NetworkSpace: Terminal server dumps

From NAS-Central Lacie Wiki
Revision as of 12:35, 15 August 2009 by Timtim (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Dumps of the LaCie NetworkSpace after adding terminal support

# cat /etc/fstab
# Swap partition entry
/dev/sda5	swap	swap	defaults	0 0

# Mount the ROOT filesystem from the hard drive
/dev/sda7	/	ext3	defaults,ro	1 1	

# Mount the virtual proc filesystem
none	/proc	proc	defaults	0 0

#UserData
/dev/sda2	/home	xfs	defaults,rw	1 2
# cat /etc/mtab
none /sys sysfs rw 0 0
none /proc/bus/usb usbfs rw 0 0
/dev/sda2 /home xfs rw 0 0
/dev/sda9 /oldroot/snapshots ext3 rw 0 0

top gives

Mem: 12832K used, 684K free, 0K shrd, 76K buff, 912K cached
Load average: 2.40, 2.46, 2.44    (State: S=sleeping R=running, W=waiting)

  PID USER     STATUS   RSS  PPID %CPU %MEM COMMAND
  958 root     S       6288   953 33.8 46.5 twonkymediaserv
 5422 root     R <      328  4991  2.6  2.4 top
   50 root     SW         0     1  1.9  0.0 kswapd0
  740 root     SW         0     1  0.9  0.0 proftpd
  613 root     S         48     1  0.5  0.3 ifplugd
  928 root     S          8     1  0.5  0.0 mt-daapd
  391 root     SW         0     1  0.3  0.0 xfsbufd
 4986 root     SW<        0  1380  0.3  0.0 sshd
  811 root     S         56     1  0.0  0.4 atalkd
 1168 root     SW         0   770  0.0  0.0 smbd
  759 root     SW         0     1  0.0  0.0 nmbd
  588 root     SW         0     1  0.0  0.0 mDNSResponderPo
   48 root     SW         0     5  0.0  0.0 pdflush
 1060 root     SW<        0  1056  0.0  0.0 utelnetd
 1245 root     SW         0     5  0.0  0.0 pdflush
  249 root     SW         0     1  0.0  0.0 kjournald
 4991 root     SW<        0  4986  0.0  0.0 sh
  389 root     SW<        0     5  0.0  0.0 xfslogd/0
 5218 root     SW         0   770  0.0  0.0 smbd
# ps
  PID  Uid     VmSize Stat Command
    1 root            SW  init       
    2 root            SWN [ksoftirqd/0]
    3 root            SW< [events/0]
    4 root            SW< [khelper]
    5 root            SW< [kthread]
   10 root            SW< [kblockd/0]
   13 root            SW  [khubd]
   48 root            SW  [pdflush]
   51 root            SW< [aio/0]
   50 root            DW  [kswapd0]
  167 root            SW  [scsi_eh_0]
  201 root            SW  [kjournald]
  247 root            SW  [kjournald]
  249 root            SW  [kjournald]
  359 root            SW  syslogd -m 0 
  370 root            SW  klogd -c 2 
  389 root            SW< [xfslogd/0]
  390 root            SW< [xfsdatad/0]
  391 root            SW  [xfsbufd]
  440 root            SW  [xfssyncd]
  588 root            SW  /usr/bin/mDNSResponderPosix -b -f /etc/mDNSResponder.
  599 root            SW< /usr/sbin/httpd -p 80 -h /www -r LaCie LaCie Network 
  613 root         48 S   /usr/sbin/ifplugd -i egiga0 -fwI -u10 -d0 --run=/etc/
  657 root            SW  /usr/bin/ipconfd 
  683 root            SW< /sbin/udevd --daemon 
  740 root            SW  proftpd: (accepting connections)
  759 root            SW  /usr/sbin/nmbd -D 
  770 root            SW  /usr/sbin/smbd -D 
  780 root            SW  /usr/sbin/smbd -D 
  811 root          4 S   /usr/sbin/atalkd 
  886 root            SW  /usr/sbin/papd 
  903 root            SW  /usr/sbin/afpd -g nobody -c 50 -n SpaceNetwork 
  928 root         44 S   /usr/sbin/mt-daapd -m -d 0 -c /etc/mt-daapd/mt-daapd.
  953 root            SW  /usr/local/TwonkyVision/twonkymedia -inifile /usr/loc
  958 root       5524 S   /usr/local/TwonkyVision/twonkymediaserver -inifile /u
 1004 root            SW  /sbin/getty 115200 ttyS0 vt100 
 1055 root            SW< /usr/sbin/httpd -p 80 -h /www -r LaCie LaCie Network 
 1056 root            SW< /bin/sh /www/cgi-bin/admin/webshell
 1060 root            SW< /home/myshare/nas/utelnetd 
 1168 root            SW  /usr/sbin/smbd -D 
 1245 root            SW  [pdflush]
 1380 root            SW< /usr/sbin/sshd 
 4986 root        284 S < sshd: new_root@ttyp0
 4991 root        228 S < -sh 
 5218 root         40 S   /usr/sbin/smbd -D 
 5436 root        708 R < ps

Here, the webshell and utelnetd result from the hacking.