Firmware Analysis

From csn
Revision as of 05:55, 6 December 2022 by David (talk | contribs) (Created page with "Find some firmware that might be interesting: There is also some here: *https://book.hacktricks.xyz/hardware-physical-access/firmware-analysis *https://www.tp-link.com/en/do...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Find some firmware that might be interesting:

There is also some here:

You will want to download these into a virtual machine. In this example, I am looking at this site:

https://book.hacktricks.xyz/hardware-physical-access/firmware-analysis

And I am using the example of:

https://github.com/OWASP/IoTGoat/releases

I got the file from here:

wget https://github.com/OWASP/IoTGoat/releases/download/v1.0/IoTGoat-raspberry-pi2.img

Then you can do a:

binwalk -eM IoTGoat-raspberry-pi2.img

Then cd your way through the contents of

cd _IoTGoat-raspberry-pi2.img.extracted
cd squash_root

From here, you should be able to

cat etc/passwd
cat etc/shadow

Note that I did not use a slash before the 'etc', your muscle memory may drive you to do that, but don't.

We can then unshadow the password file with:

unshadow etc/passwd etc/shadow > unshadowed

You should then be able to:

cat unshadowed

You should see that there are two potential passwords. You can go after them with:

john --wordlist=/home/username/linktoyourpwlist unshadowed

You can get a wordlist like this:

wget https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/Top304Thousand-probable-v2.txt