Official The Needle Discussion

Official discussion thread for The Needle. Please do not post any spoilers or big hints.

Okay I just had a look for some time, but I really don’t get the challenge. Would somebody please be so kind to nudge me a bit in the right direction. I know how to own boxes on HTB but this challenge…

What do I have:

  • an image for some O*****T device
  • a URL to login to on an HTB box. I can talk telnet to this login, but don’t have credentials.

Got the image, extracted it with b*****k, and unpacked the filesystem.
I had a look at the usual locations for flags (am not expecting these) and bad configurations/passwords.

Since all we got on the flag submission server is just a telnet-like login, I’m really looking for credentials for some account… or maybe something else?

Ah ah just found the flag! Yes… really a needle in a haystack!

@henkhenkzoon, take your time, you’ll find some interesting files…

Hi
I’m running out of ideas here.
Are you guys using Q***U to load/access firmware content?

UPDATE:
Ignore my question about QU.
I found b
***k; nice tool (first time I hear about it). I’ve already mounted the filesystem locally so I can search for the flag… or more clues… or… something…

I found the credentials with bk and a simple search tool. For the login I used the t****t program but other simple network connection tools are also possible. The bk was the only non-standard tool is used.

Type your comment> @xtal said:

I found the credentials with bk and a simple search tool. For the login I used the t****t program but other simple network connection tools are also possible. The bk was the only non-standard tool is used.

After a quite confusing start, I took the same approach.
Used bk then ss (also g*p on the files after mounting the fs) ,
to see if I could find anything interesting. I did find a couple of credentials
but don’t seem to work.

I guess that’s part of the haystack :smile: so I’ll keep looking

pff still stuck on it. i used s*****s one various files and directories to no avail, grepping for keywords like “pass” and “root” .

Frustrating. Any subtle hints available?

Type your comment> @henkhenkzoon said:

Any subtle hints available?
Go back to your first comment: The image file is one part. The other part of the challenge is the login.

Take a deep look in the extracted filesystem. There is a directory where in every linux system configurations are stored. There you’ll find one part. With that filename found you should be able to find the needed username with the most simple (and yet powerfull) text search programm on every *nix.

1 Like

Yup I left the challenge for a while and started working on what you have instead of what you look for. in that case it really is that simple.

Thanks gents!

Type your comment> @xtal said:

I found the credentials with bk and a simple search tool. For the login I used the t****t program but other simple network connection tools are also possible. The bk was the only non-standard tool is used.

Did you gp from the b***k “_xxxx” folder or did you go into the s*h directory to poke around? I’ve been looking at the 2nd directory and just lost. I tried the creds found in the typical nix u/p files on the tt and got nowhere. Would you mind DMing me?

If you have problem with this challenge - check what program do you use to access instance. How is it configured on the IoT device?

Hello everyone. I’m new to HTB so please be patient with my question as it may be obvious to most of you here.

I have done part of the challenge without pointers but got stuck and I found this forum thread.

I have examined the provided files but failed to find where to use the information I now have got at hand. I see some references at a URL but I am seriously confused if this URL is hosted at HTB, if it is related to the instance I can spin up in this challenge (which I’ve tried but the IP seems to be outside of my VPN config).

Do I have to spin up the instance in this challenge or is this a helper machine?
If so, should I access it via my VPN?

Thanks in advance

Going back I tryed again to do what seemed reasonable and worked. For people confused as I was:

  • Yes, you need to spin up the machine instance.
  • No, you don’t need the VPN as the target IP address is not in the range of the VPN, you can access it directly.
  • Be patient and wait for a bit after spinnin up the machine, sometimes it takes a while to start answering your requests.

This challenge was tricky but it was fine! if you need some help pm me.

Can anyone PM me and help nudge me along the right path? I’m able to inspect the firmware’s filesystem and have been poking around pretty deep. I found a couple things that might be useful but have had no luck applying that information yet.

  1. Use the given file, find out how to extract information from it, you will get a haystack which looks familiar
  2. Spawn the instance, wait 2-3 minutes that everything starts on it
    Interact with it, identify the service then search in the haystack that became significantly smaller

Hello, did you manage to do the needle challenge ?

I have extracted the firmware and found creds for rt but the user is not allowed by t*t.
Any clue what i am doing wrong ?

I used simply the t****t program and the creds found in the haystack. At may attempt it works without any tricks.

Not special for this challenge: Like all challenges on the HTB server you got IP address and port number. The port number is not the standard telnet port number.

In a view cases I need to stop and start again the the container on the HTB server. Rarely I can’t connect to the started instance and after a restart all works as expected.