print in raw form (pre-formatted output) must uncomment the following line from the file /etc/cups/mime.convs :
application / octet-stream application / vnd.cups-raw 0 -
Make sure also not commented the following line of the file /etc/cups/mime.types :
application / octet-stream
In linux the printer will be found at (watch at times there is no need to specify the port number):
ipp: / / indirizzo_nas: 631/printers/nome_stampante
Ex:
ipp: / / 192.168.1.100:631 / printers/ML-3050
In Windows XP click on "Add Printer" and to add a new network printer and select "printer on the Internet or on your home or business" and use the URL:
http://indirizzo_nas:631/printers/nome_stampante
Select, finally, the driver for your printer. A small clarification, the samba of NAS has not been compiled with support for the cups. ( libcups.so.2 )
Restoration
You can restore the previous state of the NAS file system changes by updating the firmware, even with the same version installed on the NAS, in my case 2.2.3, using the utility from LaCie same provision. However you can not do this if the NAS is no longer visible on the network, because the utility does not perform the upgrade process if you do not see the above nas.
Links
uboot scratcbox buildroot www.initng.org , preferably see http://gitorious.org/initng/ . Lacie NAS-Central General NAS-Central Forums
(Binaries compiled for ARM) LaCie (support page) LaCie LPG www.cups.org , Common UNIX Printing System.
Speculations
A very interesting idea that came to mind is to change the raid of nas. In particular, use external hard drives, usb docking ports, as part of the raid using raid 5, or add an external HD to use as spares in case of failure. I have not done any testing on this, mainly for lack of hd, but if someone had the same idea and my feeling is there let me know something. :-)
Upgrading the kernel (?!?)
Thanks
I thank the members of the forum "General NAS-Central Forums", which with their helpful post allowed the writing of this article and especially to pierce my nas. :-)
Reviews
Links
- http://www.linuxdevices.com/news/NS2898756158.html
- http://www.steppen-wolf.eu/blog/2009/11/18/lacie-2big-network-hack-telnet-openssh-ntpd-cups-and-more
Internal Images
This category currently contains no pages or media.