DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

Pages: 1

 

#1 2007-04-09 14:25:09

kbe
New member
Registered: 2007-04-09
Posts: 3

How i got TELNET WITH PASSWORD PROMPT

I prefer to make some changes in fun_plug to get our box a bit secure

1. I downloaded new busybox version (TAB-completion, history and many improvements) and rather good organized fun_plug subsystem from http://www.inreto.de/dns323/fun-plug/

2. As new busybox supports telnetd (as httpd by the way) I completely remove old utelnetd and replaced with new busybox-telnetd (auto installed from above link). Use provided documentation and reboot. After reboot you'll use new busybox and its telnetd.

3. Next our task is to get login instead of shell. You need to edit /mnt/HD_a2/fun_plug.d/start/telnetd.sh

Code:

#!/bin/sh

if [ -x "${BINDIR}/telnetd" ]; then
    echo "Starting telnetd... "

    ln -s /mnt/HD_a2/.profile /home/root/.profile #HERE is the first change
    
    if [ ! -e "/dev/ptmx" ]; then
        mknod -m 0666 /dev/ptmx c 5 2 
    fi
    
    if [ ! -d "/dev/pts" ]; then
        mkdir -p /dev/pts
    fi
    
    mount | grep devpts 1>/dev/null 2>/dev/null
    if [ $? -ne 0 ]; then
        mount -t devpts devpts /dev/pts
    fi

    if [ -e "${VOL1}/passwd" ]; then #THIS IF CONDITION is the second change
        cat ${VOL1}/passwd > /etc/passwd 
        ${BINDIR}/telnetd -l ${BINDIR}/login
    else
        ${BINDIR}/telnetd -l ${BINDIR}/sh
    fi
    
else
    echo "ERROR: telnetd not found"
fi

4. Now login is activated but no root password set. We need command passwd. Password will be storen is /etc/passwd. This file is rewritten every reboot so we must copy it to our drive - /mnt/HD_a2/. When fun_plug is running it restores contents of /etc/passwd.
You also need to change you default shell to busybox (in passwd file) because standard /bin/sh doesn't work.
My root record looks like:

Code:

 root:$CERh7MOkkBnDE7yq/:0:0:Linux User,,,:/home/root:/mnt/HD_a2/fun_plug.d/bin/sh

5. OK. Everything is working but we lost many of environment variables from fun_plug. Note login process brings us after boot to /home/root/ folder and we are became the "right" user. So I copied these lines from fun_plug and insert them into /mnt/HD_a2/.profile

Code:

VOL1=/mnt/HD_a2
VOL2=/mnt/HD_b2
FUNPLUGTAR=${VOL1}/fun_plug.tar
FUNPLUGDIR=${VOL1}/fun_plug.d
ETCDIR=${FUNPLUGDIR}/etc
BINDIR=${FUNPLUGDIR}/bin
LOGDIR=${FUNPLUGDIR}/log
LOGFILE=${LOGDIR}/fun_plug.log
PATH=${BINDIR}:${PATH}

export VOL1
export VOL2
export FUNPLUGDIR
export ETCDIR
export BINDIR
export LOGDIR
export LOGFILE
export PATH

umask 022

During boot this file is symlinked to root's folder.

Hope everything is working! Don't forget to reboot system!

Last edited by kbe (2007-04-11 11:02:48)

Offline

 

 

Pages: 1

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB