Nathanule's Write-ups
  • Nathanule's Write-Ups
  • Cheat sheets and Notes
    • Windows Privilege escalation
      • Communication with processes
      • Windows User Privileges
        • Windows Privilege Overview
        • SeImpersonate and SeAssignPrimaryToken
        • SeDebugPrivilege
    • SMTP
    • Directory brute-forcing (Fuzzing web directories)
    • Fuzzing Subdomains and Virtual hosts
    • Pivoting, Tunneling, and Port Forwarding
      • Pivoting around obstacles
      • Branching out our tunnels
      • Cheat sheets
    • Transferring Files
    • Powershell Notes
    • Active Directory Notes/Cheat sheets
      • Initial Enumeration
        • External Recon
          • Hunting E-mail addresses, usernames, credentials
      • External Information Gathering
  • Walk-throughs
    • HTB Windows Machines
      • APT
      • Mantis HTB
      • Reel HTB
      • Flight HTB
      • Visual HTB
      • Worker HTB
      • Fuse HTB
      • Buff HTB
      • Granny HTB
      • Grandpa HTB
      • Optimum HTB
      • Legacy
      • Jerry HTB
      • Silo HTB
      • Sizzle HTB
      • Tally HTB
      • Bart HTB
      • Jeeves HTB
    • HTB Linux Machines
      • Zipping HTB
      • devvortex HTB
      • Magic HTB
      • Bizness HTB
      • Sua
      • Mango HTB
      • Haircut HTB
      • Postman HTB
      • Friendzoned HTB
      • Mirai HTB
      • Networked HTB
      • Popcorn HTB
      • Posion HTB
      • Sunday HTB
      • SwagShop HTB
      • Irked HTB
      • Academy
    • HTB Endgames
      • Hades
      • Xen
      • P.O.O
      • Hololive THM
    • WPE Capstones
      • Querier HTB
      • Bastion HTB
      • Bastard HTB
      • Arctic HTB
      • Alfred THM
    • LPE Capstones
      • Brainpan 1 THM
      • ConvertMyVideo THM
      • Tomghost THM
      • Lazy Admin THM
      • Anonymous THM
    • Mobile
      • APKey
    • Snap-labs (Entry Level Pentesting)
    • Hardware
      • The needle
      • Debugging Interface
    • ICS and SCADA
      • Watersnake
    • Blockchain
      • Survival of the Fittest
Powered by GitBook
On this page
  1. Walk-throughs
  2. Hardware

The needle

As a part of our SDLC process, we've got our firmware ready for security testing. Can you help us by performing a security assessment?

PreviousHardwareNextDebugging Interface

Last updated 1 year ago

Host

159.65.24.125:32207

Looks like we need to find a password

After we have downloaded the necessary files from HackTheBox we can unzip 

unzip The\ Needle.zip

we have one file

Lets run strings

strings firmware.bin > strings_output.txt

Looking at the top of the output we can see

  • seems like some kind of failure

Let's utilize binwalk as it is specifically designed for analyzing binary files and extracting information 

binwalk -e firmware.bin

Now let's move into the extracted folder

Lets search for some interesting strings

grep -rn "./" -e password # alot of information
grep -rn "./" -e user
grep -rn "./" -e /etc/passwd # we find what may be a hash

possible hash, but cant crack it

6a451aa33393f47ade89b8bce4d9711818c2630394c3967265ffed276bb25a55
grep -rn "./" -e /etc/shadow

another possible hash

  • couldn't crack it

ccbbfeee2dd560403fea13f7f431ebd21d9bb4b3d41e48e892013fa451f91cc4
grep -rn "./" -e login

we do find something interesting

Lets follow this

find ./ -name sign

when we cat this file out we can see a password

possible creds

Device_Admin: qS6-X/n]u>fVfAt!

Lets see if we can access the host via netcat

nc 159.65.24.125 32207

  • we are in