Finally found the trick to gain root access to the Stora without using the reset + tftp + nfs or a serial port:
First you need to get your Stora’s product key, it’s located behind the Stora, close to the ethernet port, it’s in the form “XXXX-XXXX-XXXX-XXXX”.
Then you just need to SSH to your Stora with a particular user which is just one of the users created through the web interface (the user needs to have the administrator flag selected) concatenated by the string “_hipserv2_netgear_XXXX-XXXX-XXXX-XXXX” (where XXXX-XXXX-XXXX-XXXX is your product key, ALL CAPITAL LETTERS!), this time you’ll get a password prompt instead of the “connection to x:22 exited: remote closed the connection”, just enter the user password, which is the one you use to access your Stora through the web interface and you’ll get user access. Now to get root access you just need to write “sudo -s” and enter again the user password, every ADMINISTRATOR user is allowed to use the sudo command. You’ll probably get a: “audit_log_user_command(): Connection refused” but it doesn’t matter, you’ll get the root prompt!
Example: if you created a user named “stora”, flagging the “user is administrator” during the Stora setup or through the web interface and your Stora’s product key is “1234-5678-9999-9999″ you just need to ssh to your Stora and use “stora_hipserv2_netgear_1234-5678-9999-9999″ as user, either using Putty or your favorite SSH client and enter that user’s password, then “sudo -E -s” and you’ll get root access, that’s it!
There’s another way to login concatenating the username with the string “_axsync_” but it allows you to issue only “mkdir” and “rsync” commands.
Basically Netgear, or more probably Axentra, ships his software with a modified version of SSHD that disallows regular user access, except for “root” and “apache” users, what it does is basically changing the logging username by substituting the first character with a “0″ so it doesn’t match with the list of allowed users inside the /etc/passwd.
The SSH Deamon leaves a “backdoor” open, which basically is: if your username is appended with the above string, this substitution doesn’t take place, and you can login normally.
p.s. the “hipserv2_netgear” part may be different for some users, although I suppose is the same for everybody, if you already hacked your Stora using other ways I’d ask you to check the “/etc/oe-release” and post here the DistName line and we’ll try to figure it out.
What to do after getting root access? Read our wiki or forum to improve your Stora!
Enjoy your hacked Stora, now even more!