How to solve USB Ripper (Forensic)
How to solve step by step the challenge USB Ripper from the HackTheBox.
We download and unzip the file, what we get is:
> tree
.
├── auth.json
└── syslog0 directories, 2 files
Let’s see the content of the files:
- auth.json
- syslog
So what we understand is that the auth.json file contains a list of USB devices authorized to connect and in the syslog file there is a list of USB devices that have connected.
What I thought at first was to make a match with grep between the different files, basically you have to look for a SerialNumber in syslog that is not in auth.json. But it wasn’t that simple and I found a tool that does it automatically.
We must look for a serial number since the product Id and Manufacturer ID can be repeated.
There is a tool called usbrip. We install it using:
pip3 install…