Photon Lockdown
2 minutos de lectura
Se nos proporciona una carpeta llamada ONT (que significa terminal de red óptica) con tres archivos:
$ ls
fwu_ver hw_ver rootfs
$ cat fwu_ver
3.0.5
$ cat hw_ver
X1
$ file rootfs
rootfs: Squashfs filesystem, little endian, version 4.0, zlib compressed, 10936182 bytes, 910 inodes, blocksize: 131072 bytes, created: Sun Oct 1 07:02:43 2023
Extracción del sistema de archivos
Podemos usar unsquashfs o sasquashfs para descomprimir el sistema de archivos, pero 7z también funciona:
$ 7z x rootfs
7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs LE)
Scanning the drive for archives:
1 file, 10936320 bytes (11 MiB)
Extracting archive: rootfs
--
Path = rootfs
Type = SquashFS
Physical Size = 10936320
Headers Size = 18934
File System = SquashFS 4.0
Method = ZLIB
Cluster Size = 131072
Big-endian = -
Created = 2023-10-01 08:02:43
Characteristics = DUPLICATES_REMOVED EXPORTABLE
Code Page = UTF-8
Everything is Ok
Folders: 44
Files: 865
Size: 33832668
Compressed: 10936320
$ ls
bin config dev etc fwu_ver home hw_ver image lib mnt overlay proc rootfs run sbin sys tmp usr var
Flag
En este punto, podemos usar grep para buscar la flag (sabemos que su formato es HTB{...}):
$ grep -r HTB .
Binary file ./rootfs matches
Binary file ./bin/tc matches
Binary file ./bin/ip matches
./etc/config_default.xml:<Value Name="SUSER_PASSWORD" Value="HTB{N0w_Y0u_C4n_L0g1n}"/>