file netgear.bin binwalk netgear.bin binwalk -e netgear.bin ---> extract the binary tar xvf 30 --> if file is tar archive hexdump Dlink.bin hexdump -C dlink.bin --> when binary is encrypted binwalk -E dlink.bin strings dlink.bin Regex Code---> \b[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\b Information gathwering using egrep egrep -E -r -o "\b[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\b" encrypted firware hexdump -C giga.bin --> Hardcoded encrypted key extraction (characteristics of XOR-->Whole pattern Consists od dz) hexdump -C giga.bin | grep -i hsqs To extract encryted firmware cat giga.bin | python decryptor.py > decryptedfirmware.bin binwalk -e decryptedfirmware.bin unsquashfs ess_apps.sqsh --> Tp extract unsquashfs file system firmadyne In attify OS Go to firmadyne folder and run the commands from usage section of firmadyne page from github (1-8) in case of not extraction of squashfs using unsquashfs use binwalk firmadyne Database psql -d firmware -U firmadyne -h 127.0.0.1 select * from image; password for firmadyne--- firmadyne \dt select * image \db ssh -i server.pem 192.168.0.100 before using server.pem give permision chmos +x server.pem telnet 192.168.0.100 Ip address related ifconfig | grep -A 1 eth0 ifconig | grep 0 -A 1 eth0 | egrep "([0-9]{1,3}\.){3}[0-9]{1,3}" | cut -d " " -f 10 ifconfig | grep -A 1 wlan0 | grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}" Nmap Command sudo nmap -O -sV 192.168.0.100