
How I got a root shell in my NAS, 0day inside - Garbage
http://blog.pentbox.net/index.php?controller=post&action=view&id_post=4
======
kogir
This is cool, but typically it's not considered a vulnerability when the user
in possession of the hardware or with admin access can root the box. It's
actually inevitable.

Unless an unprivileged, remote attacker can also get a shell on the box, it's
not a big deal.

~~~
testooo
That's not correct. When a researcher finds a vulnerability to get root access
on an iPhone (hardware that he owns), it allows him to run code as a privilege
user and modify the whole system. That's how jailbreaks are born, and Apple
fixes the issues as soon as possible.

------
ds9
So apparently it doesn't give the owner root by default? I don't think I would
buy such a product.

And this guy reports the means of getting root on his own device as a "defect"
to be "fixed"? That is disgraceful.

You can make a NAS from generic PC equipment, altho it takes some work to get
a lot of convenient features.

~~~
Create
There are FLOSS friendly NAS-es out there:

[http://sourceforge.net/projects/qosgpl/](http://sourceforge.net/projects/qosgpl/)

[http://wiki.qnap.com/wiki/Debian_Installation_On_QNAP](http://wiki.qnap.com/wiki/Debian_Installation_On_QNAP)

[http://www.cyrius.com/debian/kirkwood/qnap/](http://www.cyrius.com/debian/kirkwood/qnap/)

with decent Debian solutions:

[http://www.openmediavault.org/](http://www.openmediavault.org/)

or [http://www.nas4free.org/](http://www.nas4free.org/)

------
Ogre
How I got a root shell in my NAS:

Went to "Terminal" in the web control panel.

Enabled the SSH service.

SSHed in as root.

This is an off-the-shelf device, not an OS I installed myself.

~~~
testooo
Not the same NAS, in DNS320 you don't have that option:

[http://www.support.dlink.com/emulators/dns320/200/login.html](http://www.support.dlink.com/emulators/dns320/200/login.html)

------
phase_9
The DNS320 has been my home server for just over a year (replacing a
LinkStation). You can install Fonz FunPlug in about 5 minutes and get a solid,
mirrored server for about £20.

[http://nas-tweaks.net/devices/d-link-dns-320/](http://nas-
tweaks.net/devices/d-link-dns-320/)

~~~
probably_wrong
Unless I'm not understanding correctly, I think you misspelled £60

------
moreentropy
Wow, great guide to some seemingly awesome tools I didn't know until now.

I love posts like this, well written and easy to understand. This show that
finding vulnerabilities is not magic for some ubergeeks but straightforward
analysis with a bit of trial and error.

