Phase 1 of D-Link DNS-323 hacking - Running fun_plug on DNS-323

Jul

28

2009

0

By David Luhman

Here is probably one of the best short explanations of how this works :
http://wiki.dns323.info/howto:fun_plug

On Windows client, mount the DNS-323 as a drive (L: in this case).

Grab the latest version of the fun_plug script provided by fonz :


L:\>wget http://www.inreto.de/dns323/fun-plug/0.5/fun_plug

L:\>wget http://www.inreto.de/dns323/fun-plug/0.5/fun_plug.tgz

Now restart your DNS-323. At this point I only know how to do a hard restart via the power button. After the reboot, the fun_plug script will auto-execute, and this will untar fun_plug.tgz leaving you with this :


L:\>ls -la
total 49
drwxrwxrwx   1 user     group           0 Jan  1  1980 .
drwxrwxrwx   1 user     group           0 Jan  1  1980 ..
drwxrwxrwx   1 user     group           0 Jul 28 22:31 .systemfile
drwxrwxrwx   1 user     group           0 May 22  2008 ffp
-rw-rw-rw-   1 user     group       47709 Jul 28 22:33 ffp.log
-rw-rw-rw-   1 user     group        1778 Sep  3  2008 fun_plug

L:\>tail ffp.log
* /ffp/start/LOGIN.sh inactive
* /ffp/start/telnetd.sh ...
Starting /ffp/sbin/telnetd -l /ffp/bin/sh
* /ffp/start/sshd.sh inactive
* /ffp/start/rsyncd.sh inactive
* /ffp/start/mediatomb.sh inactive
* /ffp/start/kickwebs.sh inactive
* /ffp/start/lighttpd.sh inactive
* /ffp/start/inetd.sh inactive
*  OK

L:\>

Note that telnet was started, so you now can telnet into your DNS-323 :


L:\>telnet 192.168.1.100

/ # hostname
linkme
/ # who
USER       TTY      IDLE      TIME            HOST
/ # top

Mem: 57196K used, 4708K free, 0K shrd, 12476K buff, 32708K cached
CPU:   0% usr   0% sys   0% nice  99% idle   0% io   0% irq   0% softirq
Load average: 0.00 0.04 0.05
  PID  PPID USER     STAT   VSZ %MEM %CPU COMMAND
 1821  1806 root     R     1360   2%   0% top
 1361     1 root     S      476   1%   0% fancontrol
 1679  1398 root     S     5096   8%   0% /usr/sbin/samba/smbd -D
 1355     1 root     S     5088   8%   0% /web/webs
 1398     1 root     S     4824   8%   0% /usr/sbin/samba/smbd -D
 1403  1398 root     S     4824   8%   0% /usr/sbin/samba/smbd -D
 1402     1 root     S     2968   5%   0% /usr/sbin/samba/nmbd -D
 1381     1 root     S     1568   3%   0% crond
    1     0 root     S     1564   3%   0% init
 1416     1 root     S     1564   3%   0% -sh
 1806  1612 root     S     1368   2%   0% /ffp/bin/sh
 1612     1 root     S     1356   2%   0% /ffp/sbin/telnetd -l /ffp/bin/sh

Categories:

DNS-323