Yesterday I made a backup of the configuration (Administration, Backup) and opened the file (config.bin) with a hex editor to see what it contained. It seems to contain the configuration files from the config/hdd directory on the NLSU: config/hdd/CGI_ds.conf config/hdd/passwd config/hdd/group config/hdd/smbpasswd config/hdd/.htpasswd config/hdd/smb.conf config/hdd/share.info config/hdd/usrgrp.info Config.bin is a binary file, but the contents of the configuration files stored in it can be read, the're in in plain ASCII. I found a few interesting items: in CGI_ds.conf the line "telnet_enable=no". Maybe it can be changed to yes to enable telnet service? The second one is the file config/hdd/passwd. It contains a user named "ourtelnetrescueuser", with a encrypted password. I ran a password cracker which came up with the password ''welcome". You can actually login with this user/passwd using the webinterface or FTP. But the good thing is you won't have access to any files (not even the public area), escpecially if you make the FTP server accessible from the internet. I didn't check, but you probably can change the password of this user through the webinterface (tab User password). I couldn't get the root password, but if you try to login using FTP and "root" as the username (with an arbitrary password), the server replies with "root login not allowed". So you're probably save there, even if someone should know the root password. The layout of the file config.bin seems to be something like this: - filename (starting at 512 byte (200h) boundary) - information about attributes, filesize and date/time - contents of file (starting at the next 512 byte boundary) There is some additional space after each file contained in config.bin, so it should be possible to change some settings and adjust the size in the information part preceding the file contents. As long as you don't change the total length of config.bin nor the start offsets of the files contained within it. Is there anyone with more info on this configuration file? Maybe someone has succesfully changed it and uploaded it back to the NSLU. Any info would be appreciated.