DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

Pages: 1

 

#1 2011-12-01 20:30:10

mrjackson
New member
Registered: 2011-10-18
Posts: 2

Fujitsu Siemens NAS Duo 35-LR - DNS 323

Hello,

First of all sorry of my bad English...

I have a FuSi NAS DUO 35-LR which is the same Hardware as the DNS 323. The orginal Firmware are missing a few features like SSH, WebServer ec...

I build a Voltage Converter to Access my nas via serial Cable. With PuTTY on COM1 115200 8N1 Baud, it is just working fine. I see the boot of the nas and it stops with the BusyBox prompt:

Code:

$Starting SMB services:
$Starting NMB services:
language=2
op_server 7 3 1 &
op_server v2.01.06012006
This may not a UPS device , please check it
Starting pid 774, console /dev/ttyS0: '/bin/sh'

BusyBox v1.00-pre1 (2008.09.02-11:43+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

Unfortunately my NAS is not responding to my commands, the only thing that happens is a reboot of the BusyBox while pressing Ctrl^C:

Code:

BusyBox v1.00-pre1 (2008.09.02-11:43+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

help

ls

Ctrl^C

Code:

Starting pid 1377, console /dev/ttyS0: '/bin/sh'

BusyBox v1.00-pre1 (2008.09.02-11:43+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

Any ideas about this Issue, I dont know if this is a problem of the serial stuff or is the NAS programed to not respond to my commands...

- Does anybody had already chracked this nas...
- FunPlug is not working because this is a complete different Firmware...

Thank you!!!

Kind regards

mrjackson

Offline

 

#2 2011-12-02 12:06:29

oxygen
Member
Registered: 2008-03-01
Posts: 320
Website

Re: Fujitsu Siemens NAS Duo 35-LR - DNS 323

you have to break into the busybox shell by sending a special character sequence (can be defined at compile time)

Offline

 

#3 2011-12-08 20:26:21

mrjackson
New member
Registered: 2011-10-18
Posts: 2

Re: Fujitsu Siemens NAS Duo 35-LR - DNS 323

Hi,

you have to break into the busybox shell by sending a special character sequence (can be defined at compile time)

Does anybody know where i can find this character sequence?

I figured out that i can run a few commands during boot. I did an export of the configuration and there you can find the following code:

Code:

;#!/bin/sh
/sbin/ifconfig egiga0 10.0.0.14  netmask 255.255.255.0
route add default gw 10.0.0.10
route add -net 224.0.0.0 netmask 255.0.0.0 dev egiga0

Does anybody know a way to chrack the nas this way? Or to open a backdoor like:

Code:

nc -l -p 1234 -e /bin/bash

Does anybody have a nc installed on DNS232 so i dont have to crosscompile nc for my nas?

Any idea, tip, trick is welcome.

Thank you

mr Jackson

Offline

 

 

Pages: 1

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB