1. binwalk firmware.bin
2. dd if=firmware.bin skip=538952 bs=1 of=firmware_squash.sqsh
3. unsquashfs firmware_squash.sqsh
4. ls
5. cd squashfs-root && ls
6. #check the architecture
file bin/busybox
7. #check users and passwords
cat etc/passwd etc/shadow
8. #get scripts during device initialization
cat etc/inittab
9. #mount the IoT system into the PC
mount –bind /proc /media/psf/Pentesting/Platforms/HTB/challenges/squashfs-root/proc
mount –bind /dev /media/psf/Pentesting/Platforms/HTB/challenges/squashfs-root/dev
mount –bind /sys /media/psf/Pentesting/Platforms/HTB/challenges/squashfs-root/sys
10. #emulate the firmware
chroot . /bin/sh
11. #double check the architecture
uname -m
12. #boot the device
/etc/init.d/rcS S boot
or
#launch the prompt
13. #check the open ports
netstat -tln
14. #now you can connect through the browser
15. #if you change the firmware and want to upload it back, generate the updated squash
mksquashfs squashfs-root firmware_patched.sqsh -comp xz
16. #create the firmware file. Make note about “seek” parameter – the same from the step 2
dd if=firmware_patched.sqsh of=firmware_patched.bin conv=notrunc seek=538952 bs=1
