Mirai Walkthrough

Welcome all at walkthrough for HackTheBox machine “Mirai”. Let’s take a look at the machine’s information

Okay it’s easy and based on Linux OS, let’s get started…

Nmap Scan

In this step, we aim to know all open ports and the services which work on them and other information we will see it now

nmap -A -T4 -O -oG mirai.gnmap 10.10.10.48

We used -oG to generate results in a file with gnmap ext to use it through brute-forcing credentials if there’s a port that may be brute-forcing like ssh/ftp

We have 3 open ports and 3 services working on them, for now just note them in any text file upon we finish collecting information steps

Website Enumeration

In this step, we will review the source code, check the functions, discover hidden directories, check the response header, and so on.

At first, we will use nikto to check for a bunch of information and from the results, we found there’s an unfamiliar response header x-pi hole so note it.

Let’s discover the hidden directories, you can use dirsearch/dirbuster/gobuster/ffuf/metasploit modules or any tool which performs the same task

python3 dirsearch -u 10.10.10.48 -e php -t 40

Now we have /admin the directory is available and when you're open it you will find the default admin page for Pi-Hole, but you’re not authenticated, and you need to log in as an admin

The version of Pi-Hole is at the bottom as you can see at the bottom of the page but after searching for exploitation related to this version I’ve faced a problem that I must be authenticated as you can see here

So I tried to search for the default credentials for Pi-Hole, and I’ve found it

If you try to use these credentials to log in to the admin panel you will fail, so I’ve used a new technique to know what are these credentials valid for.

I’ve used a new tool called medusa

Installation: apt-get install medusa

We will check for ssh credentials

And it’s valid. Let's login to ssh using these credentials

Good, we now have user privileges and get the user flag. Let’s try to get the root role and search for root flag.

I’ve just typed sudo su to be admin, easy right? But unfortunately the root flag isn’t easy :(

Let’s do small google search about usb stick in kali terminal to know where I will search exactly

As you can see I’ve found this resource and the directory which should have the flag, let’s search for it

good we have this file, after opening it cat sdb

We have the flag now :):)

PreviousLegacy Walkthrough NextValentine Walkthrough

Last updated 2 years ago