MIRAI
- Layout for this exercise:
1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine Mirai, what is a retired machine from the Hack The Box pentesting platform:
https://www.hackthebox.eu/
2 - ENUMERATION
- Mirai's IP is 10.10.10.48:
- Scanning with Nmap:
- Scanning deeper ports 22,53 and 80:
- Dirbusting the web server we find the folder /admin:
- Connecting with the browser:
- Pi-hole is a network-wide ad blocker used by Raspberry Pi to block advertisements on all devices connected to a home network:
https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/
3 - EXPLOITATION
- Default credentials for SSH to Raspberry Pi are pi:raspberry
https://www.raspberrypi.org/documentation/linux/usage/users.md
- In this case there is no need of exploitation because SSH connection with default credentials is successful:
4 - CAPTURING THE 1st FLAG
- Reading user.txt:
5 - PRIVILEGE ESCALATION
- Checking sudoer privileges:
- Starting a bash shell as a root user:
6 - CAPTURING THE 2ns FLAG
- Reading root.txt there is a hint about the original root.txt:
- df displays the amount of available disk space for file systems:
- Going to /media/usbstick there is a text file that probably holds interesting information:
- So it seems that the original root.txt was been accidentally deleted.
- Reading the content of the disk b we find the 2nd flag:
- Also, strings helps to provide the 2nd flag:
