IoT(Internet of Things)
Operation Backdoor – Exposing the Hidden Threat
The CRAW Red Team Labs has uncovered a compromised router during a routine security assessment. This device, running a firmware file named firmware.bin, was found to contain a hidden Telnet backdoor, posing a serious security risk. If left undetected, attackers could exploit this backdoor to gain unauthorized access, manipulate network traffic, and launch further attacks on connected systems.
Your mission is to conduct a thorough firmware analysis to uncover any hardcoded credentials embedded within the system. Using reverse engineering techniques, static and dynamic analysis, and forensic tools, you must dissect the firmware and expose any vulnerabilities hidden within the code. Identifying these security flaws will help prevent potential exploitation by malicious actors.
Time is critical—every moment wasted increases the risk of a real-world attack. Are you ready to take on the challenge, reveal the vulnerability, and secure the network? The investigation starts now!
Question 1.
Use binwalk to identify embedded files in firmware.bin. How many partitions does the firmware have?
Question 2.
Search for "telnet" in the firmware using the strings command. What string suggests a telnet service?
Question 3.
Extract the firmware filesystem. What is the name of the extracted root folder?
Question 4.
Find the path to the telnetd.sh script.
Question 5.
The telnetd.sh script references a username. What is it?
Question 6.
The password is stored in a variable in telnetd.sh. What is the variable name?
Question 7.
The password is stored in a file under /etc/. What is the filename?
Question 8.
What is the hardcoded password in /etc/config?
Question 9.
What CPU architecture does this firmware target?
Question 10.
The firmware uses an outdated busybox version. What is it?
Question 11.
What is the uncompressed size of the LZMA data? (Bytes)
Question 12.
What compression algorithm is used for the kernel image?
Question 13.
What is the OS type of the embedded kernel image?
Backdoors & Blunders
This CTF focuses on identifying real-world cybersecurity vulnerabilities that are often misheard, mispronounced, or misunderstood in casual conversations or media. The challenge targets both recognition and conceptual understanding of significant security flaws—ranging from wireless and USB-based exploits to memory corruption and TLS attacks. Ideal for intermediate to advanced participants, this CTF bridges pop culture tech lingo with the real threats behind them.
Question1.
What is the actual name of the attack misheard as “Enterblue,ˮ which allows RCE via Bluetooth without pairing?
Question2.
BlueBorne affects which Bluetooth stack commonly used in Linux systems?
Question3.
“SLL Blidingˮ is a mishearing of which real attack that downgrades HTTPS to HTTP?
Question4.
SSL Stripping is primarily effective during which type of network attack?
Question5.
Which tool by Moxie Marlinspike was famous for performing SSL Stripping?
Question6.
The “Heartbleedˮ vulnerability exploited which protocol extension?
Question7.
What is the CVE ID for the Heartbleed vulnerability?
Question8.
Which memory attack abuses CPU caching to leak sensitive data and was often miswritten as “Specterˮ?
Question9.
Spectre and Meltdown affect which part of modern processors?
Question10.
Which attack vector misheard as “Dirty Pooˮ actually gives local privilege escalation via page table race conditions?
Question11.
Dirty Pipe vulnerability affects which kernel-based OS?
Question12.
“Krackˮ attack (misheard as “Crack WiFiˮ) affects which Wi-Fi security protocol?
Question13.
KRACK exploits vulnerabilities in which part of WPA2?
Question14.
Which attack, sometimes mispronounced as “Rowhammering,ˮ flips memory bits by rapid access?
Question15.
Rowhammer mainly targets which type of memory?
Question16.
Which USB exploit sounds like “Rubber Bugˮ and is used for injecting keystrokes?
Question17.
What scripting language does the Rubber Ducky payload use?
Question18.
What is the name of the SSL/TLS vulnerability that allows downgrade to SSL 3.0?
Question19.
Which CVE is associated with Log4Shell, a critical RCE vulnerability in Java logging?
Question20.
What JNDI service was used in Log4Shell exploitation?