HackTheBox Photon-Lockdown Challenge
Explore the basics of cybersecurity in the Photon-Lockdown Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/548
Description
We’ve located the adversary’s location and must now secure access to their Optical Network Terminal to disable their internet connection. Fortunately, we’ve obtained a copy of the device’s firmware, which is suspected to contain hardcoded credentials. Can you extract the password from it?
Exploitation
1
2
binwalk -e rootfs
rg 'HTB'
Summary
The Photon Lockdown Challenge involves analyzing a firmware image from an Optical Network Terminal (ONT) to extract hardcoded credentials. The goal is to disable the adversary’s internet connection by gaining access to the device. The challenge provides a firmware file, and the exploitation process involves using tools like binwalk to extract the filesystem and rg (ripgrep) to search for the hardcoded password. By running binwalk -e rootfs to extract the filesystem and rg 'HTB' to search for the flag or credentials, participants can quickly identify the required password. This challenge emphasizes the importance of firmware analysis and highlights the risks of hardcoded credentials in embedded devices. It serves as an introductory exercise in reverse engineering and firmware security.