SANS Holiday Hack Quest 2015 – 2

I’ll be Gnome for Christmas:

Firmware Analysis for Fun and Profit

After telling Josh that GnomeNET-NorthAmerica is in the picture, he told me to speak with Jessica regarding the Gnome’s firmware. Jessica gave me a bin-file dumped from the Gnome’s NAND flash and needed some help analyzing it. https://www.holidayhackchallenge.com/2015/giyh-firmware-dump.bin
3) What operating system and CPU type are used in the Gnome? What type of web framework is the Gnome web interface built in?
4) What kind of a database engine is used to support the Gnome web interface? What is the plaintext password stored in the Gnome database?

The PEM certificate was not very intresting, the Second file seems to be a bootfile and the last one is a filesystem (squashfs)
CPU type looks like a ARM processor (based on bootfile info). Next would be to extract the file system and see if I can find any useful info there.

Based on the files in /etc, it was easy to identify that this is OpenWrt, r47650

It was also easy to see that this Gnome web-server was buildt on Node JS based on the information I could find in /www. But I got absolutely no experience  with NodeJS, nor do I know how to find or which framework is in use. This is where google is great! “top 10 nodejs frameworks”
By going from top to bottom on the first page, I managed to identify that this is running the Express.js framework.

Time to mount the mongodb database. At first, I thought I needed the login credentials from www/app.js, but apparently this was not needed. Database content is not encrypted.

As for dumping the DB content:

There you go, user:user and admin:SittingOnAShelf

Leave a Reply

Your email address will not be published. Required fields are marked *