Let's get started with analyzing firmware and seeing whether we are able to identify any of the sensitive information or a backdoor for that matter.
The firmware that we will use for this exercise is a D-Link DWR 932B with the version DWR-932_fw_revB_2_02_eu_en_20150709. These following vulnerabilities have been discovered by security researchers, namely Gianni Carabelli and Pierre Kim:
- The first step would be to extract the filesystem from the firmware. However, the firmware in this case comes as a ZIP file which is protected by a password. The password in this case could be cracked by a utility such as fcrackzip and the password was found to be UT9Z. This is also shown in the following screenshot:
- Once we have the firmware ...