Hacking “My Cloud”

N.B. Doing any of the things in this document will void your warranty and may turn your cloud into a brick. That said the WD My Cloud box is quite a handy little device and as it’s running Debian Wheezy you can do quite a lot of fun stuff with it. How much you want and can do will obviously depend on what you’re using it for, but keep an eye on load and it’s really quite capable. Back everything up! Frequently! Seriously, I mean it make back ups of all the system files before you start doing anything and make backups after each change. The My Cloud device doesn’t have convenient console access so it’s not too hard to lock yourself out. Though the reset/restore function is actually very forgiving and mainly just loses changes to the /etc/password file. I also suggest putting as many of the files (especially… Continue reading

Shell access via PDNS LUA

I’ve been spending a bit of time playing with the LUA functionality of Power DNS, it was inevitable that I got round to implementing a generic shell over DNS. It’s not very polished it doesn’t like interactive commands or commands with odd characters and it is more insecure than a very insecure thing that isn’t very safe. It is however a surprisingly short amount of code for what it does. There are a very few circumstances I can think of where a very restricted version of this might be useful, but really there’s always going to be a better and more sensible option. However it’s an interesting proof of concept and more importantly it was fun. If you don’t understand this code do not use it , if you do understand this code you know why you don’t want to use it. The code as shown below won’t actually work… Continue reading