In this article, we will be learning how to emulate a firmware for exploiting a web application vulnerability called blind command injection. This is found in the older firmware version of Netgear.
For sake of understanding, this post has been divided into two parts: firmware emulation and command injection exploitation.
Part 1: Firmware emulation
What is emulation? Let’s understand the meaning of emulation in simple words. Suppose you get a firmware file (bin/img) from any source like their official website and you want to run that file, i.e., firmware img/bin file. How can you do so?
There are two ways:
Hardware emulation: In this, you get a hardware device like a router, upload the firmware file onto the router and interact with the firmware via the router interface. The issue with this method is you always need an additional hardware device to run the firmware Software emulation: In this, we use software instead of hardware. Thus, the software mounts the firmware and you interact with the firmware interface. Biggest advantage using this method is you don’t need any separate hardware and you can run as much as firmware you wish to
In this post, we will