Greetings everyone! Sorry for the long delay, but I’m back with a hot new walkthrough of a Hack the Box machine; this one is called Mirai! For those of you not familiar with Mirai, it’s a strain of malware that was responsible for a massive botnet that infected IoT (Internet of Things) devices, which in turn resulted in massive DDoS attacks. Knowing this information, we may be dealing with an IoT device on this box! Let’s get started!
Mirai is located at 10.10.10.48, so let’s get the ball rolling with an nmap scan:
Alright so the first thing that jumps out is that port 80 is open, so let’s start enumerating it to see if we can pull some more information. We can use Nikto for this:
Look at this! Right away we get a directory returned to us, called /admin/. Surely this must be good! Let’s browse to it:
Interesting! It’s….Pi-hole? Honestly I’ve never heard of it before, and I should have researched it before diving into trying to breach this site, as I spent many minutes trying to access the login page. I tried basic credential guessing, and your typical default credential logins, but nothing worked. I finally started researching Pi-hole, and was eventually pointed towards Raspberry Pi. Hmm. The default credentials for Raspberry Pi (username = pi, password = raspberry) didn’t work on the login page here, but remember our original nmap scan? It showed that SSH was enabled! Maybe we can try SSH-ing in with those Raspberry Pi credentials!
Aww yiss we are in with a low-priv shell! Let’s grab the user flag!
Easy as *puts on sunglasses*…pi.
Now let’s escalate our privileges to root so we can grab the root flag!
We’ll start with a simple sudo -l command:
This looks very promising! We should be able to su (switch user) and have root access!
Easier than Josh Allen throwing an 80 TD to Robert Foster!
Time to grab the root flag!
Wait, what?
So apparently we have to search a mysterious USB stick for the root flag. Alright, no big deal! We can use the “df” command, which will return disk space available on mounted file systems.
There’s the USB stick! Please excuse the very non-straight underlining action I did. Must be all the preworkout in my system.
Anyways, let’s browse to the USB stick and get the flag.
Ughh. Looks like we still have some work to do!
I spent the next fair bit of time Googling ways to recover/show deleted files on a Linux system, but many sites pointed me to downloading 3rd party software. I finally stumbled on a way to use the grep command to solve our issue!
Now we should have the results outputted to a file called root.txt. Time to open it up and read its contents:
Success! Root flag found, which was verified when I uploaded it to hackthebox.eu.
This was a fun and easy box to get back into the swing of things! Oh and don’t worry, I’ll try not to have that much of a gap in between posts going forward.
Thanks for reading!