WIFIHELL - 科技改变生活

 找回密码
 注册WIFIHELL

QQ登录

只需一步,快速开始

开启左侧

Getting root password from firmware image ( TP-Link WR740n example)

[复制链接]
222ba 发表于 2019-2-11 17:40:13 | 显示全部楼层 |阅读模式

注册WIFIHELL,浏览更多技术贴!

您需要 登录 才可以下载或查看,没有帐号?注册WIFIHELL

x
[color=rgba(0, 0, 0, 0.84)]Today I will teach you how to obtain the root password from a WiFi router firmware image.
[color=rgba(0, 0, 0, 0.84)]Why I would waste my time in doing so?
  • Root passwords from a firmware can be used in some circumstances to obtain access to a router system via an serial port or other services.
  • Potential backdoor left by developers as found here:



Gas Stations Hardcoded Passwords (CVE-2017–14728)
  • This tutorial is intended to be a basic one in order to learn fun and useful stuff
  • Good for CTF training.
[color=rgba(0, 0, 0, 0.84)]Steps to getting the password:



  • binwalk -e wr740nv7_eu_3_16_9_up_boot\(160708\).bin



before binwalk -e





after binwalk -e
  • Go to “_wr740nv7_eu_3_16_9_up_boot(160708).bin.extracted/squashfs-root/etc/” and open shadow file.






  • Bruteforce or obtain from Google the equivalent password for the given hash.



[color=rgba(0, 0, 0, 0.84)]In other words:
[color=rgba(0, 0, 0, 0.84)]The password for the given hash (root1$GTN.gpri$DlSyKvZKMR9A9Uj9e9wR3/:15502:0:99999:7:: is squal to “shoadmin”.

WIFIHELL | 万丰乐活 2020开启新的征程,好货不断!
关闭

站点推荐上一条 /1 下一条

万丰乐活

GMT+8, 2020-8-10 15:43

Powered by Discuz! X3.4

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表