DSM-G600, DNS-3xx and NSA-220 Hack Forum

fun_plug.d is 755 or maybe 775 for root:root across the board, I believe.  I'll verify when I get home, but I think that was the case.  Again, I think this was me locking things down, probably not from the original distribution.

Ah, fantastic!  I'll see what I can do along those lines.  Thanks so much!

Have you tried copying a fresh fun_plug.tar to Volume 1, like I said in my first post? There's not much to fear.

It's supposed to work as it did during installation. You put a fun_plug.tar into Volume 1 and reboot. The fun_plug script will find it and unpack all the files. It does this as root, so it can overwrite whatevert files there are with the versions from the tar. It, of course, includes the original version of start/telnetd.sh that doesn't ask for a password. Et voila...

Hello,

I found a sort of minimal way to install telnetd using fonz'z funplug-0.4 as per my fun_plug script below.  My basic requirement is a minimal telnet for root only, and through which I can unmount the file system for checking and so on.

Enjoy

Jaya

#!/bin/sh

# manifests
root=/home/root
disk=/mnt/HD_a2/fun_path
logs=/mnt/HD_a2/fun_logs
export PATH=.:$PATH

# switch to disk path
cd $disk
{
    # boot timestamp
    busybox date

    # execution trace
    set -x

    # install files
    busybox cp busybox $root

    # replace shell
    busybox mv -f /bin/sh /bin/sh.old
    busybox ln -s $root/busybox /bin/sh

    # establish console
    busybox mknod -m 0666 /dev/ptmx c 5 2
    busybox mkdir -p /dev/pts
    busybox mount -t devpts devpts /dev/pts

} >$logs 2>&1

# switch to root path
cd $root

# setup telnet policy
busybox sed -n -e '/^root:/s|:/.*|:/home/root:/bin/sh|p' /etc/passwd >passwd
busybox sed -e '/^root:/d' -e 's|:/.*|:/:/bin/sync|' /etc/passwd >>passwd
busybox mv passwd /etc/passwd
busybox echo "/etc/passwd updated" >>$logs

# clone admin password
busybox sed -n -e '/^admin:/s//root:/p' /etc/shadow >shadow
busybox sed -n -e '/^root:/dp' /etc/shadow >>shadow
busybox mv shadow /etc/shadow
busybox echo "/etc/shadow updated" >>$logs

# start telnet daemon
busybox telnetd -l /bin/login -F
busybox echo "telnet daemon started" >>$logs

At this point my assumption is that when you manage accounts in the Web UI, you should have an active root shell open from which you set and store your password again immediately upon completion of account management.  As we both now know, you can drop a new tarball in the root directory again to get back in, but given that things move around over time as with my experience (the startup scripts and sbin dir), it's probably safer just to make that a point of process.

ojve wrote:

But how do you manage ftp-accounts, access and settings by telnet/ssh?

Hello,

I hope you are aware managing passwords through telnet/ssh will not be persistent across reboots unless you use fonz's scripts or equivalent to write these changes to flash.  If you are doing this, you also have to be careful not to interfere with the mount/umount of flash device by the web interface.

I prefer to make changes in memory and let the web interface take care of committing these to flash.

Regards,

Jaya

mig wrote:

You can also use a technique where the 'managed' passwords are stored in a file
and copied over the working root via a script at startup.  Similar to the last few
lines in jayas script in post 65.

I am wondering if backing up the configuration, editing what we needs to be customised, and then reloading the customised profile would be the best method, assuming of course the backup and restore of configuration works reliably.

Incidentally the backup configuration files holds email password in the clear!  So much for password security.

Jaya

mig wrote:

This is certainly a possible technique; however, you are still relying on
(closed source) D-link provided software to read the configuration file and update
the system/memory files.  If you add something in your customization that
the configuration file reader doesn't handle, it could lead to unexpected results.

True.  Digressing ....

I am wondering [only wondering at the moment ... ] that given the configuration backup file format appears very similar to another product  I have looked into (router from another vendor), the origins of the parser could be from a 'common' or even 'not so open' source.  I wonder if anyone else has seen the configuration files.

We could try ask D-LINK to release source for their goweb interface but I reckon it would not be a good idea to for one to hold one's breath waiting for this

Jaya

Ok, so I tried to get some help on this but no one seems to know the answer, or bother to take the time to answer.

So, if I'm supposed to continue to do user management from the web UI, does anyone have any idea exactly when theses changes will interfere with the root password?

I'm going away and would like to be able to do all management of my disks remotely. Is there any other (secure) way than to install openVPN and do it from the web UI. To be honest, the instructions for openVPN seemed a bit advanced for me.

Please help

//T