Phase 2 of D-Link DNS-323 hacking - Root user and sshd setup

Here's a follow-on to my first post on hacking the D-Link DNS-323 hacking.

This is what you should do after you've downloaded and installed Fonz' fun_plug (ffp) and made the initial telnet into the system.

Here's a useful guide for this :

# pwconv
# passwd
# usermod -s /ffp/bin/sh root

# login (test root/newpw)

Copying files to mtd1...
Copying files to mtd2...

# cd /ffp/start
# sh start (test ssh login)

# cd /ffp/start
# chmod a-x
# chmod a+x

I found you can re-activate telnet by temporarily putting
chmod a+x /mnt/HD_a2/ffp/start/
into the fun_plug file via Windows client (Samba) at the root of the mounted network drive.

If you reboot the system with the above configuration, you'll still be able to ssh into the box with root/newpw, and you'll find telnet is inoperable.