|
最初は root のパスワードを消す事と telnet を可能にすること。
qube:~# tail -f /var/log/messages : : Jan 25 22:03:06 qube kernel: usb 2-1: new high speed USB device using ehci_marvell and address 2 Jan 25 22:03:06 qube kernel: usb 2-1: configuration #1 chosen from 1 choice Jan 25 22:03:06 qube kernel: scsi2 : SCSI emulation for USB Mass Storage devices Jan 25 22:03:11 qube kernel: scsi 2:0:0:0: Direct-Access ViPowER VP-89118(SD1) 2.10 PQ: 0 ANSI: 4 Jan 25 22:03:11 qube kernel: sd 2:0:0:0: [sdb] 976773168 512-byte hardware sectors (500108 MB) Jan 25 22:03:11 qube kernel: sd 2:0:0:0: [sdb] Write Protect is off Jan 25 22:03:11 qube kernel: sd 2:0:0:0: [sdb] 976773168 512-byte hardware sectors (500108 MB) Jan 25 22:03:11 qube kernel: sd 2:0:0:0: [sdb] Write Protect is off Jan 25 22:03:11 qube kernel: sdb: sdb1 sdb2 sdb3 sdb4 sdb5 sdb6 Jan 25 22:03:11 qube kernel: sd 2:0:0:0: [sdb] Attached SCSI disk Jan 25 22:03:11 qube kernel: sd 2:0:0:0: Attached scsi generic sg1 type 0 qube:~# mkdir /tmp/root qube:~# mount /dev/sdb2 /tmp/root mount: unknown filesystem type 'mdraid' qube:~#あかんやん
RAID ということで、LS-WSGL で試す
mini:~# tail -f /var/log/messages : : Jan 25 22:16:25 mini kernel: usb 1-1: new high speed USB device using ehci_platform and address 2 Jan 25 22:16:25 mini kernel: usb 1-1: configuration #1 chosen from 1 choice Jan 25 22:16:25 mini kernel: scsi2 : SCSI emulation for USB Mass Storage devices Jan 25 22:16:30 mini kernel: Vendor: ViPowER Model: VP-89118(SD1) Rev: 2.10 Jan 25 22:16:30 mini kernel: Type: Direct-Access ANSI SCSI revision: 04 Jan 25 22:16:30 mini kernel: SCSI device sdb: 976773168 512-byte hdwr sectors (500108 MB) Jan 25 22:16:30 mini kernel: sdb: Write Protect is off Jan 25 22:16:30 mini kernel: SCSI device sdb: 976773168 512-byte hdwr sectors (500108 MB) Jan 25 22:16:30 mini kernel: sdb: Write Protect is off Jan 25 22:16:30 mini kernel: sdb: sdb1 Jan 25 22:16:30 mini kernel: sd 2:0:0:0: Attached scsi disk sdb Jan 25 22:16:30 mini kernel: sd 2:0:0:0: Attached scsi generic sg1 type 0sdb1 しか見えていないので、GPT に対応していない。駄目
次は、GPT に対応している LS-XHL
brick:~# tail -f /var/log/messages : : Oct 25 22:17:00 brick kernel: usb 1-1: new high speed USB device using ehci_marvell and address 2 Oct 25 22:17:01 brick kernel: usb 1-1: configuration #1 chosen from 1 choice Oct 25 22:17:01 brick kernel: scsi2 : SCSI emulation for USB Mass Storage devices Oct 25 22:17:06 brick kernel: scsi 2:0:0:0: Direct-Access ViPowER VP-89118(SD1) 2.10 PQ: 0 ANSI: 4 Oct 25 22:17:06 brick kernel: sd 2:0:0:0: [sdb] 976773168 512-byte hardware sectors (500108 MB) Oct 25 22:17:06 brick kernel: sd 2:0:0:0: [sdb] Write Protect is off Oct 25 22:17:06 brick kernel: sd 2:0:0:0: [sdb] 976773168 512-byte hardware sectors (500108 MB) Oct 25 22:17:06 brick kernel: sd 2:0:0:0: [sdb] Write Protect is off Oct 25 22:17:06 brick kernel: sdb: sdb1 sdb2 sdb3 sdb4 sdb5 sdb6 Oct 25 22:17:06 brick kernel: sd 2:0:0:0: [sdb] Attached SCSI disk Oct 25 22:17:06 brick kernel: sd 2:0:0:0: Attached scsi generic sg1 type 0 brick:~# mkdir /tmp/root brick:~# mount /dev/sdb2 /tmp/root mount: unknown filesystem type 'mdraid' brick:~#LS-QL と同じ。あかんか。
試しに ext3 でマウント
brick:~# mount -t ext3 /dev/sdb2 /tmp/root brick:~# ls /tmp/root bin boot dev etc home initrd lib lighttpd.webui lost+found mnt modules proc root sbin sys tmp usr var www brick:~#いけたやん
brick:~# cd /tmp/root/etc/ brick:/tmp/root/etc# mv shadow shadow.orig brick:/tmp/root/etc# sed -e 's/^root:[^:]*:/root::/' shadow.orig root::11009:0:99999:7::: bin:*:11009:0:99999:7::: daemon:*:11009:0:99999:7::: halt:*:11009:0:99999:7::: ftp:*:11009:0:99999:7::: rpc:*:11009:0:99999:7::: rpcuser:*:11009:0:99999:7::: apache:*:11009:0:99999:7::: admin:$1$$I2o9Z7NcvQAKp7wyCTlia0:11009:0:99999:7::: sshd:!:13241:0:99999:7::: nobody:!:13148:0:99999:7::: guest:!:13148:0:99999:7::: brick:/tmp/root/etc# sed -e 's/^root:[^:]*:/root::/' shadow.orig > shadow brick:/tmp/root/etc# ls -l shadow* -rw-r--r-- 1 root root 344 Jan 25 22:26 shadow -rw-r--r-- 1 root root 370 Jan 27 2009 shadow.orig brick:/tmp/root/etc# chmod 600 /etc/shadow brick:/tmp/root/etc#パーミッションが変だが、、、直しておいた。
brick:/tmp/root/etc# cd ..
brick:/tmp/root# ls -l usr/sbin/telnetd
lrwxrwxrwx 1 root root 17 Sep 1 14:37 usr/sbin/telnetd -> ../../bin/busybox
brick:/tmp/root# bin/busybox --help | grep telnetd
telnetd, test, tftp, time, top, touch, tr, traceroute, true, tty, ttysize, udhcpc, udhcpd, udpsvd, umount, uname, uncompress,
brick:/tmp/root#
telnetd があるので、rcS に追加する。
brick:/tmp/root# tail etc/init.d/rcS
exec_sh ${cmd}
done
/usr/local/bin/share_delete.sh &
VER=`grep "^VERSION=" ${RELEASE_FILE} |sed -e "s%.*=%%"`
SUB_VER=`grep "^SUBVERSION=" ${RELEASE_FILE} |sed -e "s%.* %%"`
BUILDDATE=`grep "^BUILDDATE=" ${RELEASE_FILE} |sed -e "s%.*=%%"`
logger -t ${LOGTAG} -p ${LOGFACILITY} "${VER}-${SUB_VER} ${BUILDDATE} started!"
echo "${VER}-${SUB_VER} ${BUILDDATE} started!" > /dev/console
brick:/tmp/root# echo >> etc/init.d/rcS
brick:/tmp/root# echo /usr/sbin/telnetd >> etc/init.d/rcS
brick:/tmp/root# !tail
tail etc/init.d/rcS
/usr/local/bin/share_delete.sh &
VER=`grep "^VERSION=" ${RELEASE_FILE} |sed -e "s%.*=%%"`
SUB_VER=`grep "^SUBVERSION=" ${RELEASE_FILE} |sed -e "s%.* %%"`
BUILDDATE=`grep "^BUILDDATE=" ${RELEASE_FILE} |sed -e "s%.*=%%"`
logger -t ${LOGTAG} -p ${LOGFACILITY} "${VER}-${SUB_VER} ${BUILDDATE} started!"
echo "${VER}-${SUB_VER} ${BUILDDATE} started!" > /dev/console
/usr/sbin/telnetd
brick:/tmp/root#
brick:/tmp/root# cd / brick:/# umount /tmp/root brick:/#
yasunari@sil:~$ telnet 192.168.2.70 Trying 192.168.2.70... Connected to 192.168.2.70. Escape character is '^]'. BUFFALO INC. TeraStation series TS-WXL3B3 login: root root@TS-WXL3B3:~#だーん!
|
|
← ディスクをコピーして実験用 HDD を作る |
ハックの記録 LinkStation/玄箱 をハックしよう |
→ ファームウェアのアップデート |
