Hack The Box Mirai HTB CTF Machine Walkthrough
Today we are going to solve Mirai CTF challenge, which is available on Hack the Box. It is an easy CTF box. At this time, this machine has been retired. You will get to know a lot of knowledge, for example, Directory scanning, sudo rights, strings command, etc.
Table of Content
Scanning
- Port Scanning (Nmap Tool)
Enumeration
- Directory Scanning through Gobuster
Exploitation
- Nothing Exploitation (Default Creds)
- Read (User.txt)
Privilege Escalation
- Sudo Rights (ALL : ALL )
- Read (root.txt)
Scanning
As you know, we do first scan the target network. Nmap may be the best tool for network scanning. To get more information regarding the Nmap command, Following the below link.
nmap -sC -sV -oA nmap/mirai 10.10.10.48
I found port 22 for SSH, port 53 for DNS, 80 for HTTP are opened.
Enumeration
In most penetration testing phases, we need directory scanning. The Kali Linux carries several directory scanning tools for the penetration tester. Gobuster is a popular directory scanning tool, and we will use this tool for directory scanning. Let’s follow the below command.
gobuster dir --url http://10.10.10.48/ -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -t 200 --no-error
We have encountered some exciting directories.
/admin
/versions
According to the above information, let’s open the web page and check the Mirai versions. It may be a vulnerable version and seem to look like Raspberry Pi. After some research on google, we noticed that Mirai is not vulnerable. Let’s explore the admin page.
We will explore its username and password. I think Google can be most suitable for default credentials.
Sometimes, Default usernames and passwords provide login access. We got the default credentials from the official Raspberry Pi website. Let tried default ssh credentials on the Raspberry Pi.
Exploitation
As soon as I logged with the default credentials, Login Successful.
ssh [email protected]
- Username: pi
- Password: raspberry
Congrats! We have gained our first user.txt flag.
Privilege Escalation
Let’s proceed on the privilege escalation stages. I notice something special with sudo rights. It can change root without any password. Follow the below command.
sudo -l
(ALL : ALL) ALL
sudo su
As soon as we executed the above command, and I got a root shell. We noticed the root.txt flag and got a hint that our root flag is on a USB stick.
I guess that the USB stick file may be store in the media folder. Let’s enter the media/usbstick folder, and we found some text files.
cat damnit.txt
Oops!! James has accidentally deleted the root.txt file. “Don’t worry” we will recover the root.txt file. Let’s move back to the root directory and type the following command.
strings /dev/sdb
Congrats! We have gained our second root.txt flag.
Recent Posts
- Protected: How To Mount USB Drive in Ubuntu Linux
- CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability
- SQL INJECTION – Extracting Username and Password From Database
- How To Dump Username And Password Using SQLMap Tool?
- Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
excellent issues altogether, you just received a emblem new reader.
What may you suggest about your put up that you
just made some days in the past? Any positive?
The professional hacker true out the word that I believed in him is only Henryclarkethicalhacker Group Hackers Checked Google and see everybody comments on him he a professional that I believed in him if you have problems on any stuffed like a bank, company, school grades change examinations, database, Social media hacks, Email hacks, Phone hacks, Bitcoin hacks, increased Credit score boost to 800, School result upgrading, cryptocurrency, Binary option funds recovery, Bitcoin Mining, Instagram, WhatsApp, Twitter, Monitor your colleague, access your spouse social media, and a lot more, via, , on whatsapp 18134211326..
Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on, , and you can Text/Call &WhatsApp: +1 (773)-609-2741, or +1201-430-5865, and figure out your relationship status. I wish you the best.
A great hacker is really worthy of good recommendation , Henry
really help to get all the evidence i needed against my husband and
and i was able to confront him with this details from this great hacker
to get an amazing service done with the help ,he is good with what he does and the charges are affordable, I think all I owe him is publicity for a great work done via, , and you can text, call him on whatsapp him on +12014305865, or +17736092741,