WingNews logo WingNews GitHub [2]
top | item 6388460

How I got a root shell in my NAS, 0day inside

42 points| Garbage | 12 years ago |blog.pentbox.net | reply

10 comments

order
[+] kogir|12 years ago|reply
This is cool, but typically it's not considered a vulnerability when the user in possession of the hardware or with admin access can root the box. It's actually inevitable.

Unless an unprivileged, remote attacker can also get a shell on the box, it's not a big deal.

[+] testooo|12 years ago|reply
That's not correct. When a researcher finds a vulnerability to get root access on an iPhone (hardware that he owns), it allows him to run code as a privilege user and modify the whole system. That's how jailbreaks are born, and Apple fixes the issues as soon as possible.
[+] ds9|12 years ago|reply
So apparently it doesn't give the owner root by default? I don't think I would buy such a product.

And this guy reports the means of getting root on his own device as a "defect" to be "fixed"? That is disgraceful.

You can make a NAS from generic PC equipment, altho it takes some work to get a lot of convenient features.

[+] testooo|12 years ago|reply
The thing is you should be able to get root access in a proper way, not using a vulnerability. It is what it is, and should be fixed.
[+] moreentropy|12 years ago|reply
Wow, great guide to some seemingly awesome tools I didn't know until now.

I love posts like this, well written and easy to understand. This show that finding vulnerabilities is not magic for some ubergeeks but straightforward analysis with a bit of trial and error.