Monday, January 11, 2016

SANS Holiday Challenge Walkthrough part 2

After completing the first part of the challenge, you are instructed to download the gnome's firmware. Now we can use binwalk and the firmware-mod-kit to unpack this. If the firmware mod-kit is not already on your system, a quick "apt-get install firmware-mod-kit" will install it. Running "binwalk -e firmware.bin" will extract the firmware.
We can see that there's a squashfs file system, which binwalk will have automatically extracted for us. 
Running cat etc/*release shows us that the OS is OpenWRT.
We can determine the architecture the OS was built for by running the file command on any binary in the firmware dump. 
We can see it's a 32 bit LSB built for ARM. The /etc/hosts file contains a reference to a "supergnome." This allows us to answer the first question: "what OS and CPU type are used in the gnome"-it's an ARM CPU running OpenWRT. 
Digging through the www folder we see package.json, and opening it there are references to express-eg express.js, a node.js framework, as well as to MongoDB. With this we can answer the question "what web framework is the gnome interface built in," the gnome interface is built on NodeJS using ExpressJS. 

We know that the web framework references MongoDB, so there's a good chance that's what is installed. We find several files in /opt/mongodb. Running "strings *" on them gives us this output:
And there's the Admin password in clear text which lets us answer the last question "what database engine runs the gnome web interface and what is the password"

F3n3s7ra





 

No comments:

Post a Comment