Does Time Capsule have telnet access?

Discussion in 'Mac Accessories' started by klas, Feb 29, 2008.

  1. klas macrumors newbie

    Joined:
    Feb 28, 2008
    #1
    just wondering... still trying to figure out if I can do NFS share...
     
  2. klas thread starter macrumors newbie

    Joined:
    Feb 28, 2008
    #2
    so has anyone been able to hack it, to allow ssh or telnet to internal storage?
     
  3. rworne macrumors 6502

    Joined:
    Jul 23, 2002
    #3
    I ran nmap against it a while back. I'll do it again. Here's a report:
    Code:
    root@mail:~# nmap -v -A 192.168.1.50
    
    Starting Nmap 4.20 ( [url]http://insecure.org[/url] ) at 2008-03-02 17:20 PST
    Initiating ARP Ping Scan at 17:20
    Scanning 192.168.1.50 [1 port]
    Completed ARP Ping Scan at 17:20, 0.01s elapsed (1 total hosts)
    Initiating Parallel DNS resolution of 1 host. at 17:20
    Completed Parallel DNS resolution of 1 host. at 17:20, 0.04s elapsed
    Initiating SYN Stealth Scan at 17:20
    Scanning 192.168.1.50 [1697 ports]
    Discovered open port 10000/tcp on 192.168.1.50
    Increasing send delay for 192.168.1.50 from 0 to 5 due to 44 out of 145
    dropped probes since last increase.
    Discovered open port 139/tcp on 192.168.1.50
    Discovered open port 445/tcp on 192.168.1.50
    Discovered open port 548/tcp on 192.168.1.50
    Completed SYN Stealth Scan at 17:20, 17.82s elapsed (1697 total ports)
    Initiating Service scan at 17:20
    Scanning 4 services on 192.168.1.50
    Service scan Timing: About 75.00% done; ETC: 17:22 (0:00:34 remaining)
    Completed Service scan at 17:22, 113.53s elapsed (4 services on 1 host)
    Initiating OS detection (try #1) against 192.168.1.50
    Host 192.168.1.50 appears to be up ... good.
    Interesting ports on 192.168.1.50:
    Not shown: 1693 closed ports
    PORT      STATE SERVICE           VERSION
    139/tcp   open  tcpwrapped
    445/tcp   open  netbios-ssn
    548/tcp   open  afpovertcp?
    10000/tcp open  snet-sensor-mgmt?
    1 service unrecognized despite returning data. If you know the
    service/version, please submit the following fingerprint at
    [url]http://www.insecure.org/cgi-bin/servicefp-submit.cgi[/url] :
    SF-Port548-TCP:V=4.20%I=7%D=3/2%Time=47CB5263%P=x86_64-unknown-linux-gnu%r
    SF:(SSLSessionReq,1B2,"\x01\x03\0\0\xff\xff\xecQ\0\0\x01\xa2\0\0\0\0\0\x20
    SF:\0\*\x009\0\xa2\x8f\xfb\x0cTime-Capsule\0\0P\0`\0\x93\0\x94\x07AirPort\
    SF:0\0\x02\x06AFP3\.2\x06AFP3\.1\x03\tDHCAST128\x04DHX2\x06Recon16F8071GEY
    SF:ZQ\0sig-\x04\x08\x02\xc0\xa8\x012\x02\$\x08\x02\xa9\xfe\xb4\xc6\x02\$\x
    SF:14\x07\xfe\x80\0\x06\0\0\0\0\x02\x1eR\xff\xfe\xf5\xbe\x01\x02\$\x0e\x04
    SF:192\.168\.1\.50\0\0\x0cTime\x20Capsule0\0\x8f\xf8\xcc\x01H\x0c\xb32\(\n
    SF:\x8c\xcc\|\x0f\x83\x02\xff\x01\x80\xc3\xc3\x81\x803\xe3\xc1\x80\x0b\xd3
    SF:\xc1\x80\x0b\xb1a\x80\x0b\xe0\xe1\x80\x0b\xe1\xe1\x80\x0b\xd1\xe1\xc0\n
    SF:\xc0\xe1p\x0bx\xc1\x1c\x0by\xc1\x17\x0b3\xff!\xcb\xff\xc4@\x7f\xff\x02\
    SF:x80\x1e\0\x01\xff\xff\xff\xff\x80\0\0\x01\xff\xff\xff\xff\0\x02\x80\0\0
    SF:\x02\x80\0\0\x07\xc0\0\0\x04@\0\0\x04@\0\0\x07\xc0\0\0\x05@\0\x0f\xf9\?
    SF:\xfc\0\x02\x80\0\x0f\xfc\x7f\xfc0\0\x8f\xf8\xfc\x01\xcf\xfc\xff3\xef\xf
    SF:e\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
    SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\
    SF:xff\xff\xff\xff\xff\x7f\xff\xff\xff\x1f\xff\xff\xff\x1f\xff\xff\xff\?\x
    SF:ff\xff\xfc\x7f\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\
    SF:xff\xff\xff\xff\xff\0\x03\x80\0\0\x03\x80\0\0\x07\xc0\0\0\x07\xc0\0\0\x
    SF:07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\xff\xff\xff\xff\?\xfe\xff\xff\xff\xfc\
    SF:x7f\xff")%r(WMSRequest,1B2,"\x01\x03\0N\xff\xff\xecQ\0\0\x01\xa2\0\0\0\
    SF:0\0\x20\0\*\x009\0\xa2\x8f\xfb\x0cTime-Capsule\0\0P\0`\0\x93\0\x94\x07A
    SF:irPort\0\0\x02\x06AFP3\.2\x06AFP3\.1\x03\tDHCAST128\x04DHX2\x06Recon16F
    SF:8071GEYZQ\0sig-\x04\x08\x02\xc0\xa8\x012\x02\$\x08\x02\xa9\xfe\xb4\xc6\
    SF:x02\$\x14\x07\xfe\x80\0\x06\0\0\0\0\x02\x1eR\xff\xfe\xf5\xbe\x01\x02\$\
    SF:x0e\x04192\.168\.1\.50\0\0\x0cTime\x20Capsule0\0\x8f\xf8\xcc\x01H\x0c\x
    SF:b32\(\n\x8c\xcc\|\x0f\x83\x02\xff\x01\x80\xc3\xc3\x81\x803\xe3\xc1\x80\
    SF:x0b\xd3\xc1\x80\x0b\xb1a\x80\x0b\xe0\xe1\x80\x0b\xe1\xe1\x80\x0b\xd1\xe
    SF:1\xc0\n\xc0\xe1p\x0bx\xc1\x1c\x0by\xc1\x17\x0b3\xff!\xcb\xff\xc4@\x7f\x
    SF:ff\x02\x80\x1e\0\x01\xff\xff\xff\xff\x80\0\0\x01\xff\xff\xff\xff\0\x02\
    SF:x80\0\0\x02\x80\0\0\x07\xc0\0\0\x04@\0\0\x04@\0\0\x07\xc0\0\0\x05@\0\x0
    SF:f\xf9\?\xfc\0\x02\x80\0\x0f\xfc\x7f\xfc0\0\x8f\xf8\xfc\x01\xcf\xfc\xff3
    SF:\xef\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
    SF:f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
    SF:ff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\x1f\xff\xff\xff\x1f\xff\xff\
    SF:xff\?\xff\xff\xfc\x7f\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
    SF:ff\xff\xff\xff\xff\xff\xff\0\x03\x80\0\0\x03\x80\0\0\x07\xc0\0\0\x07\xc
    SF:0\0\0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\xff\xff\xff\xff\?\xfe\xff\xff\x
    SF:ff\xfc\x7f\xff");
    MAC Address: 00:1E:52:F5:XX:XX (Unknown)
    Device type: general purpose
    Running: NetBSD
    OS details: NetBSD 4.99.4 (x86)
    Network Distance: 1 hop
    TCP Sequence Prediction: Difficulty=211 (Good luck!)
    IPID Sequence Generation: Incremental
    
    OS and Service detection performed. Please report any incorrect results at [url]http://insecure.org/nmap/submit/[/url] .
    Nmap finished: 1 IP address (1 host up) scanned in 132.799 seconds
                   Raw packets sent: 1786 (79.296KB) | Rcvd: 1714 (79.208KB)
    
     
  4. Diode macrumors 68020

    Diode

    Joined:
    Apr 15, 2004
    Location:
    Washington DC
    #4
    Interesting that it is running NetBSD!

    Not to mention the X86 version .... I detect hacking in the future ... weeee
     
  5. Mindflux macrumors 68000

    Mindflux

    Joined:
    Oct 20, 2007
    Location:
    Austin
    #5

    Interesting. How long have you had a Time Capsule to have ran nmap on it "a while back".
    :confused:
     
  6. rworne macrumors 6502

    Joined:
    Jul 23, 2002
    #6
    I ran it on the day after it was released, but I did not save the results. Since someone posted an interesting question, I ran it again to share with the group.

    Yes, I know what "a while back" implies... unfortunately, that was last Friday.
     
  7. kneeslasher macrumors member

    Joined:
    Jun 6, 2004
    #7
    I wish there was more enthusiasm for hacking the Time Capsule.
     

Share This Page