We covered the hardware hacking challenge from HackTheBox The Needle where we analyzed a Linux firmware using Binwalk tool. Then we used grep and find commands to extract patterns of usernames and passwords and used them to login to the instance and retrieve the flag.
Challenge Description
As a part of our SDLC process, we’ve got our firmware ready for security testing. Can you help us by performing a security assessment?
Video Transcript
We have two things to do. Start the instance and download the files looks like we have to do some work with device and then connect to the instance. Anyway, so now the description as part.
We’ve got our firmware ready for security testing. Can you help us by performing a security assessment? That’s good. So yeah right now are in the shoes of developer. And you’re gonna need to analyze the code. So when we first download the file, we get the needle dot zip file we extract. Probably so let’s go ahead and download the files. So go to my machine. The underlying files and we get firmware dot binary file. So let’s go ahead and use file command. Alright If you remember closely, we did Photon lockdown Photon lockdown had a Linux image, but it was a squashed.
So Linux kernel executable that image This is something similar to a challenge. We have tackled down before it was let’s go back here.
Root FS squashed file. So we have dealt with that using unsquashed tool to extract the contents or the directories. One of the prominent tools is binwalk and we select the file using-e option. But right now the story is different because here it is Linux kernel AR M. It’s a binary part so much player will need some other tool to analyze this firmware file. We have a directory that has been created.
So it has finished analyzing the file and probably. And here is the directory that has been created. Let’s go ahead.
And open the directory. So it’s not a matter of just submitting the flag from the extracted files. Maybe we have to have somehow extract some username and password and we log into the instance. Let’s let’s start to log into the instance using netcat and see what we get. We have to think a little bit about this challenge as you can see we have an instance running here.
We we need to find a pattern of username and password. Of course, we’re not gonna go ahead and analyze every single file because it’s time-consuming and it is not something flexible. So we have to extract a pattern of username and password. We use the command grep -rn “.” -e login and grep -rn “.” -e Admin
So if this was a Windows system, we would use the find command because but because we are on Linux we can use a grip.
So indeed guys, we have a username, Device_admin, but still we need somehow to find the password.
Let’s try with the command find in the current working directory find . -name sign
Indeed there is a password. So let’s try to log in now to the instance.
This will reveal the password of the username we discovered earlier and we can then login using netcat to retrieve the flag.
Video Walkthrough