MobileRead Forums - View Single Post

DHer · 07-25-2006, 07:24 AM

@kristoffer

first we need to know if xpdf is still running as root (i assume they changed it if they are talking about "improved security").

next question: does the old script to switch on ethernet support still work? (see the green light at the travel hub)

If at least the second thing works, it should be no problem either to start the ssh daemon (if xpdf is running as root and it is still installed) or drop netcat (http://packages.debian.org/cgi-bin/d...=arm&type=main) on the iliad (extract the binary, installing the package won't work without root), make it executable and execute "netcat -l -p 1234 -e /bin/sh" to spawn a netcat backdoor on port 1234. Then you can connect from your pc using netcat <IP> 1234 to get a shell on the device.

This is quite insecure, so don't do it somewhere else then in your home network.
AND DO NOT add this to the startup scripts.

Then you can go on, extract the passwd file (assuming they haven't shadowed it) and get the root password again - till there's the next update.

07-25-2006, 07:24 AM	#26
DHer Addict Posts: 261 Karma: 156 Join Date: Jul 2006 Device: iliad	@kristoffer first we need to know if xpdf is still running as root (i assume they changed it if they are talking about "improved security"). next question: does the old script to switch on ethernet support still work? (see the green light at the travel hub) If at least the second thing works, it should be no problem either to start the ssh daemon (if xpdf is running as root and it is still installed) or drop netcat (http://packages.debian.org/cgi-bin/d...=arm&type=main) on the iliad (extract the binary, installing the package won't work without root), make it executable and execute "netcat -l -p 1234 -e /bin/sh" to spawn a netcat backdoor on port 1234. Then you can connect from your pc using netcat <IP> 1234 to get a shell on the device. This is quite insecure, so don't do it somewhere else then in your home network. AND DO NOT add this to the startup scripts. Then you can go on, extract the passwd file (assuming they haven't shadowed it) and get the root password again - till there's the next update.