services like ssh,telnet which are running by default and their creds.With this, we are inside the router’s homepage, try browsing different settings like Note : admin:admin is the pair to go here. Here, you can try to brute force the password with Burp or try some common pairs like admin:admin, admin:, admin:password. Provided on your CLI, mine is 192.168.0.100, open it in browser, and you will see the router’s homepage (as I’ve done simulation for router’s firmware). Have successfully simulated our firmware via browser, just go to the IP If not, then try to re-run the fat.py or try googling the error or better try other firmware. If everything goes well, we will see a CLI message informing that a network interface is started. What we will actually do is we use the tool fat.py(firmware-analysis-toolkit) on our command line, then provide name of firmware image to simulate (have it copied to the dir of fat).įat.py might ask for some passwords (in old versions of attifyos) while running, following are the credentials: Next, what we need to do and will be doing is “firmware simulation” which can be browser based, allowing us to-do web app based exploitation or CLI based. In previous blog we performed firmware analysis, which gave us an idea about device’s file system, OS, sensitive files, hardcoded credentials, services and softwares running, among other things.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |