File Sumo 1 1 1

Today, I am going to share a writeup for the boot2root challenge of the Vulnhub machine “Sumo: 1”. It was an intermediate box based on the Linux machine. The goal for this machine is to read the flag file Download From Here
Penetration Testing Methodology

Network Scanning
- Netdiscover scan
- Nmap Scan
Enumeration
- Enumerating HTTP service on Browser
- Enumerating using Nikto
Exploitation
- Exploiting Shellshock Vulnerability
- Gaining Meterpreter
Post Exploitation
- Enumerating for Escalating Privileges
Privilege Escalation
- Dirty Cow
Reading Root Flag
A portable version of this application is available: Portable SUMo runs on: Windows 10 32/64 bit Windows 8 32/64 bit Windows 7 32/64 bit file size: 3.7 MB filename: sumolite.exe main category: System. KC Softwares - Software Development Company. Developpers of SUMo, DUMo, KCleaner and other powerful System Utilities.
Walkthrough
Network Scanning

We begin by scanning our network for the target machine using Netdiscover. The target machine is active on 192.168.1.104
Let’s scan it and see which services are running and which ports are open.
Enumeration

The scan gives us a lot of good and useful information, but what stands out the most is that port 22 and 80 are open, let’s explore port 80 first and see what we can find there.
This webpage seemed like a dead-end so, we decided to perform a Nikto scan in the hope that it will provide us with some more insight.
The Nikto scans the web application to find the /cgi-bin/ directory. on further inspection, the application was found vulnerable to shellshock vulnerability. Time to exploit it.
Exploitation

Open a terminal type msfconsole for loading Metasploit framework and use the following module. This module targets CGI scripts in the Apache webserver by setting the HTTP_USER_AGENT environment variable to a malicious function definition.
</div><table><tbody><tr><td><div><div>2</div><div>4</div><div>6</div></div></td><td><div><div><span>python</span><span>-</span><span>c</span>'<span>import </span><span>pty</span><span>;</span><span>pty</span><span>.</span><span>spawn</span><span>(</span><span>'/bin/sh'</span><span>)</span></div><div><span>/</span><span>usr</span><span>/</span><span>bin</span><span>/</span><span>passwd</span></div><div><span>cat </span><span>root</span><span>.</span><span>txt</span></div></div></td></tr></tbody></table><p><span>Here we got our root flag. So that’s for now. See you next time.</span></p><p><span><strong>Author</strong>: Sushma Ahuja is a Technical Writer, Researcher, and Penetration Tester. Can be Contacted on <span><strong>LinkedIn</strong></span></span></p><div>Jump to:navigation, search</div><div>DART-6UL - Yocto Morty 2.2.1 based on FSL Community BSP 2.2 with L4.1.15_2.0.0-ga Linux release</div><ul><li><span>4</span><span>Setup and build Yocto</span><ul><li><span>4.5</span><span>local.conf customization</span></li></ul></li><li><span>5</span><span>Create a bootable SD card</span><ul><li><span>5.3</span><span>Create an extended SD card</span></li></ul></li><li><span>6</span><span>Boot the board with a bootable SD card</span><ul><li><span>6.2</span><span>Automatic device tree selection in U-Boot</span></li></ul></li><li><span>8</span><span>Yocto Image Customization</span><ul><li><span>8.4</span><span>Qt5 for Embedded Linux</span><ul><li><span>8.4.2</span><span>Configure Touch Input</span></li></ul></li></ul></li><li><span>9</span><span>Make changes to the rootfs</span></li></ul><p>Please make sure your host PC is running Ubuntu 14.04/ 64-bit and install the following packages:</p><ul><li>Yocto Project Core - Morty 2.2.1 (released on 02/24/2017)</li></ul><p>Documentation is available from www.yoctoproject.org</p><ul><li>FSL Community BSP Release Notes 2.2 documentation</li></ul><p>Documentation is available from http://freescale.github.io</p><ul><li>Kernel documentation from fsl-yocto-L4.1.15_2.0.0-ga release</li></ul><p>Documentation is available for download from fsl-yocto-imx-4.1.15_2.0.0-docs</p><p><br /></p><p>Now, choose between downloading a release tag, and downloading the latest revision (recommended) and <b>follow only one of the next two bullet sections</b>, accordingly:<br /></p><ul><li><b>Download a release tag</b><br /></li></ul><p>Each release in https://github.com/varigit/variscite-bsp-platform/releases corresponds to a tag.<br />The tags are also listed in https://github.com/varigit/variscite-bsp-platform/tags<br />To specify a specific release/tag, run the following:</p><p><br />or<br /></p><ul><li><b>Download the latest revision (recommended)</b><br /></li></ul><h2><span><span>4.1</span> Supported images</span></h2><p>The following images are provided by Variscite for evaluation purpose</p><ul><li><b>fsl-image-gui</b>: Default Variscite demo image with GUI and without any Qt5 content. This image recipe works on all backends for X11, Frame Buffer and Wayland and the content is optimized to fit 512MB NAND flash.</li><li><b>fsl-image-qt5</b>: Extends fsl-image-gui image with Qt5 support and various Qt samples for X11, Frame Buffer and Wayland backends.</li></ul><div> Will result in image size greater than 512 MB, which will not fit into NAND flash. Use SD card or eMMC to test.</div><p>The following images are provided by FSL Community BSP:</p><ul><li><b>fsl-image-machine-test</b>: A console-only image that includes gstreamer packages and test and benchmark applications.</li><li><b>fsl-image-mfgtool-initramfs</b>: Small image to be used with Manufacturing Tool (mfg-tool) in a production environment.</li></ul><p>See the list of Yocto Project’s reference images in Yocto Project Reference Manual</p><h2><span><span>4.2</span> Supported distros</span></h2><p>The following distros can be used:</p><ul><li><b>fsl-imx-x11</b>: Distro for X11 without wayland. This distro include x11 feature and doesn’ has wayland support.</li><li><b>fsl-imx-fb</b>: Distro for Framebuffer graphical backend. This distro doesn’t include X11 and wayland features.</li><li><b>fsl-imx-wayland</b>: Distro for Wayland without X11. This distro includes wayland feature but doesn’t have x11 support.</li><li><b>fsl-imx-xwayland</b>: Distro for Wayland with X11. This distro includes both wayland and X11 features.</li></ul><p>Note: Also standard Poky distros can be used</p><p><br /></p><h2><span><span>4.3</span> Build X11 GUI demo image</span></h2><p>The above command is only mandatory for the very first build setup: whenever restarting a newer build session (from a different terminal or in a different time), you can skip the full setup and just run</p><p><br />Optional steps: local.conf customization</p><p>launch bitbake:</p><h2><span><span>4.4</span> Build console-only demo image</span></h2><p><br />Optional steps: local.conf customization</p><h2><span><span>4.5</span> local.conf customization</span></h2><h3><span><span>4.5.1</span> Change the downloads directory</span></h3><p>Create a /opt/yocto_downloads directory and set its permissions:</p><p>Direct downloads to it, by replacing 'DL_DIR ?= '${BSPDIR}/downloads/' with 'DL_DIR = '/opt/yocto_downloads/' in conf/local.conf under your build directory:</p><h3><span><span>4.5.2</span> Add Eclipse debug and Qt creator support to your images</span></h3><p>Append the following to the conf/local.conf file in your Yocto build directory, to add Eclipse debug and Qt creator support to your images:</p><h3><span><span>4.5.3</span> Use systemd instead of SysV init</span></h3><p>Append the following to the conf/local.conf file in your Yocto build directory, to use systemd instead of SysV init in your images:</p><h3><span><span>4.5.4</span> Create a read-only root file system</span></h3><p>Append the following to the conf/local.conf file in your Yocto build directory, to create a read-only rootfs:</p><h2><span><span>4.6</span> Build Results</span></h2><p>The resulting images are located in tmp/deploy/images/imx6ul-var-dart.</p><p><br /></p><table><tbody><tr><th scope='col'>Image Name<br /></th><th scope='col'>How to use<br /></th></tr><tr><td>fsl-image-gui-imx6ul-var-dart.sdcard</td><td>This image is for SD card boot.<br /> It can be flashed as-is on an SD card that can then be used to boot your system,<br /> according to the relevant startup-guide of your product<br /> (usually requires to press the boot select button, or toggle a DIP switch).<br /> For detailed information refer to the Create a bootable SD card section below.</td></tr><tr><td>fsl-image-gui-imx6ul-var-dart.tar.gz</td><td>Tarball with rootfs files.<br />Can be used to create an NFS root file system on the host.<br /> See the <span>Yocto Setup TFTP/NFS</span> section for more info.<br />Also used to create our extended SD card.<br />See the Create a bootable SD card section below.</td></tr><tr><td>fsl-image-gui-imx6ul-var-dart.ubi</td><td>A complete UBI image containing a UBIFS volume, for writing to NAND flash.</td></tr><tr><td>zImage</td><td>Linux kernel image, same binary for SD card/eMMC or NAND flash.</td></tr><tr><td>SPL-sd</td><td>SPL built for SD card boot or eMMC boot.</td></tr><tr><td>SPL-nand</td><td>SPL built for NAND flash.</td></tr><tr><td>u-boot.img-sd</td><td>U-Boot built for SD card boot or eMMC boot.</td></tr><tr><td>u-boot.img-nand</td><td>U-Boot built for NAND flash.</td></tr></tbody></table><table><tbody><tr><th scope='col'>File Name</th><th scope='col'>Description</th></tr><tr><td>zImage-imx6ul-var-dart-emmc_wifi.dtb</td><td>Device tree blob for DART-6UL with eMMC & WI-FI enabled. (SD card & NAND disabled)</td></tr><tr><td>zImage-imx6ul-var-dart-nand_wifi.dtb</td><td>Device tree blob for DART-6UL with NAND flash & WI-FI enabled. (SD card & eMMC disabled)</td></tr><tr><td>zImage-imx6ul-var-dart-sd_emmc.dtb</td><td>Device tree blob for DART-6UL with SD card & eMMC enabled (WIFI & NAND disabled)</td></tr><tr><td>zImage-imx6ul-var-dart-sd_nand.dtb</td><td>Device tree blob for DART-6UL with SD card & NAND flash enabled (WIFI & eMMC disabled)</td></tr><tr><td>zImage-imx6ull-var-dart-emmc_wifi.dtb</td><td>Device tree blob for DART-6ULL with eMMC & WI-FI enabled. (SD card & NAND disabled)</td></tr><tr><td>zImage-imx6ull-var-dart-nand_wifi.dtb</td><td>Device tree blob for DART-6ULL with NAND flash & WI-FI enabled. (SD card & eMMC disabled)</td></tr><tr><td>zImage-imx6ull-var-dart-sd_emmc.dtb</td><td>Device tree blob for DART-6ULL with SD card & eMMC enabled (WIFI & NAND disabled)</td></tr><tr><td>zImage-imx6ull-var-dart-sd_nand.dtb</td><td>Device tree blob for DART-6ULL with SD card & NAND flash enabled (WIFI & eMMC disabled)</td></tr></tbody></table><p><br /></p><h2><span><span>5.1</span> SD card structure</span></h2><p>This is the structure of our Recovery/Extended SD card:<br /></p><p><br />The SD card is divided into 3 sections as shown in the picture above:<br /></p><ul><li>The first unallocated 4MiB are saved space for U-Boot. It can be replaced using the dd command as described in the <span>Yocto Build U-Boot</span> section.<br /></li><li>The first partition is a fat16 partition used for the device tree files and the kernel image file. You can copy them as described in the <span>Yocto Build Linux</span> section.<br /></li><li>The second partition is an ext4 partition that contains the complete root filesystem (including the kernel modules).<br /></li></ul><p>Note:<br />The last unallocated area is not used. It is there so that the rootfs will fit on any 4GB SD card, as not all 4GB SD cards are really the same size. If you want, you can use a program such as GParted to resize the roofs partition and make it end at the end of your specific SD card (of course, you can also use SD cards with much bigger capacity than 4GB, and then it makes more sense to resize the partition).<br />Also, if you create the extended SD card yourself by following the Create an extended SD card section below, and you use the '-a' option, the rootfs partition will end at the end of your specific SD card automatically.<br /></p><h2><span><span>5.2</span> Yocto pre-built bootable SD card</span></h2><p>The Yocto build products contains many files as explained in the Build Results section. For example, fsl-image-gui-imx6ul-var-dart.sdcard, depending on your build. This is a complete image to be flashed directly to an SD card.<br /></p><p>Example usage:<br /></p><ul><li><span>Note:</span> Booting your system from an SD card requires pressing the boot-select button, or switching the relevant DIP switch to 'Boot from SD card', according to the relevant start-up guide of your system<br /></li></ul><p><br />Drawbacks of the native .sdcard yocto-built image, (relative to the Recovery/Extended SD card):</p><ul><li>The rootfs partition doesn't use the entire SD card.</li><li>The rootfs partition is not labeled as rootfs.</li><li>The NAND flash and eMMC installation scripts and images are not included.</li></ul><h2><span><span>5.3</span> Create an extended SD card</span></h2><div class='smnPi'><iframe width='auto' height='auto' src='https://www.youtube.com/embed/NOPn9sE0AdY' frameborder='0' allowfullscreen></iframe></div><p>Variscite provides the var-create-yocto-sdcard.sh script which creates our NAND/eMMC recovery SD card - an SD card based on the fsl-image-gui filesystem, which copies the NAND flash burning scripts and relevant binaries for your convenience.<br />Later, you will be able to follow either the more automatic <span>Yocto Recovery SD card</span> guide or the more manual VAR-SOM-MX6 NAND flash burning guide to burn your images to NAND flash or eMMC.<br /></p><p>Note:<br />This is essentially the same as our pre-built Recovery SD image, with the following main differences:<br /></p><ul><li>The pre-built image's rootfs partition size is 3700MiB, which is also the default size when using the script, but the script also has an option to set the rootfs partition size to fill the whole free space of the used SD card. Anyway, you can always resize the partition later with an external tool such as gparted.<br /></li></ul><p>Naturally, the pre-built image is more straight forward and easier to use, while the script method is easier to customize.<br /></p><p>Usage:<br /></p><ul><li>Follow the Setup and build Yocto guide, and bitbake fsl-image-gui.</li><li>Plug-in the SD card to your Linux HOST PC, run dmesg and see which device is added (i.e. /dev/sdX or /dev/mmcblkX)</li></ul><p><br /></p><h3><span><span>5.3.1</span> Create an extended SD card image using a loop device</span></h3><p>It is also possible to use the var-create-yocto-sdcard.sh script to create an extended SD card image, while using a loop device instead of attaching a real SD card.<br />Create an empty file using the following command:</p><p>The above command creates a 3700MiB file representing the SD card.<br />Attach the first available loop device to this file:</p><p>To find the actual loop device being used, run:</p><p>Write the content to the loop device to generate the SD card image:</p><p>(Replace /dev/loopX with your actual loop device, e.g. /dev/loop0)<br /></p><p>Detach the loop device from the file:</p><p>To compress the SD card image file use the following command:</p><p>To write the SD card image to a real SD card device use the following command:</p><p>(Replace /dev/sdX with your actual SD device, e.g. /dev/sdb)</p><p>Note: <span>The WiFi is not operational when booting from SD card</span>, as the WiFi and SD card are using the same SDIO interface.<br />A typical use-case is to boot from an SD card, flash the eMMC/NAND flash, and re-boot from the eMMC/NAND flash to have the WiFi operational.</p><h2><span><span>6.1</span> Setting the Boot Mode</span></h2><p>Booting your system from an SD card requires switching the Boot DIP switches. See picture below.</p><h2>File Sumo 1 1 123</h2><ul><li>'00' The current position in the picture will set the system to boot from SD card</li><li>'01' Moving the right switch will set the system to boot from eMMC</li><li>'10' Moving the left switch will set the system to boot from NAND flash</li><li>'11' is illegal.</li></ul><div> Be aware that your system has eMMC or NAND but never both.</div><p><br /></p><h2>File Sumo 1 1 17</h2><h2><span><span>6.2</span> Automatic device tree selection in U-Boot</span></h2><img src='https://upload.wikimedia.org/wikipedia/commons/2/24/Tata_sumo_(1).jpg' alt='File Sumo 1 1 1' title='File Sumo 1 1 1' /><p>As shown in the Build Results table above, we have different kernel device trees, corresponding to our different H/W configurations.<br />We implemented a script in U-Boot's environment, which sets the fdt_file environment variable based on the detected hardware.</p><h3><span><span>6.2.1</span> Enable/Disable automatic device tree selection</span></h3><p>To enable the automatic device tree selection in U-Boot (already enabled by default):</p><h2>Download 1.1.1.1 For Pc</h2><p>To disable the automatic device tree selection in U-Boot, set the device tree file manually:</p><p>Useful example: To list all files in the boot partition (where the dtb files are by default) of an SD card:</p><div> Comment:<br />Make sure you don't set an inappropriate dtb file, like a dtb with nand on a SOM that has eMMC, or a dtb for mx6ull on a SOM with an mx6ul SOC.</div><p>Please refer to <span>Yocto NAND Flash Burning</span> guide.</p><h2><span><span>8.1</span> Update Yocto Morty to latest revision</span></h2><p>From time to time we update the Yocto sources (especially meta-variscite) with new features and bug fixes.<br />Follow the <b>Download the latest revision (recommended)</b> bullet section of the Download Yocto Morty based on Freescale Community BSP step again to update your tree to the latest revision, and rebuild your image.</p><h2><span><span>8.2</span> Update Yocto Morty to a release tag</span></h2><p>Follow the <b>Download a release tag</b> bullet section of the Download Yocto Morty based on Freescale Community BSP step to update your tree to a release tag, and rebuild your image.</p><h2><span><span>8.3</span> Forcing Clean Build</span></h2><h2><span><span>8.4</span> Qt5 for Embedded Linux</span></h2><p>To run Qt5 applications without X11 backend the platform specific plugins (e.g. EGLFS or LinuxFB) should be configured with QT_QPA_PLATFORM environment variable or with -platform command-line.</p><div> See more information on Qt5 customization for Embedded Linux here</div><h3><span><span>8.4.1</span> Configure LinuxFB Plugin</span></h3><p>DART-6UL supports only LinuxFB plugin</p><p>LinuxFB plugin is optimized for not accelerated platforms, but do not provide rotation capabilities.</p><p>If required you may be interested in reading this article, providing a dedicate patch and usage instructions.</p><p>To integrate the patch in yocto BSP, you are supposed to:</p><ul><li>copy the plane patch in the folder</li></ul><ul><li>add the reference patch in the SRC_URI_append section of file</li></ul><h3><span><span>8.4.2</span> Configure Touch Input</span></h3><p>When no windowing system is present, the mouse, keyboard, and touch input are read directly via evdev or tslib. </p><h4><span><span>8.4.2.1</span> Evdev</span></h4><p>By default, the Qt5 uses automatic device discovery based on libudev. In case you want to override the default touchscreen configuration the following parameters can be used:</p><ul><li>/dev/input/... - Specifies the name of the input device. When not given, Qt looks for a suitable device either via libudev or by walking through the available nodes.</li><li>rotate - On some touch screens the coordinates must be rotated, which is done by setting rotate to 90, 180, or 270.</li><li>invertx and inverty - To invert the X or Y coordinates in the input events, pass invertx or inverty.</li></ul><h4><span><span>8.4.2.2</span> Tslib</span></h4><p>Tslib is used for resistive single-touch touchscreens and should be pre-configured with:</p><p>It is recommended to put the above setup inside /etc/profile.d/tslib.sh.</p><h3><span><span>8.4.3</span> Running Qt5 Applications</span></h3><h2><span><span>8.5</span> UBIFS</span></h2><p>By default we create ubifs image for 512MB NAND flash size.You can change the size by editing ~/var-fslc-yocto/sources/meta-variscite-fslc/conf/machine/include/variscite.inc <br />and comment / uncomment the relevant section based on size.</p><p><br /></p><p>The following is usually not the recommended way to work with Yocto.<br />You should usually create new specific recipes (.bb files) and/or append to specific present recipes by using .bbappend files.<br />However, if you are not yet experienced enough with Yocto, and you just want to quickly add your files to the resultant file system (or make any other change to it), you can do it in a general way, by using the following variable:</p><p>The functions will be called right after the root filesystem is created and right before it is packed to images (.sdcard, .ubi, .tar.gz, etc.).<br /></p><h2><span><span>9.1</span> Example</span></h2><p>Let's say you have your files that you want to put in the filesystem arranged on your host under a directory called /my_rootfs_additions, like the following:</p><p>And let's say you want to build the fsl-image-gui image.<br />Create a file called ~/var-fslc-yocto/sources/meta-variscite-fslc/recipes-images/images/fsl-image-gui.bbappend<br />with the following content:</p><p>Now, when you bitbake fsl-image-gui, the files in /my_rootfs_additions will be added to the rootfs (be careful when overwriting files).<br /></p><div>Retrieved from 'https://variwiki.com/index.php?title=Yocto_Build_Release&oldid=14323'</div></div></div></div></div><div class="navigation-secondary-sm"><div class="list-lg-static">⇐ ⇐ <a href='/gemini-2-5-2-x-2'>Gemini 2 5 2 X 2</a></div><div class="navigation-secondary-sm">⇒ ⇒ <a href='/exchange-rates-2-7-download-free'>Exchange Rates 2 7 Download Free</a></div></div></div></div></div></div><div class="body-item-md new-site-aside row-article-primary node-block-extra container-primary-row"><div class="node-block-extra-inner"><div class="lg-content-article abbr-container-box"><div class="body-site-md"><aside id="page-primary-main" class="label-fn-default label-clear-layer layer-container-secondary page-content-default"><form role="search" method="get" class="article-label-md" action="#"><label><span class="clear-label-aside">Search for:</span><input type="search" class="abbr-aside-box" placeholder="Search …" value="" name="s"></label><input type="submit" class="default-container-area" value="Search"></form></aside><aside id="post-container-secondary"><div class="layer-container-box"><div class="primary-node-entry new-row-container">Related Pages</div></div><ul><li><a href='/colibri-1-9-9-full-cracked-version-mac-os-x'>Colibri 1 9 9 Full Cracked Version Mac Os X</a></li><li><a href='/syncbird-pro-2-9-100'>Syncbird Pro 2 9 100</a></li><li><a href='/divvy-window-manager-1-5-2'>Divvy Window Manager 1 5 2</a></li><li><a href='/pikka-2-000'>Pikka 2 000</a></li><li><a href='/one-chat-4-2-all-in-one-messenger-rooms'>One Chat 4 2 – All In One Messenger Rooms</a></li><li><a href='/borderlands-goty-1-0-3'>Borderlands Goty 1 0 3</a></li></ul></aside></div></div></div></div></div></div><footer><div class="fix-node-entry"><div class="col-new-label"><div class="body-site-md"><div class="site-body-sm"><div class="body-site-md"><div class="page-new-singular menu-items-extra page-panel-default navigation-extra-box"><div class="bar-items-clear"></div></div><div class="entry-primary-post primary-site-label page-new-singular page-panel-default"><div class="page-panel-default-inner">© 2021 Independent software                       </div></div></div></div></div></div></div></footer><a href="#" class="fn-aside-item"><i class="post-lg-label secondary-layout"></i></a></body></html>