NetworkSpace: Terminal server dumps
From NAS-Central Lacie Wiki
Dumps of the LaCie NetworkSpace after adding terminal support
# cat /etc/fstab # Swap partition entry /dev/sda5 swap swap defaults 0 0 # Mount the ROOT filesystem from the hard drive /dev/sda7 / ext3 defaults,ro 1 1 # Mount the virtual proc filesystem none /proc proc defaults 0 0 #UserData /dev/sda2 /home xfs defaults,rw 1 2
# cat /etc/mtab none /sys sysfs rw 0 0 none /proc/bus/usb usbfs rw 0 0 /dev/sda2 /home xfs rw 0 0 /dev/sda9 /oldroot/snapshots ext3 rw 0 0
top gives
Mem: 12832K used, 684K free, 0K shrd, 76K buff, 912K cached Load average: 2.40, 2.46, 2.44 (State: S=sleeping R=running, W=waiting) PID USER STATUS RSS PPID %CPU %MEM COMMAND 958 root S 6288 953 33.8 46.5 twonkymediaserv 5422 root R < 328 4991 2.6 2.4 top 50 root SW 0 1 1.9 0.0 kswapd0 740 root SW 0 1 0.9 0.0 proftpd 613 root S 48 1 0.5 0.3 ifplugd 928 root S 8 1 0.5 0.0 mt-daapd 391 root SW 0 1 0.3 0.0 xfsbufd 4986 root SW< 0 1380 0.3 0.0 sshd 811 root S 56 1 0.0 0.4 atalkd 1168 root SW 0 770 0.0 0.0 smbd 759 root SW 0 1 0.0 0.0 nmbd 588 root SW 0 1 0.0 0.0 mDNSResponderPo 48 root SW 0 5 0.0 0.0 pdflush 1060 root SW< 0 1056 0.0 0.0 utelnetd 1245 root SW 0 5 0.0 0.0 pdflush 249 root SW 0 1 0.0 0.0 kjournald 4991 root SW< 0 4986 0.0 0.0 sh 389 root SW< 0 5 0.0 0.0 xfslogd/0 5218 root SW 0 770 0.0 0.0 smbd
# ps
PID Uid VmSize Stat Command
1 root SW init
2 root SWN [ksoftirqd/0]
3 root SW< [events/0]
4 root SW< [khelper]
5 root SW< [kthread]
10 root SW< [kblockd/0]
13 root SW [khubd]
48 root SW [pdflush]
51 root SW< [aio/0]
50 root DW [kswapd0]
167 root SW [scsi_eh_0]
201 root SW [kjournald]
247 root SW [kjournald]
249 root SW [kjournald]
359 root SW syslogd -m 0
370 root SW klogd -c 2
389 root SW< [xfslogd/0]
390 root SW< [xfsdatad/0]
391 root SW [xfsbufd]
440 root SW [xfssyncd]
588 root SW /usr/bin/mDNSResponderPosix -b -f /etc/mDNSResponder.
599 root SW< /usr/sbin/httpd -p 80 -h /www -r LaCie LaCie Network
613 root 48 S /usr/sbin/ifplugd -i egiga0 -fwI -u10 -d0 --run=/etc/
657 root SW /usr/bin/ipconfd
683 root SW< /sbin/udevd --daemon
740 root SW proftpd: (accepting connections)
759 root SW /usr/sbin/nmbd -D
770 root SW /usr/sbin/smbd -D
780 root SW /usr/sbin/smbd -D
811 root 4 S /usr/sbin/atalkd
886 root SW /usr/sbin/papd
903 root SW /usr/sbin/afpd -g nobody -c 50 -n SpaceNetwork
928 root 44 S /usr/sbin/mt-daapd -m -d 0 -c /etc/mt-daapd/mt-daapd.
953 root SW /usr/local/TwonkyVision/twonkymedia -inifile /usr/loc
958 root 5524 S /usr/local/TwonkyVision/twonkymediaserver -inifile /u
1004 root SW /sbin/getty 115200 ttyS0 vt100
1055 root SW< /usr/sbin/httpd -p 80 -h /www -r LaCie LaCie Network
1056 root SW< /bin/sh /www/cgi-bin/admin/webshell
1060 root SW< /home/myshare/nas/utelnetd
1168 root SW /usr/sbin/smbd -D
1245 root SW [pdflush]
1380 root SW< /usr/sbin/sshd
4986 root 284 S < sshd: new_root@ttyp0
4991 root 228 S < -sh
5218 root 40 S /usr/sbin/smbd -D
5436 root 708 R < ps
Here, the webshell and utelnetd result from the hacking.
