Firmware Analysis
Jump to navigation
Jump to search
Find some firmware that might be interesting:
There is also some here:
- https://book.hacktricks.xyz/hardware-physical-access/firmware-analysis
- https://www.tp-link.com/en/download/TL-WR740N_V7.html#Firmware
- https://support.wyze.com/hc/en-us/articles/360041605111-Webcam-Firmware-Instructions
- https://dl.gl-inet.com/?model=mt300n-v2
- https://openwrt.org/toh/views/toh_admin_fw-pkg-download
You will want to download these into a virtual machine. In this example, I am looking at this site:
https://book.hacktricks.xyz/hardware-physical-access/firmware-analysis
And I am using the example of:
https://github.com/OWASP/IoTGoat/releases
I got the file from here:
wget https://github.com/OWASP/IoTGoat/releases/download/v1.0/IoTGoat-raspberry-pi2.img
Then you can do a:
binwalk -eM IoTGoat-raspberry-pi2.img
Then cd your way through the contents of
cd _IoTGoat-raspberry-pi2.img.extracted cd squash_root
From here, you should be able to
cat etc/passwd cat etc/shadow
Note that I did not use a slash before the 'etc', your muscle memory may drive you to do that, but don't.
We can then unshadow the password file with:
unshadow etc/passwd etc/shadow > unshadowed
You should then be able to:
cat unshadowed
You should see that there are two potential passwords. You can go after them with:
john --wordlist=/home/username/linktoyourpwlist unshadowed
You can get a wordlist like this:
wget https://github.com/berzerk0/Probable-Wordlists/raw/master/Real-Passwords/Top304Thousand-probable-v2.txt