Wednesday, January 16, 2019

Mirai


MIRAI

- Layout for this exercise:





1 - INTRODUCTION

- The goal of this exercise is to develop a hacking process for the vulnerable machine Mirai, what is a retired machine from the Hack The Box pentesting platform:

https://www.hackthebox.eu/


2 - ENUMERATION

- Mirai's IP is 10.10.10.48:





- Scanning with Nmap:




- Scanning deeper ports 22,53 and 80:



- Dirbusting the web server we find the folder /admin:





- Connecting with the browser:





- Pi-hole is a network-wide ad blocker used by Raspberry Pi to block advertisements on all devices connected to a home network:

https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/


3 - EXPLOITATION

- Default credentials for SSH to Raspberry Pi are pi:raspberry

https://www.raspberrypi.org/documentation/linux/usage/users.md





- In this case there is no need of exploitation because SSH connection with default credentials is successful:








4 - CAPTURING THE 1st FLAG

- Reading user.txt:





5 - PRIVILEGE ESCALATION

Checking sudoer privileges:




- Starting a bash shell as a root user:





6 - CAPTURING THE 2ns FLAG

- Reading root.txt there is a hint about the original root.txt:





- df displays the amount of available disk space for file systems:




- Going to /media/usbstick there is a text file that probably holds interesting information:








- So it seems that the original root.txt was been accidentally deleted.

- Reading the content of the disk b we find the 2nd flag:







- Also, strings helps to provide the 2nd flag: