NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

sirozha's avatar
sirozha
Aspirant
Dec 06, 2012

ReadyNAS Pro Business Hacked/Compromised

I have a real problem. About a month ago, my ISP (Time Warner) quarantined my public IP. When I called them, I was told that there was a complaint from Europe that my public IP was trying to brute for...
Other Discussions
Questions
sirozha's avatar
sirozha
Aspirant
Dec 07, 2012
chirpa wrote:
The cisco user, did you ever via SSH change the default shell for them? Normal users don't get bash access by default, so FTP guy would be limited to FTP. May have been a ProFTPd exploit somehow that got them escalated privileges. If a shell was set for that user, likely a bruteforce or something let them in. FTP is not secure, sends password in plain text, not hard to sniff it.


Yes, I did change the default shell for the “cisco” user because some of the Cisco gear I have must use sftp to back up its configs. The password was very very rudimentary for this user, so it would not be very hard to guess it. However, I cannot get root privileges when I ssh into the ReadyNAS with this username. When I try “sudo -i” or “sudo su -i”, I get the following error message: 

cisco is not in the sudoers file.  This incident will be reported.

So, how would they have exploited this username?

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More