Thursday, July 16, 2009

How to get hammer work for you

Recently I got my hands on NAS device, HAMMER, "MyShare" code name HN1200.

Few day ago there has been quite a bit of discussion about this device here

First, concern was expressed that a proprietary file system is used for a data storage and therefore advice was given to stay away from the device. That is wrong statement. Device is using lightweight linux, nickname "S3M NAS" and of course filesystem is standard ext3 filesystem.

In fact fdisk -l shows up three partitions.

Device Boot Start End Blocks Id System
/dev/sda1 1 13 104422 fd Linux raid autodetect
/dev/sda2 14 26 104422+ fd Linux raid autodetect
/dev/sda3 27 77825 624920467+ fd Linux raid autodetect

All three are used in RAID1 setup. First is used for /root , second for swap and the last is configured as LVM volume. You can take out the disk from NAS attach it to any Linux system and follow this procedure to examine/recover/modify the data on the disk:

Now here comes second and main point I wanted to make.
In the discussion cited above the method has been suggested to modify this NAS to allow telnet connection to it. This was done by exploiting the security hole in the HAMMER's configuration system. Now, I was kind of out of luck in this case. "Set alerts" page, where the security hole used to live, in my case did not worked at all.
Probably that was the way "hammer-storage" fixed security bug. But do I need to exploit anything here?
Did not I explained you in the previous point how to modify the system to your satisfaction?

So, here we are. Given any NAS, at least the ones running linux clone system:
1) Set up your NAS. In order to make things simple I recommend one hard drive set up. Just use a fresh disk
and all your data on your older drive will be intact.
2) Configure NAS as you usually do. Enable as much services as possible, I did NFS, CIFS, HTTP etc.
3) Shutdown NAS. Remove hard drive and attach it to running Linux system, using USB enclosure for example.
4) Follow instructions from Linux Journal article above. This will allow you to mount / file system as well as data volume.
5) Now use you favorite editor to edit /mountpoint/etc/inetd.conf to append line

telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/telnetd

and add a root user to /mountpoint/etc/passwd , just append the line

your_name::0:0:Linux User,,,:/root:/bin/sh

6) save files, umount partitions, move hard drive back to NAS and boot it.
7) In few second you will be able to telnet to whatever IP your NAS is assigned by using user name "your_name" and empty password.

Now you get busy and install all the software you want from

starting with ipkg of course.

Was not that easy?