Hack the Box Challenge: Mirai Walkthrough


Hello friends!! Today we are going to solve another CTF challenge “Mirai” which is lab presented by Hack the Box for making online penetration practices according to your experience level. They have collection of vulnerable labs as challenges from beginners to Expert level. HTB have two partitions of lab i.e. Active and retired since we can’t submit write up of any Active lab therefore we have chosen retried Mirai lab.
Level: Intermediate
Task: find user.txt and root.txt file in victim’s machine.

Let’s Breach!!!
Lab IP: 10.10.10.48
Firstly let’s enumerate ports in context to identify running services and open ports of victim’s machine by using the most popular tool Nmap.
nmap  -p-  -A 10.10.10.48 --open
Awesome!! Nmap has done remarkable job by dumping the details of services running on open port 22 53, 80, 1031, 32400, 32469.




Without wasting time I used dirb tool of kali to enumerate the directories and found some important directories such as /admin/
dirb http://10.10.10.48




So next I decided to explore http://10.10.10.48/admin through browser URL. Here we have a Login Page, Lets Go through That.




When I link on login tab I saw following web page. The Pi-hole and the Logo gives us a pretty huge hint that the target machine is a Raspberry Pi, and Raspberry Pi comes with a default ssh





So we tried default ssh credentials on the Raspberry Pi.
User:                     pi
Password:           raspberry
Great!! Our predication works successfully and we got PTs shell of victim’s machine.




Now Let’s Look for the User Flag
cd Desktop
ls
here I found user.txt file and used cat “file name” command for reading this file.
cat user.txt

Great!! We got our 1st flag successfully




And After Browsing we got the flag user.txt on the Location: ~/Desktop/user.txt
by executing sudo -l command it tell us that user pi has full privileged in this machine.
sudo -l




Then I moved for root access using previous same password and again I get root access successfully.
sudo bash
After going through the root directory we get a root.txt  But we get a Hint that our Root Flag is on a USB stick.




Let’s check if it is mounted by following command df
df (abbreviation for disk free) is a standard Unix command used to display the amount of available disk space for file systems on which the invoking user has appropriate read access. As you can see in the below screenshot that we have the USB stick on the Device. (From Wikipedia)
From given below image we can /media/usbstick.
Then execute given below command for further steps
cd media/usbstick
ls-al
Here we found a text file damnit.txt, using cat command we can read this file.
cat damnit.txt
Oops!! James has accidently deleted root.txt file. Now let’s try to find it somewhere with a little hope.




Move back to root directory and type following command which will scan /dev/sdb file system completely and hopefully it can find deleted root.txt file also.




Great!! We got our 2st flag successfully

Enjoy Hacking!!


0 comments:

Post a Comment