Analyzing Router Firmware P5

You receive a Dlink_firmware. Somewhere inside this binary there are telnet credentials stored. Your task is to analyze the file and find the credentials…

This time I’ll use the Attify OS VMWare Image to solve this task.

After extraction I’ll first browse to the /etc directory.

There is a directory called scripts with a bunch of shell scripts inside. I can check each of them manually, but a much efficienter way is to use the tool grep for that…

grep -irn 'telnet' .

From the output we get, I’ll have a closer look on the shellscript

The login name is: Alphanetworks and the password is stored in a variable called $image_sign

image_sign= cat /etc/config/image_sign

password: wrgn23_dlwbr_dir300b

Kommentar hinterlassen

Schreib einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht.