The Needle
The Needle Challenge Write-Up
Challenge Description
The objective of this challenge was to extract and analyse the contents of a firmware binary (firmware.bin
) to discover a hidden flag.
Steps to Solve the Challenge
Step 1: Extract the Contents of the Firmware
First, I used binwalk
to analyse and extract the contents of the firmware.bin
file. The command used was:
The binwalk
output indicated that the file contained a Linux kernel, some compressed data, and a SquashFS filesystem. The SquashFS filesystem is typically used in embedded systems, so it was likely that the flag would be found within this filesystem.
Step 2: Search for the Flag
After extracting the contents, I used grep
to search for occurrences of the word "flag" within the extracted files:
However, the search results did not directly reveal the flag, but indicated multiple occurrences of the word "flag" in various scripts and libraries.
Step 3: Identify Login Credentials
Given the embedded system nature of the firmware, it was likely that some form of authentication was required. I searched for occurrences of the word "login":
This revealed several interesting scripts, particularly telnetd.sh
, which referenced a "sign" value in the /etc/config/sign
file. This was worth investigating further.
Step 4: Retrieve the Sign Value
To retrieve the sign value, I located and read the /etc/config/sign
file:
The contents were:
Step 5: Attempt to Login via Telnet
Armed with the possible login credentials, I tried to connect to the remote service using telnet
:
After several attempts using the username Device_Admin
and the password from the sign
file, I successfully logged into the system.
Step 6: Capture the Flag
Once logged in, I listed the directory contents and found a file named flag.txt
. I then displayed the contents of this file:
The flag was revealed:
Conclusion
This challenge demonstrated the process of reverse engineering a firmware binary to discover hidden credentials and ultimately capture the flag. The key steps involved extracting the filesystem, searching for relevant information, and using that information to gain access to the system.
Last updated