Firmware Analysis

From csn
Jump to navigation Jump to search

Find some firmware that might be interesting:

There is also some here:

You will want to download these into a virtual machine. In this example, I am looking at this site:

https://book.hacktricks.xyz/hardware-physical-access/firmware-analysis

And I am using the example of:

https://github.com/OWASP/IoTGoat/releases

I got the file from here:

wget https://github.com/OWASP/IoTGoat/releases/download/v1.0/IoTGoat-raspberry-pi2.img

Then you can do a:

binwalk -eM IoTGoat-raspberry-pi2.img

Then cd your way through the contents of

cd _IoTGoat-raspberry-pi2.img.extracted
cd squash_root

From here, you should be able to

cat etc/passwd
cat etc/shadow

Note that I did not use a slash before the 'etc', your muscle memory may drive you to do that, but don't.

We can then unshadow the password file with:

unshadow etc/passwd etc/shadow > unshadowed

You should then be able to:

cat unshadowed

You should see that there are two potential passwords. You can go after them with:

john --wordlist=/home/username/linktoyourpwlist unshadowed

You can get a wordlist like this:

wget https://github.com/berzerk0/Probable-Wordlists/raw/master/Real-Passwords/Top304Thousand-probable-v2.txt