Mirai Walkthrough
Welcome all at walkthrough for HackTheBox machine βMiraiβ. Letβs take a look at the machineβs information
Okay itβs easy and based on Linux OS, letβs get startedβ¦
Nmap Scan
In this step, we aim to know all open ports and the services which work on them and other information we will see it now
nmap -A -T4 -O -oG mirai.gnmap 10.10.10.48
We used -oG to generate results in a file with gnmap ext to use it through brute-forcing credentials if thereβs a port that may be brute-forcing like ssh/ftp
We have 3 open ports and 3 services working on them, for now just note them in any text file upon we finish collecting information steps
Website Enumeration
In this step, we will review the source code, check the functions, discover hidden directories, check the response header, and so on.
At first, we will use nikto to check for a bunch of information and from the results, we found thereβs an unfamiliar response header x-pi hole so note it.
Letβs discover the hidden directories, you can use dirsearch/dirbuster/gobuster/ffuf/metasploit modules or any tool which performs the same task
python3 dirsearch -u 10.10.10.48 -e php -t 40
Now we have /admin the directory is available and when you're open it you will find the default admin page for Pi-Hole, but youβre not authenticated, and you need to log in as an admin
The version of Pi-Hole is at the bottom as you can see at the bottom of the page but after searching for exploitation related to this version Iβve faced a problem that I must be authenticated as you can see here
So I tried to search for the default credentials for Pi-Hole, and Iβve found it
If you try to use these credentials to log in to the admin panel you will fail, so Iβve used a new technique to know what are these credentials valid for.
Iβve used a new tool called medusa
Installation:
apt-get install medusa
We will check for ssh credentials
And itβs valid. Let's login to ssh using these credentials
Good, we now have user privileges and get the user flag. Letβs try to get the root role and search for root flag.
Iβve just typed sudo su to be admin, easy right? But unfortunately the root flag isnβt easy :(
Letβs do small google search about usb stick in kali terminal to know where I will search exactly
As you can see Iβve found this resource and the directory which should have the flag, letβs search for it
good we have this file, after opening it cat sdb
We have the flag now :):)
Last updated