Mirai Walkthrough
Welcome all at walkthrough for HackTheBox machine βMiraiβ. Letβs take a look at the machineβs information


Okay itβs easy and based on Linux OS, letβs get startedβ¦
Nmap Scan
In this step, we aim to know all open ports and the services which work on them and other information we will see it now
nmap -A -T4 -O -oG mirai.gnmap 10.10.10.48

We used -oG
to generate results in a file with gnmap
ext to use it through brute-forcing credentials if thereβs a port that may be brute-forcing like ssh/ftp
We have 3 open ports and 3 services working on them, for now just note them in any text file upon we finish collecting information steps
Website Enumeration
In this step, we will review the source code, check the functions, discover hidden directories, check the response header, and so on.
At first, we will use nikto
to check for a bunch of information and from the results, we found thereβs an unfamiliar response header x-pi hole
so note it.

Letβs discover the hidden directories, you can use dirsearch/dirbuster/gobuster/ffuf/metasploit modules
or any tool which performs the same task
python3 dirsearch -u 10.10.10.48 -e php -t 40

Now we have /admin
the directory is available and when you're open it you will find the default admin page for Pi-Hole, but youβre not authenticated, and you need to log in as an admin

The version of Pi-Hole is at the bottom as you can see at the bottom of the page but after searching for exploitation related to this version Iβve faced a problem that I must be authenticated as you can see here

So I tried to search for the default credentials for Pi-Hole, and Iβve found it

If you try to use these credentials to log in to the admin panel you will fail, so Iβve used a new technique to know what are these credentials valid for.
Iβve used a new tool called medusa
Installation:
apt-get install medusa

We will check for ssh credentials

And itβs valid. Let's login to ssh using these credentials

Good, we now have user privileges and get the user flag. Letβs try to get the root
role and search for root flag.
Iβve just typed sudo su
to be admin, easy right? But unfortunately the root flag isnβt easy :(

Letβs do small google search about usb stick in kali terminal
to know where I will search exactly

As you can see Iβve found this resource and the directory which should have the flag, letβs search for it

good we have this file, after opening it cat sdb
We have the flag now :):)

Last updated