Hi,
I haven't been able to execute the script in the Network Space.
I'll explain what I've done because maybe someone has a hint on how to continue.
The software version in my lacie is 1.1.6
The steps I followed are:
1. create a folder named "hack" openshare.
2. create a file named backdoor in openshare\hack\ with the sh file above in that thread (#!/bin/sh ...)
3. create a file named "index.html" in openshare with the html above in that thread (<html><head><title>Backup</title>...)
4. open the file index.html with a browser in your computer
5. changed the first input in that webpage to my network space ip
6. changed the second input in that webpage to /home/openshare/hack
7. left the last input in that webpage as it is /www/cgi-bin/admin
8. clicked copy
At this point i got the same error as described by Ferretz
Code:
"df: /www/cgi-bin/admin: can't find mount point. /www/cgi-bin/admin/backup: line 131: [: -lt: unary operator expected"
I continued anyway.
9.get access to the twonkyvision administration as indicated here:
Code:
http://lacie.nas-central.org/wiki/NetworkSpace:_MultimediaServers
10 access to twonkyvision configuration and go to basic setup > sharing in the left side menu
11 click on "browse" button in any of the Content Locations: inputs.
12 a onscreen pop up with the folder strcture should appear
13 browse to www > cgi-bin > admin
14 there should be a folder named hack-200003310303954473206 with the numbers representing your actual timestamp.
15 copy the name
16 go to
Code:
http://your_lacie_disk_ip/cgi-bin/admin/webshell-xxxxxxxxxxxx/backdoor?whoami
it should say root.
My backdoor file did not get copied.
I tried a thousand combinations like coping files to
/www/cgi/bin/home
with no luck.
If i do the backup with some media files inside the folder hack the do get copied.
I successfully copied mp3, images and folders with this method but any strange file like .sh or text files does not get copied.
Also the mp3 files copied disapeared from the hacked folder or at lest did not get accessible via web.
I have been able to play mp3 uploaded that way with an url like that:
Code:
http://192.168.0.22:9000/disk/music/O1$14$744776806$2758043027.mp3/audio.mp3
but not with that:
Code:
http://192.168.0.22/cgi-bin/admin/hack-200003310303954472730/audio.mp3
Wich is the adress where I uploaded the mp3 in the first place.
Maybe the file did get moved or just made unacessible from web.
Of course i tried to upload a sh file with the name backdoor.mp3 with no luck.
In the other hand I've also tried the crontab methdo but I had no luck with that also.
I created the html file, set the ip to my ip and the origin file to my file executed it and set the minutes and seconds to a future time but i got a not found in
Code:
http://192.168.0.22/cgi-bin/admin/media
I've checked with tomkyvision and I do not have the folder media.
Of course maybe I don't have the last version of the software.
Sorry for the redundancy, I had a little trouble getting all together the first time and, even if it did not work, I think it could be useful to someone.