NetworkSpace: Terminal server dumps
From NAS-Central Lacie Wiki
Dumps of the LaCie NetworkSpace after adding terminal support
# cat /etc/fstab # Swap partition entry /dev/sda5 swap swap defaults 0 0 # Mount the ROOT filesystem from the hard drive /dev/sda7 / ext3 defaults,ro 1 1 # Mount the virtual proc filesystem none /proc proc defaults 0 0 #UserData /dev/sda2 /home xfs defaults,rw 1 2
# cat /etc/mtab none /sys sysfs rw 0 0 none /proc/bus/usb usbfs rw 0 0 /dev/sda2 /home xfs rw 0 0 /dev/sda9 /oldroot/snapshots ext3 rw 0 0
top gives
Mem: 12832K used, 684K free, 0K shrd, 76K buff, 912K cached Load average: 2.40, 2.46, 2.44 (State: S=sleeping R=running, W=waiting) PID USER STATUS RSS PPID %CPU %MEM COMMAND 958 root S 6288 953 33.8 46.5 twonkymediaserv 5422 root R < 328 4991 2.6 2.4 top 50 root SW 0 1 1.9 0.0 kswapd0 740 root SW 0 1 0.9 0.0 proftpd 613 root S 48 1 0.5 0.3 ifplugd 928 root S 8 1 0.5 0.0 mt-daapd 391 root SW 0 1 0.3 0.0 xfsbufd 4986 root SW< 0 1380 0.3 0.0 sshd 811 root S 56 1 0.0 0.4 atalkd 1168 root SW 0 770 0.0 0.0 smbd 759 root SW 0 1 0.0 0.0 nmbd 588 root SW 0 1 0.0 0.0 mDNSResponderPo 48 root SW 0 5 0.0 0.0 pdflush 1060 root SW< 0 1056 0.0 0.0 utelnetd 1245 root SW 0 5 0.0 0.0 pdflush 249 root SW 0 1 0.0 0.0 kjournald 4991 root SW< 0 4986 0.0 0.0 sh 389 root SW< 0 5 0.0 0.0 xfslogd/0 5218 root SW 0 770 0.0 0.0 smbd
# ps PID Uid VmSize Stat Command 1 root SW init 2 root SWN [ksoftirqd/0] 3 root SW< [events/0] 4 root SW< [khelper] 5 root SW< [kthread] 10 root SW< [kblockd/0] 13 root SW [khubd] 48 root SW [pdflush] 51 root SW< [aio/0] 50 root DW [kswapd0] 167 root SW [scsi_eh_0] 201 root SW [kjournald] 247 root SW [kjournald] 249 root SW [kjournald] 359 root SW syslogd -m 0 370 root SW klogd -c 2 389 root SW< [xfslogd/0] 390 root SW< [xfsdatad/0] 391 root SW [xfsbufd] 440 root SW [xfssyncd] 588 root SW /usr/bin/mDNSResponderPosix -b -f /etc/mDNSResponder. 599 root SW< /usr/sbin/httpd -p 80 -h /www -r LaCie LaCie Network 613 root 48 S /usr/sbin/ifplugd -i egiga0 -fwI -u10 -d0 --run=/etc/ 657 root SW /usr/bin/ipconfd 683 root SW< /sbin/udevd --daemon 740 root SW proftpd: (accepting connections) 759 root SW /usr/sbin/nmbd -D 770 root SW /usr/sbin/smbd -D 780 root SW /usr/sbin/smbd -D 811 root 4 S /usr/sbin/atalkd 886 root SW /usr/sbin/papd 903 root SW /usr/sbin/afpd -g nobody -c 50 -n SpaceNetwork 928 root 44 S /usr/sbin/mt-daapd -m -d 0 -c /etc/mt-daapd/mt-daapd. 953 root SW /usr/local/TwonkyVision/twonkymedia -inifile /usr/loc 958 root 5524 S /usr/local/TwonkyVision/twonkymediaserver -inifile /u 1004 root SW /sbin/getty 115200 ttyS0 vt100 1055 root SW< /usr/sbin/httpd -p 80 -h /www -r LaCie LaCie Network 1056 root SW< /bin/sh /www/cgi-bin/admin/webshell 1060 root SW< /home/myshare/nas/utelnetd 1168 root SW /usr/sbin/smbd -D 1245 root SW [pdflush] 1380 root SW< /usr/sbin/sshd 4986 root 284 S < sshd: new_root@ttyp0 4991 root 228 S < -sh 5218 root 40 S /usr/sbin/smbd -D 5436 root 708 R < ps
Here, the webshell and utelnetd result from the hacking.