Markus Weingärtner @markusblogde

Antwortete im Thread

**Tim (Wadhwa-)Brown** @timb_machine@infosec.exchange · 4. Juni

Tim (Wadhwa-)Brown @timb_machine@infosec.exchange

Technically, it's not a vuln because if you enable SSH via the supported route then you only get a root shell and there's no way to create low priv'd SSH users, but since there's no ability to persistently fix that issue, I ended up abusing IPC to write to the persistent storage a scheduled job which will give me a low priv'd SSH user .

https://gist.github.com/timb-machine/a3b2d27adcbbed34455e78f845198392

It just so happens that /if/ you did have a low priv'd SSH user, then the IPC would enable you to get root.

#westerndigital, #mycloud, #y0day, #redteam, #linux

GistAdding persistence to WD MyCloud NAS device cron...Adding persistence to WD MyCloud NAS device cron... - Adding persistence to WD MyCloud NAS device cron...

**clever boi** @cleverboi@mastodon.social · 15. März

15. März

clever boi @cleverboi@mastodon.social

I'm already pretty over NextCloud and, how slow it is, and how unpolished EVERYTHING is for how long it's been around. I guess I will build my cloud piecemeal.

It's been an interesting experience trying to migrate though, I have a better grasp all of "my cloud":

- File (sync and web access)
- Tasks/Notes/Memos
- Bookmarks
- Favorites
- Passwords
- Very Important Files
- Mail
- Maps

I'm sure I'm missing something.
#NextCloud #MyCloud

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#mycloud