The Needle
https://app.hackthebox.com/challenges/The%2520Needle
â°â file firmware.bin ââ¯
firmware.bin: Linux kernel ARM boot executable zImage (big-endian)â°â binwalk -e firmware.bin
...â°â grep -rn "./" -e login ââ¯
grep: ./squashfs-root/bin/busybox: binary file matches
./squashfs-root/bin/config_generate:231: set system.@system[-1].ttylogin='0'
./squashfs-root/etc/config/rpcd:2:config login
./squashfs-root/etc/inittab:3:::askconsole:/usr/libexec/login.sh
./squashfs-root/etc/profile:40:in order to prevent unauthorized SSH logins.
./squashfs-root/etc/scripts/telnetd.sh:7: if [ -f "/usr/sbin/login" ]; then
./squashfs-root/etc/scripts/telnetd.sh:9: telnetd -l "/usr/sbin/login" -u Device_Admin:$sign -i $lf &
grep: ./squashfs-root/lib/libc.so: binary file matches
...â°â find ./ -name sign ââ¯
./squashfs-root/etc/config/sign
./squashfs-root-0/etc/config/sign
...
â°â cat ./squashfs-root/etc/config/sign ââ¯
qS6-X/n]u>fVfAt!â°â nc 83.136.251.197 42886 ââ¯
īŋŊīŋŊīŋŊīŋŊīŋŊīŋŊīŋŊīŋŊ
ng-1874835-hwtheneedle-lhjwv-cf4d688c7-xlwxl login: Device_Admin
Device_Admin
Password: qS6-X/n]u>fVfAt!
ng-1874835-hwtheneedle-lhjwv-cf4d688c7-xlwxl:~$ ^[[30;49RLS
LS
-ash: LS: not found
ng-1874835-hwtheneedle-lhjwv-cf4d688c7-xlwxl:~$ ^[[30;49Rls
ls
flag.txt
ng-1874835-hwtheneedle-lhjwv-cf4d688c7-xlwxl:~$ ^[[30;49Rcat flag.txt
cat flag.txt
HTB{4_hug3_blund3r_d289a1_!!}
ng-1874835-hwtheneedle-lhjwv-cf4d688c7-xlwxl:~$ ^[[30;49RLast updated