From NAS-Central Lacie Wiki

NetworkSpace: MultimediaServers

The NetworkSpace has been equiped with media serving functionalities that can be accessed and configured using a web interface.

Accessing the web config pages of the Twonky media server

Browsing to http://192.168.1.64:9000 normally gives a red page saying "Access is restricted to MediaServer configuration!". However, you can access the configuration pages by exploiting a bug in the Twonky server 4.4.6. Change the IP address of the machine you are connecting from, or of the Network Space, or of both, to have a combination of machine ip and network space ip as in the following examples.

your machine: 192.168.1.6; NAS: 192.168.1.64
your machine: 192.168.1.6; NAS: 192.168.1.66
your machine: 192.168.1.7; NAS: 192.168.1.77
your machine: 192.168.0.2; NAS: 192.168.0.22

These have been reported to work, others probably work too. After setting the ip's like this, browsing to e.g. http://192.168.1.64:9000 should get you to a page from which you can click to the Twonky server configuration pages.

It seems that the IP-validation is not 100% waterproof. They do not check wether the ip length of the machine (PC) equals that of the server (NAS). Then they validate only the length of the ip of the machine (PC). So for example:

Your machine: 192.168.100.1
Would match a NAS on: 192.168.100.1xx, with x being any number or not set.
So 192.168.100.10, 192.168.100.19, 192.168.100.133 etc...

my subnet is in the 192.168.254.x-range and i have performed some tests that confirm this theory. After being able to access the config pages once you will be able to change the configuration from any system (authentication with admin required), so you are not required to be in the special IP-range anymore.

Note: I succeeded in crashing the Twonky webserver (other services stayed up and running). By browsing through the content i 'found' a folder with lots of content in it (actually: 90% of all images contained no 'date taken' info and was mapped to the same day. Opening that folder caused the server to stop responding to any other request. Pagination is required (but not yet available)!

Accessing the web config pages of the mt-daapd media server (FireFly Media Server)

mt-daapd stands for Multi-Threaded DAAP Daemon, from the SourceForge project page:

"A multi-threaded DAAP server for Linux and other POSIX type systems. Allows a Linux box to share audio files with iTunes users on Windows or Mac."

At port 3689 the user is greeted with a login pop-up window for the mt-daapd media server. As of firmware version 1.1.6 on the NetworkSpace, mt-daapd 0.2.4.1 is used. Using the following for logging in will get full access to the mt-daapd configuration webpages:

username: admin
password: L@CieD@@pd

The config file for the mt-daapd server:

#
# mt-daapd.conf
#
# Edited: Mon Mar 17 08:24:05 2008
# By: admin
#
web_root /usr/share/mt-daapd/admin-root
port 3689
admin_pw L@CieD@@pd
mp3_dir /home/openshare
servername NetworkSpace
runas root
playlist /etc/mt-daapd/mt-daapd.playlist
extensions .mp3,.m4a,.m4p,.wav,.aac
db_dir /var/cache/mt-daapd
rescan_interval 3600
scan_type 0
always_scan 0
logfile /var/log/mt-daapd.log
process_m3u 1
compress 0

As you see the web-root folder CAN be modified, so it even would be located in the shared area. Of course it would be preferred to place it in a (subfolder in the) myshare-area preventing the configuration to be world-editable. This way you would be able to edit the layout and markup of the config pages and so on. It is not (yet) possible to inject functionality (shell commands for example) into the server. The server is a bunch of compiled c-sources (library). No scripting what so ever... (source code available, earlier mentioned link)