CSAW Quals 2017 : Best Router Write up

Solved by sh!v

The challenge had a tar file of 430 MB and when extracted it gave a whopping 16 GB best_router.img  file. As it was a disk image file I loaded that into the Autopsy tool in Windows. It showed four volumes of the disk image out of which two were unallocated. Of the other two volumes, one was a Windows 95 partition and the other was a Linux partition. I started searching in the Linux partition. The challenge had a link, which lead to a simple login page.


Usually such simple files which are hosted is usually kept in /var/www in the Linux partition. So I continued my search in /var/www of the given Linux partition. There  I found flag.txt, login.plusername.txt and password.txt. The flag.txt was empty. But the code in the login.pl shows that if username and password is entered correctly the flag is being retrieved. The other two files gave the username and password.


Username : admin

Password : iforgotaboutthemathtest

On submitting the above username and password in the site described above, it prints out the flag.

Flag : flag{but_I_f0rgot_my_my_math_test_and_pants}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: