Mirai — HTB walkthrough
ENUMERATION
Nmap scan
HTTP ENUMERATION
Visiting website gave us a blank page so I decided to make a gobuster scan
10.10.10.48/admin
Login page
Tried some sql injection — didn’t work
Searched for pi-hole attacks
No one worked, path /scripts/pi-hole/php was not there so all attacks were of no use. Suddenly, a thought struck and I thought of default username passwords to try
I tried login in, using this password , but it didn’t work. Enumerating a more
Let’s try it, default creds of SSH.
EXPLOITATION
Enumerating sudo privileges for user pi
We see we can run any command with sudo priv without passwd on localhost
Great let’s do sudo bash
Trolls by machine maker. He wants you to dig more. The flag says , Flag is in usb stick, and usb can be a mounted media device. So I checked in /mnt and /media directories.
James said he lost it. Then there must be a backup. But no luck, no backup. So did df -lh to see space occupied and left on disk
df command : stands for disk free : df is a standard Unix command used to display the amount of available disk space for file systems on which the invoking user has appropriate read access.
On /dev/ we see we have /sdb.
The disk names in Linux are alphabetical. /dev/sda is the first hard drive (the primary master), /dev/sdb is the second etc. The numbers refer to partitions, so /dev/sda1 is the first partition of the first drive
It has root.txt, so lets filter out strings
ROOTED !!!
