Post

HTB Linux Easy: Mirai

Mirai is an Easy rated Linux machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Linux Easy: Mirai

Nmap

Pasted image 20240715103956.png

Initial Foothold

Enumerate HTTP (port 80)

Dirbusting using Dirsearch. Pasted image 20240715103951.png

Visiting the /admin page we find pi-hole: Pasted image 20240715103947.png

Since there arent any obvious attack vectors I decided to look deeper into the name “Mirai” to find what it meant. Pasted image 20240715103943.png

Maybe default credentials are left open on SSH, since we know the raspberry pi is probably running raspbian we can use those default credentials to attempt to log in: pi:raspberry. Pasted image 20240715103939.png

Since hydra confirms the default credentials we can now SSH into the box. Pasted image 20240715103935.png

Priv Esc

Since we are a part of the sudoers group we already have root permissions, however root.txt doesnt contain a flag. Pasted image 20240715103930.png

Checking what devices are mounted we find a USB mounted to /media/usbstick. Pasted image 20240715103924.png

Enumerating that folders reveals a damnit.txt file. Pasted image 20240715103918.png

Running the strings command on the device “/dev/sdb” reveals the flag.

User.txt

Pasted image 20240715103910.png

Root.txt

Pasted image 20240715103903.png

You have PWNED

Pasted image 20240715103858.png

Sources

CTF, HTB
Linux Easy
This post is licensed under CC BY 4.0 by the author.