How to solve USB Ripper (Forensic)

Philippe Delteil
Hacking/Security
Published in
2 min readJan 14, 2023

--

How to solve step by step the challenge USB Ripper from the HackTheBox.

We download and unzip the file, what we get is:

> tree 
.
├── auth.json
└── syslog
0 directories, 2 files

Let’s see the content of the files:

  • auth.json
List of authorized manufacturers.
  • syslog
Content of the syslog file.

So what we understand is that the auth.json file contains a list of USB devices authorized to connect and in the syslog file there is a list of USB devices that have connected.

What I thought at first was to make a match with grep between the different files, basically you have to look for a SerialNumber in syslog that is not in auth.json. But it wasn’t that simple and I found a tool that does it automatically.

We must look for a serial number since the product Id and Manufacturer ID can be repeated.

There is a tool called usbrip. We install it using:

pip3 install

--

--