Die Suche ergab 92 Treffer

von Mijzelf
Di 24. Mär 2020, 22:12
Forum: Entware-ng
Thema: [HOWTO] Install samba 3.6.25 on a ZyXEL fw4 nas
Antworten: 31
Zugriffe: 4200

Re: [HOWTO] Install samba 3.6.25 on a ZyXEL fw4 nas

A 4k stream is something like 25Mbit/sec, which is about 3MB/sec. That is no problem for any NAS. The problem with 2 streams is that 2 files have to be streamed simultaneously. Assuming the files are on the same disk, that means the disk has to alternate between these 2 files. To get 2 steady stream...
von Mijzelf
Di 24. Mär 2020, 21:51
Forum: Neuigkeiten / News
Thema: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054
Antworten: 17
Zugriffe: 1567

Re: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054

Possibly Zyxel replaces forbidden characters with something or filters more than just one character. No. The problem is that the filter is only implemented on weblogin.cgi. I think that is only used when logging in on the webinterface. It's not used by samba or ssh login. The filter is not implemen...
von Mijzelf
Di 24. Mär 2020, 08:47
Forum: NAS Geräte - FW5 Geräte / NAS devices - FW5 devices
Thema: welcher editor ? nur wirres zeug bei twonkyserver.ini
Antworten: 3
Zugriffe: 54

Re: welcher editor ? nur wirres zeug bei twonkyserver.ini

wide characters ?! ... wtf !?!? why do they do that ?! there is really always someone who thinks he has to do some special crap! Actually it's quite common. Wide characters are used to have a bigger character set, so you can include Chinese and smilies in your text. But in most cases you won't noti...
von Mijzelf
Mo 23. Mär 2020, 21:20
Forum: NAS Geräte - FW5 Geräte / NAS devices - FW5 devices
Thema: welcher editor ? nur wirres zeug bei twonkyserver.ini
Antworten: 3
Zugriffe: 54

Re: welcher editor ? nur wirres zeug bei twonkyserver.ini

That are wide characters, 2 byte per character.

If you are using Windows, I'd use WinSCP to download the file to your PC, and PsPad or Notepad++ to edit it, and then put it back using WinSCP.
von Mijzelf
Mo 23. Mär 2020, 14:54
Forum: Neuigkeiten / News
Thema: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054
Antworten: 17
Zugriffe: 1567

Re: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054

Assuming that I'm right that http GET is not used, the patch filters away % ; | $ & . Make sure your password (or username) doesn't contain any of these characters before applying the patch. The filtering is silent, you won't get any notice that an illegal characters is used, the backend just gets t...
von Mijzelf
So 22. Mär 2020, 18:28
Forum: MetaRepository
Thema: New zypkg: MetaRepository
Antworten: 6
Zugriffe: 2803

Re: New zypkg: MetaRepository

The backslashes in \\<NAS>\admin\zy-pkgs\ should tell this directory can be found using the samba entry. Yet you found the same directory using winscp. /i-data/<some-hex-code>/admin is the same directory. I tried my luck with this folder, but nas did not want to start up after creating the web_prefi...
von Mijzelf
So 22. Mär 2020, 18:16
Forum: Entware-ng
Thema: [HOWTO] Install samba 3.6.25 on a ZyXEL fw4 nas
Antworten: 31
Zugriffe: 4200

Re: [HOWTO] Install samba 3.6.25 on a ZyXEL fw4 nas

The webinterface and samba both use the samba password database, which is stored in /etc/samba/smbpasswd, or something like that. As far as I know the samba server which is exechanged by this script only reads that file, and the webinterface (weblogin.cgi, to be exact) doesn't use any code from the ...
von Mijzelf
So 22. Mär 2020, 18:10
Forum: Neuigkeiten / News
Thema: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054
Antworten: 17
Zugriffe: 1567

Re: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054

There are 2 cases, http GET and http POST. In case of GET all arguments have to be encoded in the URL, something like http://nas/adv,/cgi-bin/weblogin.cgi?username=admin%27%3Becho%20/usr/local/apache/web_framework/%5C%5C%3E%20%2Ftmp%2F1.sh+%23&password=x In case of GET I've filtered away all % befor...
von Mijzelf
Di 10. Mär 2020, 14:57
Forum: Neuigkeiten / News
Thema: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054
Antworten: 17
Zugriffe: 1567

Re: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054

Nope. It's compiled for Armv7:

Code: Alles auswählen

root@NSA325:/lib# ln -s ld-linux.so.3 ld-linux-armhf.so.3
admin@NSA325:/tmp$ ./weblogin.cgi 
./weblogin.cgi: /usr/lib/libpam.so.0: no version information available (required by ./weblogin.cgi)
Illegal instruction
von Mijzelf
Di 10. Mär 2020, 12:32
Forum: Neuigkeiten / News
Thema: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054
Antworten: 17
Zugriffe: 1567

Re: 0day Exploit in Zyxel Network Storage Devices CVE-2020-9054

... and yet another update. The command wget http://nas520.lan/adv,/cgi-bin/weblogin.cgi --post-data="username=a'>\$(touch /tmp/x)+#&password=x" also triggered the bug. So I also filtered away the $. BTW, on homeforum.zyxel.com you can find two people who have got ransomware on their nas, probably (...