Sign up here and you can log into the forum!

Password Reset Tool - Lose access to webend

General homebrew discussion area

Password Reset Tool - Lose access to webend   

Postby red_sound » Wed Mar 18, 2015 7:54 pm

Hey recliq,

I wanted to let you know about curious behavior when I use the pw-reset tool, maybe it's normal - you tell me.

Here is the scenario:

1. I have 105021 (latest) loaded on Plus flash, I have no password set on telnet, and default on webend.
2. When testing 106 beta (boot to root.bin) with mad_ady, it seems to break the link with telnet password (this is already being worked on by mad_ady), but here's where things get interesting.
3. I boot back to 105021, I can log in to webend still, but not telnet (as mentioned) - so I start the webend addons manager and install the pw-reset tool to USB.
4. After I hit apply, I loose access to webend, but I'm able to get into telnet with no password.
5. Webend keeps asking for a password, but the default doesn't work.
6. If I restart the Plus (boot in to 105021 with pw-reset enabled on USB still), then I'm able to get back into telnet and webend.
7. After the restart, I'm able to disable the tool and webend/telnet stay as is (defaults).

Is that the intended behavior (getting kicked out of webend)?

Cheers,

Red
red_sound
DLX'er
 
Posts: 69
Joined: Wed Mar 11, 2015 6:15 pm
Location: Alberta, Canada

Re: Password Reset Tool - Lose access to webend   

Postby recliq » Fri Mar 20, 2015 1:43 am

HM, odd.
I haven't played around with 1.06 version atall yet and on all previous versions the reset tool always worked.
I will have a look but I guess it has something to do with 1.06...

The pw-reset app simply removes and re-creates /conf/htpasswd, you have a look at the file before and after (which tends to be difficult if you can't get into telnet at one of those points and don't have serial access....).
But it should work for you since the important part is when you lose webend access but gained telnet access:
- reset with app (you lose webend access)
- login with telnet and inspect /conf/htpasswd, it should look something like this (the hash may be different)
Code: Select all
wdlxtv:WDLXTV-Webend:7d5eba50730cbddeaf313024058bed90

- try to set the webend passwd on telnet:
Code: Select all
htdigest /conf/htpasswd WDLXTV-Webend wdlxtv

- try again to log in to webend, maybe you need to restart apache:
Code: Select all
/etc/init.d/S66apache2 restart
­WDLXTV Project Maintainer
-:] If you like my contributions feel free to donate for a beer or a new flash drive. ...and always remember: RTFM! (README, FAQ, WIKI) [:-
User avatar
recliq
WDLXTV Team
 
Posts: 5513
Joined: Thu Apr 15, 2010 8:09 am
Location: Kiel, Germany

Re: Password Reset Tool - Lose access to webend   

Postby red_sound » Fri Mar 20, 2015 3:09 am

Ok, I had a perfect scenario to test this just now as I had rebooted back to 1.05 after testing 1.06 beta and I had been locked out of telnet...

I had already enabled the tool - is this the right version? It's what I see in Addons Manager...

Password Reset?
Version 0.0.1
2012-04-01 recliq Main This application will reset your telnet and weblogin passwords back to default in case you locked yourself out.

Anyway - I thought because it was less-invasive, I would try the service restart first, it didn't work.

Then, from CLI, I tried the webend reset, set my old PW back up and BAM! Back in to webend without having to restart the WD Plus.

Hope this info helps and thanks for the info. Let me know if you need something else tested.

Cheers,

Red
red_sound
DLX'er
 
Posts: 69
Joined: Wed Mar 11, 2015 6:15 pm
Location: Alberta, Canada

Re: Password Reset Tool - Lose access to webend   

Postby red_sound » Fri Mar 20, 2015 4:20 am

Testing as per PM chat...

Here is what happens to htpasswd after enabling pw-reset on a plus:

Code: Select all
# more htpasswd
#

No wonder I can't get in!

# htdigest /conf/htpasswd WDLXTV-Webend wdlxtv
Adding user wdlxtv in realm WDLXTV-Webend
New password:
Re-type new password:
# more htpasswd
wdlxtv:WDLXTV-Webend:7d5eba50730cbddeaf313024058bed90
#
red_sound
DLX'er
 
Posts: 69
Joined: Wed Mar 11, 2015 6:15 pm
Location: Alberta, Canada

Re: Password Reset Tool - Lose access to webend   

Postby red_sound » Fri Mar 20, 2015 4:56 am

More testing - per suggestion from mad_ady, run from CLI on 1.06 beta:

Code: Select all
# strace gbus_read_serial_num 2>&1 > /strace-sn.txt
execve("/usr/local/sbin/gbus_read_serial_num", ["gbus_read_serial_num"], [/* 30 vars */]) = 0
brk(0)                                  = 0x438000
uname({sys="Linux", node="WDLXTV", ...}) = 0
old_mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aac8000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = -1 ENOENT (No such file or directory)
open("/lib/tls/libllad.so", O_RDONLY)   = -1 ENOENT (No such file or directory)
stat64(0x7fe830f0, 0x7fe83118)          = -1 ENOENT (No such file or directory)
open("/lib/libllad.so", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\10\0\1\0\0\0\20\17\0\0004\0\0\0"..., 512) = 512
fstat64(0x3, 0x7fe83108)                = 0
old_mmap(NULL, 74928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2aad8000
mprotect(0x2aadc000, 49152, PROT_NONE)  = 0
old_mmap(0x2aae8000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x2aae8000
close(3)                                = 0
open("/lib/libgbus.so", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\10\0\1\0\0\0@\32\0\0004\0\0\0"..., 512) = 512
fstat64(0x3, 0x7fe830f0)                = 0
old_mmap(NULL, 92000, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2aaec000
mprotect(0x2aaf4000, 49152, PROT_NONE)  = 0
old_mmap(0x2ab00000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x2ab00000
close(3)                                = 0
open("/lib/librmmm_g.so", O_RDONLY)     = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\10\0\1\0\0\0\240\7\0\0004\0\0\0"..., 512) = 512
fstat64(0x3, 0x7fe830d8)                = 0
old_mmap(NULL, 73504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ab04000
mprotect(0x2ab08000, 49152, PROT_NONE)  = 0
old_mmap(0x2ab14000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x2ab14000
close(3)                                = 0
open("/lib/libstdc++.so.6", O_RDONLY)   = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\10\0\1\0\0\0\360\21\4\0004\0\0\0"..., 512) = 512
fstat64(0x3, 0x7fe830c0)                = 0
old_mmap(NULL, 1091852, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ab18000
mprotect(0x2abf4000, 49152, PROT_NONE)  = 0
old_mmap(0x2ac00000, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd8000) = 0x2ac00000
old_mmap(0x2ac20000, 10508, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ac20000
close(3)                                = 0
open("/lib/libm.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\10\0\1\0\0\0\0201\0\0004\0\0\0"..., 512) = 512
lseek(3, 612, SEEK_SET)                 = 612
read(3, "\4\0\0\0\20\0\0\0\1\0\0\0GNU\0\0\0\0\0\2\0\0\0\6\0\0\0\f\0\0\0", 32) = 32
fstat64(0x3, 0x7fe830a8)                = 0
old_mmap(NULL, 562048, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ac24000
mprotect(0x2aca0000, 49152, PROT_NONE)  = 0
old_mmap(0x2acac000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x78000) = 0x2acac000
close(3)                                = 0
open("/lib/libgcc_s.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\10\0\1\0\0\0\300\263\0\0004\0\0\0"..., 512) = 512
fstat64(0x3, 0x7fe83090)                = 0
old_mmap(NULL, 228048, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2acb0000
mprotect(0x2acd8000, 49152, PROT_NONE)  = 0
old_mmap(0x2ace4000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24000) = 0x2ace4000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\10\0\1\0\0\0\364j\1\0004\0\0\0"..., 512) = 512
lseek(3, 692, SEEK_SET)                 = 692
read(3, "\4\0\0\0\20\0\0\0\1\0\0\0GNU\0\0\0\0\0\2\0\0\0\6\0\0\0\f\0\0\0", 32) = 32
fstat64(0x3, 0x7fe83078)                = 0
old_mmap(NULL, 1449120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ace8000
mprotect(0x2ae30000, 49152, PROT_NONE)  = 0
old_mmap(0x2ae3c000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x144000) = 0x2ae3c000
old_mmap(0x2ae48000, 7328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ae48000
close(3)                                = 0
set_thread_area(0x2aad17d0)             = 0
mprotect(0x2ae3c000, 32768, PROT_READ)  = 0
mprotect(0x2ac00000, 98304, PROT_READ)  = 0
brk(0)                                  = 0x438000
brk(0x45c000)                           = 0x45c000
open("/dev/mum0", O_RDWR|O_LARGEFILE)   = 3
ioctl(3, 0x49, 0x7fe83490)              = 0
ioctl(3, 0x35, 0x7fe83490)              = 0
close(3)                                = 0
rt_sigaction(SIGINT, {SIG_DFL, [RT_70 RT_71 RT_72 RT_73 RT_75 RT_76 RT_87], SA_NOCLDSTOP}, {SIG_DFL, [], 0}, 16) = 0
rt_sigaction(SIGQUIT, {SIG_DFL, [RT_70 RT_71 RT_72 RT_73 RT_75 RT_76 RT_87], SA_NOCLDSTOP}, {SIG_DFL, [], SA_NOCLDSTOP}, 16) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 16) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2aaca3a8) = 1691
waitpid(1691, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 1691
rt_sigaction(SIGINT, {SIG_DFL, [], 0}, NULL, 16) = 0
rt_sigaction(SIGQUIT, {SIG_DFL, [], SA_NOCLDSTOP}, NULL, 16) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 16) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
rt_sigaction(SIGINT, {SIG_DFL, [RT_67 RT_69 RT_71 RT_72 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], SA_NOCLDSTOP}, {SIG_DFL, [RT_68 RT_69 RT_70 RT_71 RT_74 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], 0}, 16) = 0
rt_sigaction(SIGQUIT, {SIG_DFL, [RT_67 RT_69 RT_71 RT_72 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], SA_NOCLDSTOP}, {SIG_DFL, [RT_68 RT_69 RT_70 RT_71 RT_74 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], SA_NOCLDSTOP}, 16) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 16) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2aaca3a8) = 1692
waitpid(1692, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 1692
rt_sigaction(SIGINT, {SIG_DFL, [RT_68 RT_69 RT_70 RT_71 RT_74 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], 0}, NULL, 16) = 0
rt_sigaction(SIGQUIT, {SIG_DFL, [RT_68 RT_69 RT_70 RT_71 RT_74 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], SA_NOCLDSTOP}, NULL, 16) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 16) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
open("/tmp/md5", O_RDONLY|O_LARGEFILE)  = 3
fstat64(0x3, 0x7fe83360)                = 0
old_mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ae4c000
read(3, "5c436a71d934af468cd1d03fec51642e"..., 16384) = 36
read(3, "", 16384)                      = 0
close(3)                                = 0
munmap(0x2ae4c000, 65536)               = 0
rt_sigaction(SIGINT, {SIG_DFL, [RT_67 RT_69 RT_71 RT_72 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], SA_NOCLDSTOP}, {SIG_DFL, [RT_68 RT_69 RT_70 RT_71 RT_74 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], 0}, 16) = 0
rt_sigaction(SIGQUIT, {SIG_DFL, [RT_67 RT_69 RT_71 RT_72 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], SA_NOCLDSTOP}, {SIG_DFL, [RT_68 RT_69 RT_70 RT_71 RT_74 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], SA_NOCLDSTOP}, 16) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 16) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2aaca3a8) = 1695
waitpid(1695, *** glibc detected *** chpasswd: munmap_chunk(): invalid pointer: 0x004ef0bc ***
Aborted
[{WIFEXITED(s) && WEXITSTATUS(s) == 134}], 0) = 1695
rt_sigaction(SIGINT, {SIG_DFL, [RT_68 RT_69 RT_70 RT_71 RT_74 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], 0}, NULL, 16) = 0
rt_sigaction(SIGQUIT, {SIG_DFL, [RT_68 RT_69 RT_70 RT_71 RT_74 RT_75 RT_77 RT_78 RT_84 RT_86 RT_87 RT_88 RT_89 RT_90 RT_91 RT_92 RT_93 RT_94], SA_NOCLDSTOP}, NULL, 16) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 16) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
unlink("/tmp/md5")                      = 0
exit_group(0)                           = ?
# more strace-sn.txt
Password for 'root' changed
#


Edit1:
recliq - After you left the chat, the following comment was made:
<b-rad> could echo be missing the options and bash shell using its builtins?
Last edited by red_sound on Fri Mar 20, 2015 6:39 am, edited 1 time in total.
red_sound
DLX'er
 
Posts: 69
Joined: Wed Mar 11, 2015 6:15 pm
Location: Alberta, Canada

Re: Password Reset Tool - Lose access to webend   

Postby mad_ady » Fri Mar 20, 2015 6:32 am

It would appear that your password gets reset to: 5c436a71d934af468cd1d03fec51642e. You can boot the 1.06 image, and run "login" and try to login with that, just to confirm if this is true...
User avatar
mad_ady
Developer
 
Posts: 4522
Joined: Fri Nov 05, 2010 9:08 am
Location: Bucharest, Romania

Re: Password Reset Tool - Lose access to webend   

Postby red_sound » Fri Mar 20, 2015 6:55 am

I saw that chunk in there too but didn't expect it was going to be that easy... well guess what:

Code: Select all
# login
WDLXTV login: root
Password:
#


Nice work Team!
red_sound
DLX'er
 
Posts: 69
Joined: Wed Mar 11, 2015 6:15 pm
Location: Alberta, Canada

Re: Password Reset Tool - Lose access to webend   

Postby mad_ady » Fri Mar 20, 2015 9:37 am

Now the whole internet knows your super secret root password. You're doomed! :lol:
User avatar
mad_ady
Developer
 
Posts: 4522
Joined: Fri Nov 05, 2010 9:08 am
Location: Bucharest, Romania

Re: Password Reset Tool - Lose access to webend   

Postby red_sound » Sat Mar 21, 2015 8:29 am

I heard about this new thing called a firewall, I hear it helps with security, I should prolly get one of those... ;)
red_sound
DLX'er
 
Posts: 69
Joined: Wed Mar 11, 2015 6:15 pm
Location: Alberta, Canada

Re: Password Reset Tool - Lose access to webend   

Postby kroetkroet » Mon Mar 23, 2015 11:21 am

Naah, mad_ady doesn't require firewalls, he has 9 lives, just like cats :lol:

Image
WDLXTV-fan! - In case you need further assistance: read our WIKI, search our Forum and most of all: donate 'something' to b-rad for his great efforts!!!
User avatar
kroetkroet
Beta Tester
 
Posts: 1004
Joined: Mon Apr 05, 2010 11:53 pm


Return to WDTV G2 & WDTV Live homebrew discussion

Who is online

Users browsing this forum: No registered users and 1 guest