Analyzing Router Firmware P2

Challenge 2 – weak root password

You’ve received an OpenWRT based firmware for analysis. The company assures you that the firmware is secure. You have your doubts!

Your mission is to recover the root password hash from the firmware and crack it!

In this challenge we have a file called firmware.bin and a passwordlist that I’ll later use for a bruteforce attack.

binwalk firmware.bin

Again it’s a Squashfs filesystem. Let’s extract it.

binwalk -e firmware.bin

Let’s browse to the /etc directory and have a look for the shadow file

cp shadow /home/student

Let’s copy the shadow file over to my student home directory and do a vi of the file to remove all the other accounts


For the cracking part I use the tool hashcat

hashcat -m 1800 -a 0 shadow 1000000-password-seclist.txt

Bruteforce attacks always took some time…

Ther’e we are, the root password is q1w2e3r4


Kommentar hinterlassen

Schreib einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht.