Destination: Defcon CTF Quals 2012 - Forensics 300
Your tour guide: p4fg [fangAflaggaN]

Intro
=====
Just a few words before going to bed.. 

Files
=====
File: for300-47106ef450c4d70ae95212b93f11d05d

Running strings on the file gives an idea of that this is a firmware-file for some router.

Binwalk will help us with the rest:

# binwalk for300-47106ef450c4d70ae95212b93f11d05d 

DECIMAL   	HEX       	DESCRIPTION
-------------------------------------------------------------------------------------------------------
108       	0x6C      	LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 3008436 bytes
983148    	0xF006C   	PackImg Tag, little endian size: 14690560 bytes; big endian size: 2744320 bytes
983180    	0xF008C   	Squashfs filesystem, little endian, version 4.0, size: 724610815 bytes, 1470 inodes, blocksize: 0 bytes, created: Sat Mar  6 12:29:04 1993

So here we have a lzma-compressed kernel, a separator and then a squashfs-filesystem... fair enough...

Extract squashfs
================
Extract the squashfs-file from the firmware-image:

# dd if=for300-47106ef450c4d70ae95212b93f11d05d of=squashfs.out bs=1 skip=983180

Extract contents
================
Extract the content from the squashfs-file:

# unsquashfs-lzma squashfs.out 
Parallel unsquashfs: Using 1 processor
1376 inodes (1415 blocks) to write

[==========================================================================================================================================================================================================================/] 1415/1415 100%
created 1166 files
created 94 directories
created 144 symlinks
created 66 devices
created 0 fifos

Game over
=========
Look around and find the key...

# cat squashfs-root/home/dlink/key.txt 
ewe know, the sh33p always preferred Linksys