Writeup: HackTheBox Mirai- Without Metasploit (OSCP Prep)

Hello Again All!

Here with another write up and this time it will be Mirai from HackTheBox.

Difficulty level: Easy

So lets begin!

Command:

Nmap -sC -sV -T4 -oN nmap.txt 10.10.10.48

-sC = equivalent to --script=default

-sV = Probe open ports to determine service/Versions info

-T4 = Set timing for faster output (0-5)

-oN = Output to save it to a file

Open Ports displayed:

22 OpenSSH

53 DNSmasq

80 Lighthttpd

1185 Platinum

Let's head over to the website to see what is there.

Nothing appears to display when going to the site so let's try the following.

Command:

Right-click on the page.

Still nothing is displaying.

Alright, lets check out the other ports open on the box.

Command:

ssh 10.10.10.48

So no luck with trying to just SSH into the machine. I am going to run a nmap Vuln Scan on the machine to check.

Command:

Nmap --script vuln -oN vuln.txt 10.10.10.48

If you scroll down to the middle of the page there is a reference to something called "Pi-Hole".

I am going to try something else to see if anything comes up.

Command:

curl -vvv 10.10.10.48

Simply curl or command-line tool and library for transferring data with URLs.

So we can now see again there is something with "Pi-Hole" going on here.

Directory Busting is usually helpful when trying to find hidden directories on a site.

Command:

dirb http://10.10.10.48

After a few minuets of this running we come back with a success with /admin/.

Great, lets now head over to the site to see if there is anything there.

So if you never heard of Pi-Hole or Pihole this is a linux network-level advertisement and internet tracker blocking application which acts as a DNS Sinkhole and/or DHCP Server.

After playing around withthe site for a few minuets I head over to the Login landing page.

So I tried doing a few things here, attempted to use Hydra to gain access on the site as well as use hydra for the SSH login but no luck. From here I head over to Google.