Tag Archives: Busybox

Netgear ReadyNAS access recovery after SSH and WebGUI lockout

The following post is about a ReadyNAS Pro 4. I have no idea if it’ll work on other ReadyNAS devices.

I stupidly managed to lock myself out of SSH access (I blame /bin/false automagically appearing by my username in /etc/passwd instead of the usual /bin/bash).
Not thinking straight due to stress. I decided that I probably forgot my password, and proceeded to reset it by editing /etc/shadow from a ReadyNAS configuration backup and uploading it back to the device..

That was probably the dumbest move I’ve ever made. For several reasons:

1. Since I borked SSH access, Frontview (Web GUI) was my only option for control of the system at this time.

2. User access for Frontview is also read from /etc/shadow. Same as SSH.

3. Did I use an editor in Windows that was capable of editing files without inserting Windows specific weirdness? (i.e. whitespaces and linebreaks)? No I did not.

I didn’t figure this out until way later, but I wont describe just how dumb my thought process was during my evening. Just post a solution to the problem.

The problem being the following:
I was totally locked out of my system. No admin GUI, no console, nothing. My obvious options were paying Netgear to fix it, or losing all my data.
Neither is ok.

Here’s my solution. You probably shouldn’t do this unless you’re desperate. I won’t take responsibility for your bricked NAS or lost data if you decide to follow the steps i took. You can cause a lot of damage if you have clumsy fingers.

1. Power down the ReadyNAS.

2. Access the Boot Menu by pushing the reset button while powering up the device. Release reset when “Boot Menu” is shown in the display.

3. Select Tech Menu by pressing the backup button. Confirm by pushing the reset button again.

4. Log in with the following super secret Netgear Tech staff only account (Google is great some times): root / infr8ntdebug

5. Connect to the IP displayed on the ReadyNAS with Telnet (Port 23). At the # prompt (this is Busybox btw), you wont initially have access to the regular boot partition of the device. To mount that, enter the following commands:

echo DEVICE partitions > /etc/mdadm.conf
mdadm --examine --scan >> /etc/mdadm.conf
mdadm --assemble --scan
mount /dev/md0 /mnt

6. Navigate to /mnt/etc/

7. In my case, since I had broken shadow by inserting Windows whitespaces into them (^M in Vi), I had to get rid of those. Since %s/^V^M//g didn’t work for some reason, I did the following instead:

cat /etc/shadow | tr -d '\r' > shadow.temp
mv shadow.temp shadow

8. Reboot the device. I now had SSH access again. The Frontview account was still broken for some reason so that was fixed by issuing passwd admin and just resetting it.

My case may have been specific, but if you find yourself needing to access and modify the root partition of the ReadyNAS Pro without having SSH access, the Netgear tech support mode is a viable option. Just mind what you do when you’re there. You’re not supposed to be there and you’ll probably void your warranty just by considering it..

Advertisements