Hacking your portable Linux Server - O'Reilly Mediaassets.en.oreilly.com/1/event/27/Hacking...

Hacking your portable

Linux Server

Federico Lucifredi

disclaimer

Federico Lucifredi MMIX

while the following was conscientiously researched and verified, neither Linux Journal nor the author will accept any

liability if you render your device inoperable as a result of these

instructions.

Proceed at your own risk.

originS

community

Procurement

The Hardware

...morse code

Inside

(Ext-III ? USB?)

Oxford NAS

Oxford NASOxford semiconductor OXE800

ARM 926EJ-S core

VIA Cyclada Simpliphy vt6122Gigabit Ethernet

Hynix 32Mbit DDR SDRAM

USB, SATA

MicroOxford semiconductor OXE800

ARM 926EJ-S core

E: DSP enhancementsJ: Java extension (Jazelle)

200 MHZ, 98 bogoMIPS

serials, USB, ethernet and more

Ethernet

ethernetVIA Cyclada Simpliphy vt6122

Gigabit Ethernet

“Our internal testing shows that the MyBook World’s will transfer at 24-40Mbps (3-5 MBps) on a local network. The drive does not move data quicker because that is the maximum thruput that the enclosure’s CPU can handle”--WD Support

and these?

First Packets

Boot WoW Partition...or catch DHCP on the fly...or read DHCP tables...or mDNS for _http._tcp

Password setup

Log in to web UIWD Shared Storage Manager

Web UI

WD Shared Storage manager

Choose

RAID Mode?Default o (Striping)Option I (mirroring)

Change triggers rebuild

System partitions mirrored

Voiding Warranties

Breaking in

Head to Martin Hinner’s sitecompose update URL

http://martin.hinner.info/mybook/sshaccess.php

trigger firmware update

(http://martin.hinner.info/mybook/files/latestfw.sh)

Pitfalls

Many roads to false #failUpdate will fail update will say nothing

Attempt SSH loginyour username is UPPERCASE!

When sshd responding, success!

Console

Make it permanentsu -

/etc/inittab

::sysynit:/ur/sbin/sshd

cleanup and housekeeping/etc/passwd, shadow, etc

check /etc/sshd_configdisable Mionet cleanly

Software

ps axjf

grand tourkernel 2.6.17.14

Samba, NFS

udhcpc, crond, syslogd, klogd, mDNSResponderPosix

SSHd, lighttpd, ntpd, (telnetd), (tftpd)

grand tourNo man pages

Busybox ps, top, free, ifconfig, ...

wget, rsync, tload, chroot, smartctl, nhfsstone,

telnet, ssh, scp

grand tour

gcc, g++, gmake

Java ME

discovery

I. broadcast

use mdnslimited to local link

requires no external support

HOWTO: http://primates.ximiam.com/~flucifredi/mybook_mDNS.html

discovery

II. Announce

IM Direct MessageMost versatile option

requires route to server

HOWTO: full writeup in Linux Journal, issue of July

discovery

III. Do it right

use DNS UPDATERFC MMCXXXVI

Full Fledged internet noderequires control of your domain

HOWTO: http://primates.ximian.com/~flucifredi/dns-update.html

PlatformYou now have a very portable Linux system

A very flexible, low-cost platform

Discovery problem solved in all modes

Cross compiling an option (where Perl not enough by itself :)

ConclusionsA wondrous Hacking Platform

WD very wise in designing, later opening the system for custom use (sells more!)

Many services already HOWTO’d

Join us in finding new great uses for it!

resources

Linux Journal, July 2009

Resources section of said article!

Wikidot (http://mybookworld.wikidot.com)

Questions

contact

e-mail:flucifredi@acm.org

twitter: federico_II

(CC)Attribution-Noncommercial-No Derivative Works 3.0

Hacking your portable Linux Server - O'Reilly Mediaassets.en.oreilly.com/1/event/27/Hacking...

Documents

Ethical Hacking v10 Module 20 - IoT Hacking

Hacking beyond hacking - Forgotten Chapters - DefCamp 2012

Hacking Rural Medicine - Hacking 101

A Hacking Atlas: Holistic Hacking in the Urban Theater · 2018-12-05 · of hacking and holistic hacking, and hacking spaces (and seven types of hacking spaces, each described below)

SimpliPHY Dual Media Copper/Fiber/SFPww1.microchip.com/downloads/en/AppNotes/VPPD-01190.pdf · SimpliPHY Dual Media Copper/Fiber/SFP ENT-AN0065 VPPD-01190 ENT-AN0065 Application Note

A Hacking Atlas: Holistic Hacking in the Urban Theatercasci.umd.edu/wp-content/uploads/2019/09/Schuler... · effort, the concepts of hacking and holistic hacking, and hacking spaces

Hacking and Anti Hacking

Ethical hacking - Good Aspect of Hacking

Hacking: Computer Hacking Beginners Guide

HACKING AUTHENTICATION CHECKS IN WEB … · INDEX •Hacking Authentication Checks in Web Applications Hacking Application Designs Hacking J2EE Container Managed Authentication Hacking

Hacking Training - flane.de · Infrastructure Hacking Web Hacking The Art of Hacking 75% reales Hacking und praktisches Training in unserem Advanced “Hack-Lab” Entwickelt von

Hacking CT Hacking for Diplomacy week 8

Chapter 31 Hardware Hacking - DeepSec · Chapter 31 Hardware Hacking Module Hardware Hacking: Turning Ethernet into Æthernet (Wikipedia.org) “Taps are used in security applications

Cisco systems hacking layer 2 ethernet switches

Hacking and Civic Hacking

SimpliPHY Dual Media Copper/Fiber/SFP

Hacking( Full hacking guide for beginners)

SimpliPHY VSC8201 PCB Design and Layout Guidepdf.eepw.com.cn/v20091119/f5c8949de63f4b8fc77e8ab21696f26f.pdf · Since all PCB designs yield unique noise coupling behavior, not all

Ethical Hacking Module XV Hacking Wireless Networks

Hacking Tips & Tricks - OWASP 2 Agenda Security Incidents Vulnerability Assessment Wireless Hacking Bluetooth Hacking Advance password hacking