DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2014-12-22 20:48:31
- deivid3g
- New member
- Registered: 2014-12-22
- Posts: 1
Fix BASH - Shellshock - SSH-KEYS - Debian Squeeze
Login in your NAS with SSH-Client or Putty .
Then you can try to see if bash need fix:
Code:
env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED"' \
bash --norc -c ':' 2>/dev/null;if you get this. Run for the hills:
Thanks some good guy compiled a bash fixed for architecture ARM.
Lets download this bash:
Code:
wget http://honk.sigxcpu.org/projects/squeeze-lts/b/bash/bash_4.1-3+deb6u2_armel.deb
then install:
Code:
dpkg -i bash_4.1-3+deb6u2_armel.deb
try again to see if the bash is fix:
Code:
env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED"' \
bash --norc -c ':' 2>/dev/null;and then you can return from the hills you are safe:
And for last and not less importantly : This debian chroot use a pre generete fingerprint and maybe you have the default.. This is not nice for your security.
how solve this?
lets make a archive with nano:
Code:
nano key.sh
put this:
Code:
rm -f /etc/ssh/ssh_host_key
rm -f /etc/ssh/ssh_host_dsa_key
rm -f /etc/ssh/ssh_host_rsa_key
rm -f /etc/ssh/ssh_host_ecdsa_key
if [ ! -r /etc/ssh/ssh_host_key ]; then
/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
fi
if [ ! -r /etc/ssh/ssh_host_dsa_key ]; then
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
fi
if [ ! -r /etc/ssh/ssh_host_rsa_key ]; then
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
fi
if [ ! -f /ssh/ssh_host_ecdsa_key ]; then
/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
fisave and run..
Code:
sh key.sh
Wait some seconds and you will see generating your new fingerprints... when your log again you will need update the keys in your ssh client...
Sorry my nice english! :kkk:
Cheers from Brazil! :smile:
Last edited by deivid3g (2014-12-22 21:10:31)
Offline