challs
commented
3 years ago Question: the password file to be put in the unsquashfs filesystem structure, is it need to be format as shardow passwd file or just plain text format like in the old-time linux passwd file. where should it be located in the file system i.e. in root directory and change the symlink to /etc/passwd
It's shadow format. See my forum post for more details (look for the mkpasswd command.
Can you outline the process to in the Quote
chaisaeng
From the article to Gaining access to the device Quote "3) We replaced the /etc/passwd symlink with a passwd file we created with a known root password." Question: the password file to be put in the unsquashfs filesystem structure, is it need to be format as shardow passwd file or just plain text format like in the old-time linux passwd file. where should it be located in the file system i.e. in root directory and change the symlink to /etc/passwd Quote "6) Finally we TFTP'd the newroot.bin file to the device and used the bootloader command FLW to write it to flash." Can you outline the process to in the Quote (step 6 in the article)
Currently I have a dump of the device from your dump_flash.py and unsquashfs it into my virtualbox debian vm I got the directory contains all the files from the SquashFS dumped. as I'm not very familiar with the process of flashing the device with tftp I need more detail on how to do that on my device. I got device but can not get the root password fron the process you mentioned in the article so the alternative is to reflash it with modified SquashFS flash image to gain initial access to the device. I hope this will also help other that fail to get root password of the device as I am.
Thanks very much.