Silicon Data Sleuthing

🌐 Website: HackTheBox
🔥 Level: Very Easy
📚 Category: Forensics
🔗 Link: Silicon Data Sleuthing

📜 Description¶

In the dust and sand surrounding the vault, you unearth a rusty PCB... You try to read the etched print, it says Open..W...RT, a router! You hand it over to the hardware gurus and to their surprise the ROM Chip is intact! They manage to read the data off the tarnished silicon and they give you back a firmware image. It's now your job to examine the firmware and maybe recover some useful information that will be important for unlocking and bypassing some of the vault's countermeasures!

📋 Walkthrough¶

Abbiamo un chal_router_dump.bin e un server remoto. Connettiamoci

nc 94.237.53.82 34700

+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|         Title          |                                                                                       Description                                                                                        |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Silicon Data Sleuthing |                         In the dust and sand surrounding the vault, you unearth a rusty PCB... You try to read the etched print, it says Open..W...RT, a router!                         |
|                        |                                                         You hand it over to the hardware gurus and to their surprise the ROM Chip is intact!                                             |
|                        |                                                    They manage to read the data off the tarnished silicon and they give you back a firmware image.                                       |
|                        |              It's now your job to examine the firmware and maybe recover some useful information that will be important for unlocking and bypassing some of the vault's countermeasures! |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

What version of OpenWRT runs on the router (ex: 21.02.0)

Come prima cosa eseguo un estrazione del binario

binwalk -e chal_router_dump.bin

Trovo diversi file, troppi file. Uso grep -Rnih per trovare ricorsivamente OpenWRT e trovare la versione

./squashfs-root-0/usr/lib/os-release:18:OPENWRT_RELEASE="OpenWrt 23.05.0 r23497-6637af95aa"
> 23.05.0                                                                                                               
[+] Correct!

What is the Linux kernel version (ex: 5.4.143)

Ora chiede il kernel.. cerchioamolo. In lib/modules dovrebbero esserci una cartella con la versione del firmware

ls squashfs-root/lib/modules

[+] Correct!

What's the hash of the root account's password, enter the whole line (ex: root:$2$JgiaOAai....)

Uso di nuovo grep ```

Answer