If you receive the following error message from your QNAP NAS:
The file system is not clean. It is suggested that you run „check disk“
and a disk check is failed with that message:
[Mirror Disk Volume: Drive 2 3 4 1] Examination failed (Cannot unmount disk).
ssh your qnap and do the following:
/etc/init.d/services.sh stop && /etc/init.d/opentftp.sh stop && /etc/init.d/Qthttpd.sh stop
e2fsck -f -v -C 0 /dev/md0
If you receive the following error while trying to unmount the device:
umount: /share/MD0_DATA: device is busy
try to figure out which process is still using the device:
# lsof +f -- /dev/md0
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sh 10721 admin cwd DIR 9,0 4096 16252936 /share/MD0_DATA/
lsof 29119 admin cwd DIR 9,0 4096 16252936 /share/MD0_DATA/
lsof 29120 admin cwd DIR 9,0 4096 16252936 /share/MD0_DATA/
Which indicates that your current shell is trying to use the device, simply use: cd / and umount again.
That should help
REMNux, an awesome Unix distribution built by Lenny Zeltser for reverse engineering malware. It is build for out of the box reversing.
The documentation is almost complete, but one point I was missing while using it is quite important: correct time settings!
In order to check certain logs, contain evidence etc you want to have an accurate time setting on the system.
First: set the right timezone:
sudo dpkg-reconfigure tzdata
The first shot then would be NTP by:
sudo ntpdate ntp.ubuntu.com #or your prefered NTP server (maybe in your lab envirenment)
Because of the content running in the system, you might want to limit network access so NTP might not be available.
To set the date manually use:
sudo date $newdatetimestring
To print this string on another unix system use the following command:
Copy this string and modify it according to the difference between copy paste process.
Check your correct date settings with:
Now happy reversing
Reference: Install REMNUX as virtual instance