This is my next blog on penetration testing an easy retired machine from Hack The Box called Mirai. This machine runs on Linux Operating System with the IP address 10.10.10.48.
First is the step of reconnaissance that can be done by using nmap scanning which helps us in identifying the open ports that can be made vulnerable and can be exploited for gaining the access to the machine.
We have ports 22, 53, 80, 1009, and 1057 opened.
As port 80 was opened, we tried finding some hints out there.
Unfortunately, we don’t have any clues from the site there. So we now try to gain the access to directories that can be open or hidden.
For this, we use the gobuster tool and hence we find the directories in it.
We have one directory called admin and the swfobect.js file from the gobuster tool.
Upon surfing the admin folder, we find some clues in it.
It is pi-hole site and has got a login page as well.
As port 22 was open which is an ssh port, we try gaining access through that.
The pi hole is an associate of the raspberry pi and our further penetration is based on that.
To get hints on the ssh for the raspberry pi, we gave got that ssh default username and password.
Fortunately, our ssh login worked with the default username “pi” and default password “raspberry”.
Upon checking the file list and then further navigation into the files, we find our first flag file user.txt.
And yes, we have got our first flag.
Now is the process of privilege escalation and upon checking the root file,we further get some hints on that.
As it is told that the file is on the USB stick, we try finding that using the command, “df” (disk free) is a standard Linux command to find the free space on the files.
We find that there is media/usbstick folder under that.
Upon opening the file dev/sdb that we find that there is a root flag hidden out there.
Yes, we have got the root flag as well.
