DSM-G600, DNS-3xx and NSA-220 Hack Forum

index monkey · 2007-12-18 18:51:38

Hi Folks,

I have set up a few of these d-link boxes for friends, all good, I think they are great when combined with this forum. I actually have the dns-323 myself, but recommend the dsm-g600 too.
However I got a DSM-g600 today, updated the firmware up to v1.02.

Fun_plug working ok with dmesg.out

added telnet, with busybox, sed and updated funplug script,
changed and checked permissions, all okay.

the only difference from the other boxes I have fun_plugged is that the admin password for the dsm-g600 web page was nine letters long.
when I attempt to telnet i get
dsm-g600 login: root
login: no valid shadow password

Reset unit to default factory settings, reformatted HDD, reapplied the funplug and telnet and l get the same error?

All I can think is that when the telnet script grabs the current admin password and replaces roots with it, as it was longer than the 8 chars permitted by the box for user accounts it has somehow failed to replace root password with it and thus broken the root account. does the script for enabling telnet adjust any settings on the flash on the dsm-g600? if so is there a way in?

I appreciate any thoughts on this matter. Thanks.

Last edited by index monkey (2007-12-18 18:56:21)

sala · 2007-12-18 21:43:00

add this line at the end of your fun_plug to verify your root password.

Code:

cat /etc/shadow > /mnt/HD_a2/shadow.copy

Every time you make some password/account based changes from web inteface then your shadow and passwd file gets flashed.

index monkey · 2007-12-19 12:14:31

Hi Sala,

Thanks for that, I added it to the fun_plug and it returned the following:-

admin:4UKGWbsule73s:0:0:99999:7:::
nobody:pACwI1fCXYNw6:0:0:99999:7:::
nicola:4LmSdegdWaNB6:12784:0:99999:7:::
ftpadmin:.xqe4yhay.kJU:12784:0:99999:7:::
root:4UKGWbsule73s:0:0:99999:7::: ftpadmin:.xqe4yhay.kJU:12784:0:99999:7:::

which shows that admin and root are the same, so I tried the alternative method of getting telnet access without busybox, and get the same result.
I will try reinstalling the firmware... the one I am using is the current off the dlink website from 08-11-2006, version 1.02. It came with the 1.02eu version before I upgraded. Any further ideas?

sala · 2007-12-19 12:25:03

As you can see, the last line in your shadow is messed up, try to fix that and copy fixed shadow back to /etc

index monkey · 2007-12-19 13:04:26

Thanks for the helpful nuggets that give me hope!

I only have disk access to the mount point /mnt/HD_a2 and ftp access, so editing /etc is a challenge for me.
after deleting the ftpadmin user, there still remained the ftpadmin mess after the root password...
I came up with the idea of backing up the config within the web itnerface
then editing the config removing all references to ftpadmin account that was causing the problems, and reloading the edited config back in.
I will let you know the outcome shortly.

index monkey · 2007-12-19 13:27:28

by editing the backedup config and reloading it, when I rebooted the output to shadow.copy was looking correct.
however I still could not login to the telnet session as root, although the same password worked for the admin web pages.
I did a factory settings reset from there, and bingo! root access now works.

Thanks for pointing me in the right direction, saved me a fortune in Rogaine!

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2007-12-18 18:51:38

9 letter admin password & root telnet fails-no valid shadow password

#2 2007-12-18 21:43:00

Re: 9 letter admin password & root telnet fails-no valid shadow password

Code:

#3 2007-12-19 12:14:31

Re: 9 letter admin password & root telnet fails-no valid shadow password

#4 2007-12-19 12:25:03

Re: 9 letter admin password & root telnet fails-no valid shadow password

#5 2007-12-19 13:04:26

Re: 9 letter admin password & root telnet fails-no valid shadow password

#6 2007-12-19 13:27:28

Re: 9 letter admin password & root telnet fails-no valid shadow password

Board footer