Hello
friends!! Today we are going to solve another CTF challenge “Mirai”
which is lab presented by Hack the Box for making online
penetration practices according to your experience level. They have collection
of vulnerable labs as challenges from beginners to Expert level. HTB have two
partitions of lab i.e. Active and retired since we can’t submit write up of any
Active lab therefore we have chosen retried Mirai lab.
Level: Intermediate
Task: find user.txt and root.txt
file in victim’s machine.
Let’s Breach!!!
Lab
IP: 10.10.10.48
Firstly
let’s enumerate ports in context to identify running services and open ports of
victim’s machine by using the most popular tool Nmap.
nmap
-p- -A 10.10.10.48 --open
Awesome!! Nmap has done remarkable job
by dumping the details of services running on open port 22 53, 80, 1031, 32400,
32469.
Without wasting time I used dirb tool of kali to enumerate
the directories and found some important directories such as /admin/
dirb
http://10.10.10.48
So next I decided to explore http://10.10.10.48/admin through browser URL. Here we have a Login
Page, Lets Go through That.
When I link on login tab I saw following web page. The
Pi-hole and the Logo gives us a pretty huge hint that the target machine is a
Raspberry Pi, and Raspberry Pi comes with a default ssh
So we tried default ssh credentials on the Raspberry Pi.
User: pi
Great!! Our
predication works successfully and we got PTs shell of victim’s machine.
Now Let’s Look for the User Flag
cd Desktop
ls
here I found user.txt
file and used cat “file name” command for reading this file.
cat user.txt
Great!! We got
our 1st flag successfully
And After Browsing we got the flag user.txt on the Location:
~/Desktop/user.txt
by executing sudo -l command it tell us that
user pi has full privileged in this machine.
sudo -l
Then I moved for root access using
previous same password and again I get root access successfully.
sudo bash
After going through the root directory we get a root.txt But we get a Hint that our Root Flag is on a
USB stick.
Let’s check if it is mounted by following command df
df (abbreviation for disk free) is a standard Unix command used to display the amount of available
disk space for file systems on
which the invoking user has appropriate read access. As
you can see in the below screenshot that we have the USB stick on the Device. (From
Wikipedia)
From given below image we can /media/usbstick.
Then execute given below command for further steps
cd media/usbstick
ls-al
Here we found a text file damnit.txt, using cat command we
can read this file.
cat damnit.txt
Oops!! James has
accidently deleted root.txt file. Now let’s try to find it somewhere with a
little hope.
Move back to root directory and type following command which
will scan /dev/sdb file system
completely and hopefully it can find deleted root.txt file also.
Great!! We got
our 2st flag successfully
Enjoy Hacking!!
0 comments:
Post a Comment