Mirai — HTB walkthrough

Nmap scan

HTTP ENUMERATION

Visiting website gave us a blank page so I decided to make a gobuster scan

admin and versions directory found

10.10.10.48/admin

Login page

Tried some sql injection — didn’t work

Searched for pi-hole attacks

No one worked, path /scripts/pi-hole/php was not there so all attacks were of no use. Suddenly, a thought struck and I thought of default username passwords to try

I tried login in, using this password , but it didn’t work. Enumerating a more

Let’s try it, default creds of SSH.

Enumerating sudo privileges for user pi

We see we can run any command with sudo priv without passwd on localhost

Great let’s do sudo bash

Trolls by machine maker. He wants you to dig more. The flag says , Flag is in usb stick, and usb can be a mounted media device. So I checked in /mnt and /media directories.

James said he lost it. Then there must be a backup. But no luck, no backup. So did df -lh to see space occupied and left on disk

df command : stands for disk free : df is a standard Unix command used to display the amount of available disk space for file systems on which the invoking user has appropriate read access.

On /dev/ we see we have /sdb.

The disk names in Linux are alphabetical. /dev/sda is the first hard drive (the primary master), /dev/sdb is the second etc. The numbers refer to partitions, so /dev/sda1 is the first partition of the first drive

cat /dev/sdb

It has root.txt, so lets filter out strings

ROOTED !!!

--

--

--

OSCP | CEH | Cyber Security Enthusiast.

Love podcasts or audiobooks? Learn on the go with our new app.

👨‍💻 Authentication And Authorization In .NET Core Web API Using JWT Token And Swagger UI

Hackster’s Handpicked Projects of the Week

Starting out with Python — Step by Step Guide

Creating API for GPT-J

An Iterative Approach to Dieting

images/agile-diet.png

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dhanishtha Awasthi

Dhanishtha Awasthi

OSCP | CEH | Cyber Security Enthusiast.

More from Medium

Features of Remote Desktop Protocol

Features of Remote Desktop Protocol

A Beginners Guide to Physically Unclonable Functions (PUFs)

Blog on Huffman Algo.

ESP32 Web Server with BMP280