💉The Needle
https://app.hackthebox.com/challenges/The%2520Needle
╰─ file firmware.bin ─╯
firmware.bin: Linux kernel ARM boot executable zImage (big-endian)╰─ binwalk -e firmware.bin
...╰─ grep -rn "./" -e login ─╯
grep: ./squashfs-root/bin/busybox: binary file matches
./squashfs-root/bin/config_generate:231: set system.@system[-1].ttylogin='0'
./squashfs-root/etc/config/rpcd:2:config login
./squashfs-root/etc/inittab:3:::askconsole:/usr/libexec/login.sh
./squashfs-root/etc/profile:40:in order to prevent unauthorized SSH logins.
./squashfs-root/etc/scripts/telnetd.sh:7: if [ -f "/usr/sbin/login" ]; then
./squashfs-root/etc/scripts/telnetd.sh:9: telnetd -l "/usr/sbin/login" -u Device_Admin:$sign -i $lf &
grep: ./squashfs-root/lib/libc.so: binary file matches
...╰─ find ./ -name sign ─╯
./squashfs-root/etc/config/sign
./squashfs-root-0/etc/config/sign
...
╰─ cat ./squashfs-root/etc/config/sign ─╯
qS6-X/n]u>fVfAt!Last updated