Thread: iLiad Userhack v2
View Single Post
Old 07-25-2006, 07:24 AM   #26
DHer
Addict
DHer doesn't litterDHer doesn't litter
 
Posts: 261
Karma: 156
Join Date: Jul 2006
Device: iliad
@kristoffer

first we need to know if xpdf is still running as root (i assume they changed it if they are talking about "improved security").

next question: does the old script to switch on ethernet support still work? (see the green light at the travel hub)

If at least the second thing works, it should be no problem either to start the ssh daemon (if xpdf is running as root and it is still installed) or drop netcat (http://packages.debian.org/cgi-bin/d...=arm&type=main) on the iliad (extract the binary, installing the package won't work without root), make it executable and execute "netcat -l -p 1234 -e /bin/sh" to spawn a netcat backdoor on port 1234. Then you can connect from your pc using netcat <IP> 1234 to get a shell on the device.

This is quite insecure, so don't do it somewhere else then in your home network.
AND DO NOT add this to the startup scripts.

Then you can go on, extract the passwd file (assuming they haven't shadowed it) and get the root password again - till there's the next update.
DHer is offline   Reply With Quote